--- /dev/null
+---
+# Source: calico/templates/calico-kube-controllers.yaml
+# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: calico-kube-controllers
+ namespace: kube-system
+ labels:
+ k8s-app: calico-kube-controllers
+spec:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ k8s-app: calico-kube-controllers
+---
+# Source: calico/templates/calico-kube-controllers.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: calico-kube-controllers
+ namespace: kube-system
+---
+# Source: calico/templates/calico-node.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: calico-node
+ namespace: kube-system
+---
+# Source: calico/templates/calico-node.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: calico-cni-plugin
+ namespace: kube-system
+---
+# Source: calico/templates/calico-config.yaml
+# This ConfigMap is used to configure a self-hosted Calico installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: calico-config
+ namespace: kube-system
+data:
+ # Typha is disabled.
+ typha_service_name: "none"
+ # Configure the backend to use.
+ calico_backend: "bird"
+
+ # Configure the MTU to use for workload interfaces and tunnels.
+ # By default, MTU is auto-detected, and explicitly setting this field should not be required.
+ # You can override auto-detection by providing a non-zero value.
+ veth_mtu: "0"
+
+ # The CNI network configuration to install on each node. The special
+ # values in this config will be automatically populated.
+ cni_network_config: |-
+ {
+ "name": "k8s-pod-network",
+ "cniVersion": "0.3.1",
+ "plugins": [
+ {
+ "type": "calico",
+ "log_level": "info",
+ "log_file_path": "/var/log/calico/cni/cni.log",
+ "datastore_type": "kubernetes",
+ "nodename": "__KUBERNETES_NODE_NAME__",
+ "mtu": __CNI_MTU__,
+ "ipam": {
+ "type": "calico-ipam"
+ },
+ "policy": {
+ "type": "k8s"
+ },
+ "kubernetes": {
+ "kubeconfig": "__KUBECONFIG_FILEPATH__"
+ }
+ },
+ {
+ "type": "portmap",
+ "snat": true,
+ "capabilities": {"portMappings": true}
+ },
+ {
+ "type": "bandwidth",
+ "capabilities": {"bandwidth": true}
+ }
+ ]
+ }
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bgpconfigurations.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: BGPConfiguration
+ listKind: BGPConfigurationList
+ plural: bgpconfigurations
+ singular: bgpconfiguration
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: BGPConfiguration contains the configuration for any BGP routing.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPConfigurationSpec contains the values of the BGP configuration.
+ properties:
+ asNumber:
+ description: 'ASNumber is the default AS number used by a node. [Default:
+ 64512]'
+ format: int32
+ type: integer
+ bindMode:
+ description: BindMode indicates whether to listen for BGP connections
+ on all addresses (None) or only on the node's canonical IP address
+ Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
+ for BGP connections on all addresses.
+ type: string
+ communities:
+ description: Communities is a list of BGP community values and their
+ arbitrary names for tagging routes.
+ items:
+ description: Community contains standard or large community value
+ and its name.
+ properties:
+ name:
+ description: Name given to community value.
+ type: string
+ value:
+ description: Value must be of format `aa:nn` or `aa:nn:mm`.
+ For standard community use `aa:nn` format, where `aa` and
+ `nn` are 16 bit number. For large community use `aa:nn:mm`
+ format, where `aa`, `nn` and `mm` are 32 bit number. Where,
+ `aa` is an AS Number, `nn` and `mm` are per-AS identifier.
+ pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
+ type: string
+ type: object
+ type: array
+ ignoredInterfaces:
+ description: IgnoredInterfaces indicates the network interfaces that
+ needs to be excluded when reading device routes.
+ items:
+ type: string
+ type: array
+ listenPort:
+ description: ListenPort is the port where BGP protocol should listen.
+ Defaults to 179
+ maximum: 65535
+ minimum: 1
+ type: integer
+ logSeverityScreen:
+ description: 'LogSeverityScreen is the log severity above which logs
+ are sent to the stdout. [Default: INFO]'
+ type: string
+ nodeMeshMaxRestartTime:
+ description: Time to allow for software restart for node-to-mesh peerings. When
+ specified, this is configured as the graceful restart timeout. When
+ not specified, the BIRD default of 120s is used. This field can
+ only be set on the default BGPConfiguration instance and requires
+ that NodeMesh is enabled
+ type: string
+ nodeMeshPassword:
+ description: Optional BGP password for full node-to-mesh peerings.
+ This field can only be set on the default BGPConfiguration instance
+ and requires that NodeMesh is enabled
+ properties:
+ secretKeyRef:
+ description: Selects a key of a secret in the node pod's namespace.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ nodeToNodeMeshEnabled:
+ description: 'NodeToNodeMeshEnabled sets whether full node to node
+ BGP mesh is enabled. [Default: true]'
+ type: boolean
+ prefixAdvertisements:
+ description: PrefixAdvertisements contains per-prefix advertisement
+ configuration.
+ items:
+ description: PrefixAdvertisement configures advertisement properties
+ for the specified CIDR.
+ properties:
+ cidr:
+ description: CIDR for which properties should be advertised.
+ type: string
+ communities:
+ description: Communities can be list of either community names
+ already defined in `Specs.Communities` or community value
+ of format `aa:nn` or `aa:nn:mm`. For standard community use
+ `aa:nn` format, where `aa` and `nn` are 16 bit number. For
+ large community use `aa:nn:mm` format, where `aa`, `nn` and
+ `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
+ `mm` are per-AS identifier.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ serviceClusterIPs:
+ description: ServiceClusterIPs are the CIDR blocks from which service
+ cluster IPs are allocated. If specified, Calico will advertise these
+ blocks, as well as any cluster IPs within them.
+ items:
+ description: ServiceClusterIPBlock represents a single allowed ClusterIP
+ CIDR block.
+ properties:
+ cidr:
+ type: string
+ type: object
+ type: array
+ serviceExternalIPs:
+ description: ServiceExternalIPs are the CIDR blocks for Kubernetes
+ Service External IPs. Kubernetes Service ExternalIPs will only be
+ advertised if they are within one of these blocks.
+ items:
+ description: ServiceExternalIPBlock represents a single allowed
+ External IP CIDR block.
+ properties:
+ cidr:
+ type: string
+ type: object
+ type: array
+ serviceLoadBalancerIPs:
+ description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes
+ Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress
+ IPs will only be advertised if they are within one of these blocks.
+ items:
+ description: ServiceLoadBalancerIPBlock represents a single allowed
+ LoadBalancer IP CIDR block.
+ properties:
+ cidr:
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: (devel)
+ creationTimestamp: null
+ name: bgpfilters.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: BGPFilter
+ listKind: BGPFilterList
+ plural: bgpfilters
+ singular: bgpfilter
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
+ the BGP Filter.
+ properties:
+ exportV4:
+ description: The ordered set of IPv4 BGPFilter rules acting on exporting
+ routes to a peer.
+ items:
+ description: BGPFilterRuleV4 defines a BGP filter rule consisting
+ a single IPv4 CIDR block and a filter action for this CIDR.
+ properties:
+ action:
+ type: string
+ cidr:
+ type: string
+ interface:
+ type: string
+ matchOperator:
+ type: string
+ source:
+ type: string
+ required:
+ - action
+ type: object
+ type: array
+ exportV6:
+ description: The ordered set of IPv6 BGPFilter rules acting on exporting
+ routes to a peer.
+ items:
+ description: BGPFilterRuleV6 defines a BGP filter rule consisting
+ a single IPv6 CIDR block and a filter action for this CIDR.
+ properties:
+ action:
+ type: string
+ cidr:
+ type: string
+ interface:
+ type: string
+ matchOperator:
+ type: string
+ source:
+ type: string
+ required:
+ - action
+ type: object
+ type: array
+ importV4:
+ description: The ordered set of IPv4 BGPFilter rules acting on importing
+ routes from a peer.
+ items:
+ description: BGPFilterRuleV4 defines a BGP filter rule consisting
+ a single IPv4 CIDR block and a filter action for this CIDR.
+ properties:
+ action:
+ type: string
+ cidr:
+ type: string
+ interface:
+ type: string
+ matchOperator:
+ type: string
+ source:
+ type: string
+ required:
+ - action
+ type: object
+ type: array
+ importV6:
+ description: The ordered set of IPv6 BGPFilter rules acting on importing
+ routes from a peer.
+ items:
+ description: BGPFilterRuleV6 defines a BGP filter rule consisting
+ a single IPv6 CIDR block and a filter action for this CIDR.
+ properties:
+ action:
+ type: string
+ cidr:
+ type: string
+ interface:
+ type: string
+ matchOperator:
+ type: string
+ source:
+ type: string
+ required:
+ - action
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bgppeers.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: BGPPeer
+ listKind: BGPPeerList
+ plural: bgppeers
+ singular: bgppeer
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPPeerSpec contains the specification for a BGPPeer resource.
+ properties:
+ asNumber:
+ description: The AS Number of the peer.
+ format: int32
+ type: integer
+ filters:
+ description: The ordered set of BGPFilters applied on this BGP peer.
+ items:
+ type: string
+ type: array
+ keepOriginalNextHop:
+ description: Option to keep the original nexthop field when routes
+ are sent to a BGP Peer. Setting "true" configures the selected BGP
+ Peers node to use the "next hop keep;" instead of "next hop self;"(default)
+ in the specific branch of the Node on "bird.cfg".
+ type: boolean
+ maxRestartTime:
+ description: Time to allow for software restart. When specified,
+ this is configured as the graceful restart timeout. When not specified,
+ the BIRD default of 120s is used.
+ type: string
+ node:
+ description: The node name identifying the Calico node instance that
+ is targeted by this peer. If this is not set, and no nodeSelector
+ is specified, then this BGP peer selects all nodes in the cluster.
+ type: string
+ nodeSelector:
+ description: Selector for the nodes that should have this peering. When
+ this is set, the Node field must be empty.
+ type: string
+ numAllowedLocalASNumbers:
+ description: Maximum number of local AS numbers that are allowed in
+ the AS path for received routes. This removes BGP loop prevention
+ and should only be used if absolutely necessary.
+ format: int32
+ type: integer
+ password:
+ description: Optional BGP password for the peerings generated by this
+ BGPPeer resource.
+ properties:
+ secretKeyRef:
+ description: Selects a key of a secret in the node pod's namespace.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be
+ a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ peerIP:
+ description: The IP address of the peer followed by an optional port
+ number to peer with. If port number is given, format should be `[<IPv6>]:port`
+ or `<IPv4>:<port>` for IPv4. If optional port number is not set,
+ and this peer IP and ASNumber belongs to a calico/node with ListenPort
+ set in BGPConfiguration, then we use that port to peer.
+ type: string
+ peerSelector:
+ description: Selector for the remote nodes to peer with. When this
+ is set, the PeerIP and ASNumber fields must be empty. For each
+ peering between the local node and selected remote nodes, we configure
+ an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
+ and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The
+ remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
+ or the global default if that is not set.
+ type: string
+ reachableBy:
+ description: Add an exact, i.e. /32, static route toward peer IP in
+ order to prevent route flapping. ReachableBy contains the address
+ of the gateway which peer can be reached by.
+ type: string
+ sourceAddress:
+ description: Specifies whether and how to configure a source address
+ for the peerings generated by this BGPPeer resource. Default value
+ "UseNodeIP" means to configure the node IP as the source address. "None"
+ means not to configure a source address.
+ type: string
+ ttlSecurity:
+ description: TTLSecurity enables the generalized TTL security mechanism
+ (GTSM) which protects against spoofed packets by ignoring received
+ packets with a smaller than expected TTL value. The provided value
+ is the number of hops (edges) between the peers.
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: blockaffinities.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: BlockAffinity
+ listKind: BlockAffinityList
+ plural: blockaffinities
+ singular: blockaffinity
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BlockAffinitySpec contains the specification for a BlockAffinity
+ resource.
+ properties:
+ cidr:
+ type: string
+ deleted:
+ description: Deleted indicates that this block affinity is being deleted.
+ This field is a string for compatibility with older releases that
+ mistakenly treat this field as a string.
+ type: string
+ node:
+ type: string
+ state:
+ type: string
+ required:
+ - cidr
+ - deleted
+ - node
+ - state
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: (devel)
+ creationTimestamp: null
+ name: caliconodestatuses.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: CalicoNodeStatus
+ listKind: CalicoNodeStatusList
+ plural: caliconodestatuses
+ singular: caliconodestatus
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
+ resource.
+ properties:
+ classes:
+ description: Classes declares the types of information to monitor
+ for this calico/node, and allows for selective status reporting
+ about certain subsets of information.
+ items:
+ type: string
+ type: array
+ node:
+ description: The node name identifies the Calico node instance for
+ node status.
+ type: string
+ updatePeriodSeconds:
+ description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
+ should be updated. Set to 0 to disable CalicoNodeStatus refresh.
+ Maximum update period is one day.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
+ No validation needed for status since it is updated by Calico.
+ properties:
+ agent:
+ description: Agent holds agent status on the node.
+ properties:
+ birdV4:
+ description: BIRDV4 represents the latest observed status of bird4.
+ properties:
+ lastBootTime:
+ description: LastBootTime holds the value of lastBootTime
+ from bird.ctl output.
+ type: string
+ lastReconfigurationTime:
+ description: LastReconfigurationTime holds the value of lastReconfigTime
+ from bird.ctl output.
+ type: string
+ routerID:
+ description: Router ID used by bird.
+ type: string
+ state:
+ description: The state of the BGP Daemon.
+ type: string
+ version:
+ description: Version of the BGP daemon
+ type: string
+ type: object
+ birdV6:
+ description: BIRDV6 represents the latest observed status of bird6.
+ properties:
+ lastBootTime:
+ description: LastBootTime holds the value of lastBootTime
+ from bird.ctl output.
+ type: string
+ lastReconfigurationTime:
+ description: LastReconfigurationTime holds the value of lastReconfigTime
+ from bird.ctl output.
+ type: string
+ routerID:
+ description: Router ID used by bird.
+ type: string
+ state:
+ description: The state of the BGP Daemon.
+ type: string
+ version:
+ description: Version of the BGP daemon
+ type: string
+ type: object
+ type: object
+ bgp:
+ description: BGP holds node BGP status.
+ properties:
+ numberEstablishedV4:
+ description: The total number of IPv4 established bgp sessions.
+ type: integer
+ numberEstablishedV6:
+ description: The total number of IPv6 established bgp sessions.
+ type: integer
+ numberNotEstablishedV4:
+ description: The total number of IPv4 non-established bgp sessions.
+ type: integer
+ numberNotEstablishedV6:
+ description: The total number of IPv6 non-established bgp sessions.
+ type: integer
+ peersV4:
+ description: PeersV4 represents IPv4 BGP peers status on the node.
+ items:
+ description: CalicoNodePeer contains the status of BGP peers
+ on the node.
+ properties:
+ peerIP:
+ description: IP address of the peer whose condition we are
+ reporting.
+ type: string
+ since:
+ description: Since the state or reason last changed.
+ type: string
+ state:
+ description: State is the BGP session state.
+ type: string
+ type:
+ description: Type indicates whether this peer is configured
+ via the node-to-node mesh, or via en explicit global or
+ per-node BGPPeer object.
+ type: string
+ type: object
+ type: array
+ peersV6:
+ description: PeersV6 represents IPv6 BGP peers status on the node.
+ items:
+ description: CalicoNodePeer contains the status of BGP peers
+ on the node.
+ properties:
+ peerIP:
+ description: IP address of the peer whose condition we are
+ reporting.
+ type: string
+ since:
+ description: Since the state or reason last changed.
+ type: string
+ state:
+ description: State is the BGP session state.
+ type: string
+ type:
+ description: Type indicates whether this peer is configured
+ via the node-to-node mesh, or via en explicit global or
+ per-node BGPPeer object.
+ type: string
+ type: object
+ type: array
+ required:
+ - numberEstablishedV4
+ - numberEstablishedV6
+ - numberNotEstablishedV4
+ - numberNotEstablishedV6
+ type: object
+ lastUpdated:
+ description: LastUpdated is a timestamp representing the server time
+ when CalicoNodeStatus object last updated. It is represented in
+ RFC3339 form and is in UTC.
+ format: date-time
+ nullable: true
+ type: string
+ routes:
+ description: Routes reports routes known to the Calico BGP daemon
+ on the node.
+ properties:
+ routesV4:
+ description: RoutesV4 represents IPv4 routes on the node.
+ items:
+ description: CalicoNodeRoute contains the status of BGP routes
+ on the node.
+ properties:
+ destination:
+ description: Destination of the route.
+ type: string
+ gateway:
+ description: Gateway for the destination.
+ type: string
+ interface:
+ description: Interface for the destination
+ type: string
+ learnedFrom:
+ description: LearnedFrom contains information regarding
+ where this route originated.
+ properties:
+ peerIP:
+ description: If sourceType is NodeMesh or BGPPeer, IP
+ address of the router that sent us this route.
+ type: string
+ sourceType:
+ description: Type of the source where a route is learned
+ from.
+ type: string
+ type: object
+ type:
+ description: Type indicates if the route is being used for
+ forwarding or not.
+ type: string
+ type: object
+ type: array
+ routesV6:
+ description: RoutesV6 represents IPv6 routes on the node.
+ items:
+ description: CalicoNodeRoute contains the status of BGP routes
+ on the node.
+ properties:
+ destination:
+ description: Destination of the route.
+ type: string
+ gateway:
+ description: Gateway for the destination.
+ type: string
+ interface:
+ description: Interface for the destination
+ type: string
+ learnedFrom:
+ description: LearnedFrom contains information regarding
+ where this route originated.
+ properties:
+ peerIP:
+ description: If sourceType is NodeMesh or BGPPeer, IP
+ address of the router that sent us this route.
+ type: string
+ sourceType:
+ description: Type of the source where a route is learned
+ from.
+ type: string
+ type: object
+ type:
+ description: Type indicates if the route is being used for
+ forwarding or not.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterinformations.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: ClusterInformation
+ listKind: ClusterInformationList
+ plural: clusterinformations
+ singular: clusterinformation
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: ClusterInformation contains the cluster specific information.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterInformationSpec contains the values of describing
+ the cluster.
+ properties:
+ calicoVersion:
+ description: CalicoVersion is the version of Calico that the cluster
+ is running
+ type: string
+ clusterGUID:
+ description: ClusterGUID is the GUID of the cluster
+ type: string
+ clusterType:
+ description: ClusterType describes the type of the cluster
+ type: string
+ datastoreReady:
+ description: DatastoreReady is used during significant datastore migrations
+ to signal to components such as Felix that it should wait before
+ accessing the datastore.
+ type: boolean
+ variant:
+ description: Variant declares which variant of Calico should be active.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: felixconfigurations.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: FelixConfiguration
+ listKind: FelixConfigurationList
+ plural: felixconfigurations
+ singular: felixconfiguration
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: Felix Configuration contains the configuration for Felix.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: FelixConfigurationSpec contains the values of the Felix configuration.
+ properties:
+ allowIPIPPacketsFromWorkloads:
+ description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
+ will add a rule to drop IPIP encapsulated traffic from workloads
+ [Default: false]'
+ type: boolean
+ allowVXLANPacketsFromWorkloads:
+ description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
+ will add a rule to drop VXLAN encapsulated traffic from workloads
+ [Default: false]'
+ type: boolean
+ awsSrcDstCheck:
+ description: 'Set source-destination-check on AWS EC2 instances. Accepted
+ value must be one of "DoNothing", "Enable" or "Disable". [Default:
+ DoNothing]'
+ enum:
+ - DoNothing
+ - Enable
+ - Disable
+ type: string
+ bpfCTLBLogFilter:
+ description: 'BPFCTLBLogFilter specifies, what is logged by connect
+ time load balancer when BPFLogLevel is debug. Currently has to be
+ specified as ''all'' when BPFLogFilters is set to see CTLB logs.
+ [Default: unset - means logs are emitted when BPFLogLevel id debug
+ and BPFLogFilters not set.]'
+ type: string
+ bpfConnectTimeLoadBalancing:
+ description: 'BPFConnectTimeLoadBalancing when in BPF mode, controls
+ whether Felix installs the connect-time load balancer. The connect-time
+ load balancer is required for the host to be able to reach Kubernetes
+ services and it improves the performance of pod-to-service connections.When
+ set to TCP, connect time load balancing is available only for services
+ with TCP ports. [Default: TCP]'
+ enum:
+ - TCP
+ - Enabled
+ - Disabled
+ type: string
+ bpfConnectTimeLoadBalancingEnabled:
+ description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode,
+ controls whether Felix installs the connection-time load balancer. The
+ connect-time load balancer is required for the host to be able to
+ reach Kubernetes services and it improves the performance of pod-to-service
+ connections. The only reason to disable it is for debugging purposes.
+ This will be deprecated. Use BPFConnectTimeLoadBalancing [Default:
+ true]'
+ type: boolean
+ bpfDSROptoutCIDRs:
+ description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded
+ from DSR. That is, clients in those CIDRs will accesses nodeports
+ as if BPFExternalServiceMode was set to Tunnel.
+ items:
+ type: string
+ type: array
+ bpfDataIfacePattern:
+ description: BPFDataIfacePattern is a regular expression that controls
+ which interfaces Felix should attach BPF programs to in order to
+ catch traffic to/from the network. This needs to match the interfaces
+ that Calico workload traffic flows over as well as any interfaces
+ that handle incoming traffic to nodeports and services from outside
+ the cluster. It should not match the workload interfaces (usually
+ named cali...).
+ type: string
+ bpfDisableGROForIfaces:
+ description: BPFDisableGROForIfaces is a regular expression that controls
+ which interfaces Felix should disable the Generic Receive Offload
+ [GRO] option. It should not match the workload interfaces (usually
+ named cali...).
+ type: string
+ bpfDisableUnprivileged:
+ description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled
+ sysctl to disable unprivileged use of BPF. This ensures that unprivileged
+ users cannot access Calico''s BPF maps and cannot insert their own
+ BPF programs to interfere with Calico''s. [Default: true]'
+ type: boolean
+ bpfEnabled:
+ description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
+ [Default: false]'
+ type: boolean
+ bpfEnforceRPF:
+ description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
+ with BPF programs regardless of what is the per-interfaces or global
+ setting. Possible values are Disabled, Strict or Loose. [Default:
+ Loose]'
+ pattern: ^(?i)(Disabled|Strict|Loose)?$
+ type: string
+ bpfExcludeCIDRsFromNAT:
+ description: BPFExcludeCIDRsFromNAT is a list of CIDRs that are to
+ be excluded from NAT resolution so that host can handle them. A
+ typical usecase is node local DNS cache.
+ items:
+ type: string
+ type: array
+ bpfExtToServiceConnmark:
+ description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
+ mark that is set on connections from an external client to a local
+ service. This mark allows us to control how packets of that connection
+ are routed within the host and how is routing interpreted by RPF
+ check. [Default: 0]'
+ type: integer
+ bpfExternalServiceMode:
+ description: 'BPFExternalServiceMode in BPF mode, controls how connections
+ from outside the cluster to services (node ports and cluster IPs)
+ are forwarded to remote workloads. If set to "Tunnel" then both
+ request and response traffic is tunneled to the remote node. If
+ set to "DSR", the request traffic is tunneled but the response traffic
+ is sent directly from the remote node. In "DSR" mode, the remote
+ node appears to use the IP of the ingress node; this requires a
+ permissive L2 network. [Default: Tunnel]'
+ pattern: ^(?i)(Tunnel|DSR)?$
+ type: string
+ bpfForceTrackPacketsFromIfaces:
+ description: 'BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic
+ from these interfaces to skip Calico''s iptables NOTRACK rule, allowing
+ traffic from those interfaces to be tracked by Linux conntrack. Should
+ only be used for interfaces that are not used for the Calico fabric. For
+ example, a docker bridge device for non-Calico-networked containers.
+ [Default: docker+]'
+ items:
+ type: string
+ type: array
+ bpfHostConntrackBypass:
+ description: 'BPFHostConntrackBypass Controls whether to bypass Linux
+ conntrack in BPF mode for workloads and services. [Default: true
+ - bypass Linux conntrack]'
+ type: boolean
+ bpfHostNetworkedNATWithoutCTLB:
+ description: 'BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls
+ whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing
+ determines the CTLB behavior. [Default: Enabled]'
+ enum:
+ - Enabled
+ - Disabled
+ type: string
+ bpfKubeProxyEndpointSlicesEnabled:
+ description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has
+ no effect. BPF kube-proxy always accepts endpoint slices. This option
+ will be removed in the next release.
+ type: boolean
+ bpfKubeProxyIptablesCleanupEnabled:
+ description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF
+ mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s
+ iptables chains. Should only be enabled if kube-proxy is not running. [Default:
+ true]'
+ type: boolean
+ bpfKubeProxyMinSyncPeriod:
+ description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the
+ minimum time between updates to the dataplane for Felix''s embedded
+ kube-proxy. Lower values give reduced set-up latency. Higher values
+ reduce Felix CPU usage by batching up more work. [Default: 1s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ bpfL3IfacePattern:
+ description: BPFL3IfacePattern is a regular expression that allows
+ to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
+ in addition to BPFDataIfacePattern. That is, tunnel interfaces not
+ created by Calico, that Calico workload traffic flows over as well
+ as any interfaces that handle incoming traffic to nodeports and
+ services from outside the cluster.
+ type: string
+ bpfLogFilters:
+ additionalProperties:
+ type: string
+ description: "BPFLogFilters is a map of key=values where the value
+ is a pcap filter expression and the key is an interface name with
+ 'all' denoting all interfaces, 'weps' all workload endpoints and
+ 'heps' all host endpoints. \n When specified as an env var, it accepts
+ a comma-separated list of key=values. [Default: unset - means all
+ debug logs are emitted]"
+ type: object
+ bpfLogLevel:
+ description: 'BPFLogLevel controls the log level of the BPF programs
+ when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
+ logs are emitted to the BPF trace pipe, accessible with the command
+ `tc exec bpf debug`. [Default: Off].'
+ pattern: ^(?i)(Off|Info|Debug)?$
+ type: string
+ bpfMapSizeConntrack:
+ description: 'BPFMapSizeConntrack sets the size for the conntrack
+ map. This map must be large enough to hold an entry for each active
+ connection. Warning: changing the size of the conntrack map can
+ cause disruption.'
+ type: integer
+ bpfMapSizeIPSets:
+ description: BPFMapSizeIPSets sets the size for ipsets map. The IP
+ sets map must be large enough to hold an entry for each endpoint
+ matched by every selector in the source/destination matches in network
+ policy. Selectors such as "all()" can result in large numbers of
+ entries (one entry per endpoint in that case).
+ type: integer
+ bpfMapSizeIfState:
+ description: BPFMapSizeIfState sets the size for ifstate map. The
+ ifstate map must be large enough to hold an entry for each device
+ (host + workloads) on a host.
+ type: integer
+ bpfMapSizeNATAffinity:
+ type: integer
+ bpfMapSizeNATBackend:
+ description: BPFMapSizeNATBackend sets the size for nat back end map.
+ This is the total number of endpoints. This is mostly more than
+ the size of the number of services.
+ type: integer
+ bpfMapSizeNATFrontend:
+ description: BPFMapSizeNATFrontend sets the size for nat front end
+ map. FrontendMap should be large enough to hold an entry for each
+ nodeport, external IP and each port in each service.
+ type: integer
+ bpfMapSizeRoute:
+ description: BPFMapSizeRoute sets the size for the routes map. The
+ routes map should be large enough to hold one entry per workload
+ and a handful of entries per host (enough to cover its own IPs and
+ tunnel IPs).
+ type: integer
+ bpfPSNATPorts:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'BPFPSNATPorts sets the range from which we randomly
+ pick a port if there is a source port collision. This should be
+ within the ephemeral range as defined by RFC 6056 (1024–65535) and
+ preferably outside the ephemeral ranges used by common operating
+ systems. Linux uses 32768–60999, while others mostly use the IANA
+ defined range 49152–65535. It is not necessarily a problem if this
+ range overlaps with the operating systems. Both ends of the range
+ are inclusive. [Default: 20000:29999]'
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ bpfPolicyDebugEnabled:
+ description: BPFPolicyDebugEnabled when true, Felix records detailed
+ information about the BPF policy programs, which can be examined
+ with the calico-bpf command-line tool.
+ type: boolean
+ chainInsertMode:
+ description: 'ChainInsertMode controls whether Felix hooks the kernel''s
+ top-level iptables chains by inserting a rule at the top of the
+ chain or by appending a rule at the bottom. insert is the safe default
+ since it prevents Calico''s rules from being bypassed. If you switch
+ to append mode, be sure that the other rules in the chains signal
+ acceptance by falling through to the Calico rules, otherwise the
+ Calico policy will be bypassed. [Default: insert]'
+ pattern: ^(?i)(insert|append)?$
+ type: string
+ dataplaneDriver:
+ description: DataplaneDriver filename of the external dataplane driver
+ to use. Only used if UseInternalDataplaneDriver is set to false.
+ type: string
+ dataplaneWatchdogTimeout:
+ description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
+ used for Felix's (internal) dataplane driver. Increase this value
+ if you experience spurious non-ready or non-live events when Felix
+ is under heavy load. Decrease the value to get felix to report non-live
+ or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
+ by the generic HealthTimeoutOverrides."
+ type: string
+ debugDisableLogDropping:
+ type: boolean
+ debugHost:
+ description: DebugHost is the host IP or hostname to bind the debug
+ port to. Only used if DebugPort is set. [Default:localhost]
+ type: string
+ debugMemoryProfilePath:
+ type: string
+ debugPort:
+ description: DebugPort if set, enables Felix's debug HTTP port, which
+ allows memory and CPU profiles to be retrieved. The debug port
+ is not secure, it should not be exposed to the internet.
+ type: integer
+ debugSimulateCalcGraphHangAfter:
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ debugSimulateDataplaneApplyDelay:
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ debugSimulateDataplaneHangAfter:
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ defaultEndpointToHostAction:
+ description: 'DefaultEndpointToHostAction controls what happens to
+ traffic that goes from a workload endpoint to the host itself (after
+ the traffic hits the endpoint egress policy). By default Calico
+ blocks traffic from workload endpoints to the host itself with an
+ iptables "DROP" action. If you want to allow some or all traffic
+ from endpoint to host, set this parameter to RETURN or ACCEPT. Use
+ RETURN if you have your own rules in the iptables "INPUT" chain;
+ Calico will insert its rules at the top of that chain, then "RETURN"
+ packets to the "INPUT" chain once it has completed processing workload
+ endpoint egress policy. Use ACCEPT to unconditionally accept packets
+ from workloads after processing workload endpoint egress policy.
+ [Default: Drop]'
+ pattern: ^(?i)(Drop|Accept|Return)?$
+ type: string
+ deviceRouteProtocol:
+ description: This defines the route protocol added to programmed device
+ routes, by default this will be RTPROT_BOOT when left blank.
+ type: integer
+ deviceRouteSourceAddress:
+ description: This is the IPv4 source address to use on programmed
+ device routes. By default the source address is left blank, leaving
+ the kernel to choose the source address used.
+ type: string
+ deviceRouteSourceAddressIPv6:
+ description: This is the IPv6 source address to use on programmed
+ device routes. By default the source address is left blank, leaving
+ the kernel to choose the source address used.
+ type: string
+ disableConntrackInvalidCheck:
+ type: boolean
+ endpointReportingDelay:
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ endpointReportingEnabled:
+ type: boolean
+ endpointStatusPathPrefix:
+ description: "EndpointStatusPathPrefix is the path to the directory
+ where endpoint status will be written. Endpoint status file reporting
+ is disabled if field is left empty. \n Chosen directory should match
+ the directory used by the CNI for PodStartupDelay. [Default: \"\"]"
+ type: string
+ externalNodesList:
+ description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
+ which may source tunnel traffic and have the tunneled traffic be
+ accepted at calico nodes.
+ items:
+ type: string
+ type: array
+ failsafeInboundHostPorts:
+ description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports
+ and CIDRs that Felix will allow incoming traffic to host endpoints
+ on irrespective of the security policy. This is useful to avoid
+ accidentally cutting off a host with incorrect configuration. For
+ back-compatibility, if the protocol is not specified, it defaults
+ to "tcp". If a CIDR is not specified, it will allow traffic from
+ all addresses. To disable all inbound host ports, use the value
+ none. The default value allows ssh access and DHCP. [Default: tcp:22,
+ udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
+ items:
+ description: ProtoPort is combination of protocol, port, and CIDR.
+ Protocol and port must be specified.
+ properties:
+ net:
+ type: string
+ port:
+ type: integer
+ protocol:
+ type: string
+ required:
+ - port
+ - protocol
+ type: object
+ type: array
+ failsafeOutboundHostPorts:
+ description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports
+ and CIDRs that Felix will allow outgoing traffic from host endpoints
+ to irrespective of the security policy. This is useful to avoid
+ accidentally cutting off a host with incorrect configuration. For
+ back-compatibility, if the protocol is not specified, it defaults
+ to "tcp". If a CIDR is not specified, it will allow traffic from
+ all addresses. To disable all outbound host ports, use the value
+ none. The default value opens etcd''s standard ports to ensure that
+ Felix does not get cut off from etcd as well as allowing DHCP and
+ DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666,
+ tcp:6667, udp:53, udp:67]'
+ items:
+ description: ProtoPort is combination of protocol, port, and CIDR.
+ Protocol and port must be specified.
+ properties:
+ net:
+ type: string
+ port:
+ type: integer
+ protocol:
+ type: string
+ required:
+ - port
+ - protocol
+ type: object
+ type: array
+ featureDetectOverride:
+ description: FeatureDetectOverride is used to override feature detection
+ based on auto-detected platform capabilities. Values are specified
+ in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
+ or "false" will force the feature, empty or omitted values are auto-detected.
+ pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$
+ type: string
+ featureGates:
+ description: FeatureGates is used to enable or disable tech-preview
+ Calico features. Values are specified in a comma separated list
+ with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
+ This is used to enable features that are not fully production ready.
+ pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$
+ type: string
+ floatingIPs:
+ description: FloatingIPs configures whether or not Felix will program
+ non-OpenStack floating IP addresses. (OpenStack-derived floating
+ IPs are always programmed, regardless of this setting.)
+ enum:
+ - Enabled
+ - Disabled
+ type: string
+ genericXDPEnabled:
+ description: 'GenericXDPEnabled enables Generic XDP so network cards
+ that don''t support XDP offload or driver modes can use XDP. This
+ is not recommended since it doesn''t provide better performance
+ than iptables. [Default: false]'
+ type: boolean
+ healthEnabled:
+ type: boolean
+ healthHost:
+ type: string
+ healthPort:
+ type: integer
+ healthTimeoutOverrides:
+ description: HealthTimeoutOverrides allows the internal watchdog timeouts
+ of individual subcomponents to be overridden. This is useful for
+ working around "false positive" liveness timeouts that can occur
+ in particularly stressful workloads or if CPU is constrained. For
+ a list of active subcomponents, see Felix's logs.
+ items:
+ properties:
+ name:
+ type: string
+ timeout:
+ type: string
+ required:
+ - name
+ - timeout
+ type: object
+ type: array
+ interfaceExclude:
+ description: 'InterfaceExclude is a comma-separated list of interfaces
+ that Felix should exclude when monitoring for host endpoints. The
+ default value ensures that Felix ignores Kubernetes'' IPVS dummy
+ interface, which is used internally by kube-proxy. If you want to
+ exclude multiple interface names using a single value, the list
+ supports regular expressions. For regular expressions you must wrap
+ the value with ''/''. For example having values ''/^kube/,veth1''
+ will exclude all interfaces that begin with ''kube'' and also the
+ interface ''veth1''. [Default: kube-ipvs0]'
+ type: string
+ interfacePrefix:
+ description: 'InterfacePrefix is the interface name prefix that identifies
+ workload endpoints and so distinguishes them from host endpoint
+ interfaces. Note: in environments other than bare metal, the orchestrators
+ configure this appropriately. For example our Kubernetes and Docker
+ integrations set the ''cali'' value, and our OpenStack integration
+ sets the ''tap'' value. [Default: cali]'
+ type: string
+ interfaceRefreshInterval:
+ description: InterfaceRefreshInterval is the period at which Felix
+ rescans local interfaces to verify their state. The rescan can be
+ disabled by setting the interval to 0.
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ ipipEnabled:
+ description: 'IPIPEnabled overrides whether Felix should configure
+ an IPIP interface on the host. Optional as Felix determines this
+ based on the existing IP pools. [Default: nil (unset)]'
+ type: boolean
+ ipipMTU:
+ description: 'IPIPMTU is the MTU to set on the tunnel device. See
+ Configuring MTU [Default: 1440]'
+ type: integer
+ ipsetsRefreshInterval:
+ description: 'IpsetsRefreshInterval is the period at which Felix re-checks
+ all iptables state to ensure that no other process has accidentally
+ broken Calico''s rules. Set to 0 to disable iptables refresh. [Default:
+ 90s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ iptablesBackend:
+ description: IptablesBackend specifies which backend of iptables will
+ be used. The default is Auto.
+ pattern: ^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$
+ type: string
+ iptablesFilterAllowAction:
+ pattern: ^(?i)(Accept|Return)?$
+ type: string
+ iptablesFilterDenyAction:
+ description: IptablesFilterDenyAction controls what happens to traffic
+ that is denied by network policy. By default Calico blocks traffic
+ with an iptables "DROP" action. If you want to use "REJECT" action
+ instead you can configure it in here.
+ pattern: ^(?i)(Drop|Reject)?$
+ type: string
+ iptablesLockFilePath:
+ description: 'IptablesLockFilePath is the location of the iptables
+ lock file. You may need to change this if the lock file is not in
+ its standard location (for example if you have mapped it into Felix''s
+ container at a different path). [Default: /run/xtables.lock]'
+ type: string
+ iptablesLockProbeInterval:
+ description: 'IptablesLockProbeInterval is the time that Felix will
+ wait between attempts to acquire the iptables lock if it is not
+ available. Lower values make Felix more responsive when the lock
+ is contended, but use more CPU. [Default: 50ms]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ iptablesLockTimeout:
+ description: 'IptablesLockTimeout is the time that Felix will wait
+ for the iptables lock, or 0, to disable. To use this feature, Felix
+ must share the iptables lock file with all other processes that
+ also take the lock. When running Felix inside a container, this
+ requires the /run directory of the host to be mounted into the calico/node
+ or calico/felix container. [Default: 0s disabled]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ iptablesMangleAllowAction:
+ pattern: ^(?i)(Accept|Return)?$
+ type: string
+ iptablesMarkMask:
+ description: 'IptablesMarkMask is the mask that Felix selects its
+ IPTables Mark bits from. Should be a 32 bit hexadecimal number with
+ at least 8 bits set, none of which clash with any other mark bits
+ in use on the system. [Default: 0xff000000]'
+ format: int32
+ type: integer
+ iptablesNATOutgoingInterfaceFilter:
+ type: string
+ iptablesPostWriteCheckInterval:
+ description: 'IptablesPostWriteCheckInterval is the period after Felix
+ has done a write to the dataplane that it schedules an extra read
+ back in order to check the write was not clobbered by another process.
+ This should only occur if another application on the system doesn''t
+ respect the iptables lock. [Default: 1s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ iptablesRefreshInterval:
+ description: 'IptablesRefreshInterval is the period at which Felix
+ re-checks the IP sets in the dataplane to ensure that no other process
+ has accidentally broken Calico''s rules. Set to 0 to disable IP
+ sets refresh. Note: the default for this value is lower than the
+ other refresh intervals as a workaround for a Linux kernel bug that
+ was fixed in kernel version 4.11. If you are using v4.11 or greater
+ you may want to set this to, a higher value to reduce Felix CPU
+ usage. [Default: 10s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ ipv6Support:
+ description: IPv6Support controls whether Felix enables support for
+ IPv6 (if supported by the in-use dataplane).
+ type: boolean
+ kubeNodePortRanges:
+ description: 'KubeNodePortRanges holds list of port ranges used for
+ service node ports. Only used if felix detects kube-proxy running
+ in ipvs mode. Felix uses these ranges to separate host and workload
+ traffic. [Default: 30000:32767].'
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ logDebugFilenameRegex:
+ description: LogDebugFilenameRegex controls which source code files
+ have their Debug log output included in the logs. Only logs from
+ files with names that match the given regular expression are included. The
+ filter only applies to Debug level logs.
+ type: string
+ logFilePath:
+ description: 'LogFilePath is the full path to the Felix log. Set to
+ none to disable file logging. [Default: /var/log/calico/felix.log]'
+ type: string
+ logPrefix:
+ description: 'LogPrefix is the log prefix that Felix uses when rendering
+ LOG rules. [Default: calico-packet]'
+ type: string
+ logSeverityFile:
+ description: 'LogSeverityFile is the log severity above which logs
+ are sent to the log file. [Default: Info]'
+ pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+ type: string
+ logSeverityScreen:
+ description: 'LogSeverityScreen is the log severity above which logs
+ are sent to the stdout. [Default: Info]'
+ pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+ type: string
+ logSeveritySys:
+ description: 'LogSeveritySys is the log severity above which logs
+ are sent to the syslog. Set to None for no logging to syslog. [Default:
+ Info]'
+ pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$
+ type: string
+ maxIpsetSize:
+ type: integer
+ metadataAddr:
+ description: 'MetadataAddr is the IP address or domain name of the
+ server that can answer VM queries for cloud-init metadata. In OpenStack,
+ this corresponds to the machine running nova-api (or in Ubuntu,
+ nova-api-metadata). A value of none (case-insensitive) means that
+ Felix should not set up any NAT rule for the metadata path. [Default:
+ 127.0.0.1]'
+ type: string
+ metadataPort:
+ description: 'MetadataPort is the port of the metadata server. This,
+ combined with global.MetadataAddr (if not ''None''), is used to
+ set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
+ In most cases this should not need to be changed [Default: 8775].'
+ type: integer
+ mtuIfacePattern:
+ description: MTUIfacePattern is a regular expression that controls
+ which interfaces Felix should scan in order to calculate the host's
+ MTU. This should not match workload interfaces (usually named cali...).
+ type: string
+ natOutgoingAddress:
+ description: NATOutgoingAddress specifies an address to use when performing
+ source NAT for traffic in a natOutgoing pool that is leaving the
+ network. By default the address used is an address on the interface
+ the traffic is leaving on (ie it uses the iptables MASQUERADE target)
+ type: string
+ natPortRange:
+ anyOf:
+ - type: integer
+ - type: string
+ description: NATPortRange specifies the range of ports that is used
+ for port mapping when doing outgoing NAT. When unset the default
+ behavior of the network stack is used.
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ netlinkTimeout:
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ openstackRegion:
+ description: 'OpenstackRegion is the name of the region that a particular
+ Felix belongs to. In a multi-region Calico/OpenStack deployment,
+ this must be configured somehow for each Felix (here in the datamodel,
+ or in felix.cfg or the environment on each compute node), and must
+ match the [calico] openstack_region value configured in neutron.conf
+ on each node. [Default: Empty]'
+ type: string
+ policySyncPathPrefix:
+ description: 'PolicySyncPathPrefix is used to by Felix to communicate
+ policy changes to external services, like Application layer policy.
+ [Default: Empty]'
+ type: string
+ prometheusGoMetricsEnabled:
+ description: 'PrometheusGoMetricsEnabled disables Go runtime metrics
+ collection, which the Prometheus client does by default, when set
+ to false. This reduces the number of metrics reported, reducing
+ Prometheus load. [Default: true]'
+ type: boolean
+ prometheusMetricsEnabled:
+ description: 'PrometheusMetricsEnabled enables the Prometheus metrics
+ server in Felix if set to true. [Default: false]'
+ type: boolean
+ prometheusMetricsHost:
+ description: 'PrometheusMetricsHost is the host that the Prometheus
+ metrics server should bind to. [Default: empty]'
+ type: string
+ prometheusMetricsPort:
+ description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+ metrics server should bind to. [Default: 9091]'
+ type: integer
+ prometheusProcessMetricsEnabled:
+ description: 'PrometheusProcessMetricsEnabled disables process metrics
+ collection, which the Prometheus client does by default, when set
+ to false. This reduces the number of metrics reported, reducing
+ Prometheus load. [Default: true]'
+ type: boolean
+ prometheusWireGuardMetricsEnabled:
+ description: 'PrometheusWireGuardMetricsEnabled disables wireguard
+ metrics collection, which the Prometheus client does by default,
+ when set to false. This reduces the number of metrics reported,
+ reducing Prometheus load. [Default: true]'
+ type: boolean
+ removeExternalRoutes:
+ description: Whether or not to remove device routes that have not
+ been programmed by Felix. Disabling this will allow external applications
+ to also add device routes. This is enabled by default which means
+ we will remove externally added routes.
+ type: boolean
+ reportingInterval:
+ description: 'ReportingInterval is the interval at which Felix reports
+ its status into the datastore or 0 to disable. Must be non-zero
+ in OpenStack deployments. [Default: 30s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ reportingTTL:
+ description: 'ReportingTTL is the time-to-live setting for process-wide
+ status reports. [Default: 90s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ routeRefreshInterval:
+ description: 'RouteRefreshInterval is the period at which Felix re-checks
+ the routes in the dataplane to ensure that no other process has
+ accidentally broken Calico''s rules. Set to 0 to disable route refresh.
+ [Default: 90s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ routeSource:
+ description: 'RouteSource configures where Felix gets its routing
+ information. - WorkloadIPs: use workload endpoints to construct
+ routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
+ pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$
+ type: string
+ routeSyncDisabled:
+ description: RouteSyncDisabled will disable all operations performed
+ on the route table. Set to true to run in network-policy mode only.
+ type: boolean
+ routeTableRange:
+ description: Deprecated in favor of RouteTableRanges. Calico programs
+ additional Linux route tables for various purposes. RouteTableRange
+ specifies the indices of the route tables that Calico should use.
+ properties:
+ max:
+ type: integer
+ min:
+ type: integer
+ required:
+ - max
+ - min
+ type: object
+ routeTableRanges:
+ description: Calico programs additional Linux route tables for various
+ purposes. RouteTableRanges specifies a set of table index ranges
+ that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
+ items:
+ properties:
+ max:
+ type: integer
+ min:
+ type: integer
+ required:
+ - max
+ - min
+ type: object
+ type: array
+ serviceLoopPrevention:
+ description: 'When service IP advertisement is enabled, prevent routing
+ loops to service IPs that are not in use, by dropping or rejecting
+ packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled",
+ in which case such routing loops continue to be allowed. [Default:
+ Drop]'
+ pattern: ^(?i)(Drop|Reject|Disabled)?$
+ type: string
+ sidecarAccelerationEnabled:
+ description: 'SidecarAccelerationEnabled enables experimental sidecar
+ acceleration [Default: false]'
+ type: boolean
+ usageReportingEnabled:
+ description: 'UsageReportingEnabled reports anonymous Calico version
+ number and cluster size to projectcalico.org. Logs warnings returned
+ by the usage server. For example, if a significant security vulnerability
+ has been discovered in the version of Calico being used. [Default:
+ true]'
+ type: boolean
+ usageReportingInitialDelay:
+ description: 'UsageReportingInitialDelay controls the minimum delay
+ before Felix makes a report. [Default: 300s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ usageReportingInterval:
+ description: 'UsageReportingInterval controls the interval at which
+ Felix makes reports. [Default: 86400s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ useInternalDataplaneDriver:
+ description: UseInternalDataplaneDriver, if true, Felix will use its
+ internal dataplane programming logic. If false, it will launch
+ an external dataplane driver and communicate with it over protobuf.
+ type: boolean
+ vxlanEnabled:
+ description: 'VXLANEnabled overrides whether Felix should create the
+ VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
+ determines this based on the existing IP pools. [Default: nil (unset)]'
+ type: boolean
+ vxlanMTU:
+ description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
+ device. See Configuring MTU [Default: 1410]'
+ type: integer
+ vxlanMTUV6:
+ description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
+ device. See Configuring MTU [Default: 1390]'
+ type: integer
+ vxlanPort:
+ type: integer
+ vxlanVNI:
+ type: integer
+ windowsManageFirewallRules:
+ description: 'WindowsManageFirewallRules configures whether or not
+ Felix will program Windows Firewall rules. (to allow inbound access
+ to its own metrics ports) [Default: Disabled]'
+ enum:
+ - Enabled
+ - Disabled
+ type: string
+ wireguardEnabled:
+ description: 'WireguardEnabled controls whether Wireguard is enabled
+ for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
+ [Default: false]'
+ type: boolean
+ wireguardEnabledV6:
+ description: 'WireguardEnabledV6 controls whether Wireguard is enabled
+ for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
+ [Default: false]'
+ type: boolean
+ wireguardHostEncryptionEnabled:
+ description: 'WireguardHostEncryptionEnabled controls whether Wireguard
+ host-to-host encryption is enabled. [Default: false]'
+ type: boolean
+ wireguardInterfaceName:
+ description: 'WireguardInterfaceName specifies the name to use for
+ the IPv4 Wireguard interface. [Default: wireguard.cali]'
+ type: string
+ wireguardInterfaceNameV6:
+ description: 'WireguardInterfaceNameV6 specifies the name to use for
+ the IPv6 Wireguard interface. [Default: wg-v6.cali]'
+ type: string
+ wireguardKeepAlive:
+ description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
+ option. Set 0 to disable. [Default: 0]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ wireguardListeningPort:
+ description: 'WireguardListeningPort controls the listening port used
+ by IPv4 Wireguard. [Default: 51820]'
+ type: integer
+ wireguardListeningPortV6:
+ description: 'WireguardListeningPortV6 controls the listening port
+ used by IPv6 Wireguard. [Default: 51821]'
+ type: integer
+ wireguardMTU:
+ description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
+ interface. See Configuring MTU [Default: 1440]'
+ type: integer
+ wireguardMTUV6:
+ description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
+ interface. See Configuring MTU [Default: 1420]'
+ type: integer
+ wireguardRoutingRulePriority:
+ description: 'WireguardRoutingRulePriority controls the priority value
+ to use for the Wireguard routing rule. [Default: 99]'
+ type: integer
+ wireguardThreadingEnabled:
+ description: 'WireguardThreadingEnabled controls whether Wireguard
+ has NAPI threading enabled. [Default: false]'
+ type: boolean
+ workloadSourceSpoofing:
+ description: WorkloadSourceSpoofing controls whether pods can use
+ the allowedSourcePrefixes annotation to send traffic with a source
+ IP address that is not theirs. This is disabled by default. When
+ set to "Any", pods can request any prefix.
+ pattern: ^(?i)(Disabled|Any)?$
+ type: string
+ xdpEnabled:
+ description: 'XDPEnabled enables XDP acceleration for suitable untracked
+ incoming deny rules. [Default: true]'
+ type: boolean
+ xdpRefreshInterval:
+ description: 'XDPRefreshInterval is the period at which Felix re-checks
+ all XDP state to ensure that no other process has accidentally broken
+ Calico''s BPF maps or attached programs. Set to 0 to disable XDP
+ refresh. [Default: 90s]'
+ pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: globalnetworkpolicies.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: GlobalNetworkPolicy
+ listKind: GlobalNetworkPolicyList
+ plural: globalnetworkpolicies
+ singular: globalnetworkpolicy
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ applyOnForward:
+ description: ApplyOnForward indicates to apply the rules in this policy
+ on forward traffic.
+ type: boolean
+ doNotTrack:
+ description: DoNotTrack indicates whether packets matched by the rules
+ in this policy should go through the data plane's connection tracking,
+ such as Linux conntrack. If True, the rules in this policy are
+ applied before any data plane connection tracking, and packets allowed
+ by this policy are marked as not to be tracked.
+ type: boolean
+ egress:
+ description: The ordered set of egress rules. Each rule contains
+ a set of packet match criteria and a corresponding action to apply.
+ items:
+ description: "A Rule encapsulates a set of match criteria and an
+ action. Both selector-based security Policy and security Profiles
+ reference rules - separated out as a list of rules for both ingress
+ and egress packet matching. \n Each positive match criteria has
+ a negated version, prefixed with \"Not\". All the match criteria
+ within a rule must be satisfied for a packet to match. A single
+ rule can contain the positive and negative version of a match
+ and both must be satisfied for the rule to match."
+ properties:
+ action:
+ type: string
+ destination:
+ description: Destination contains the match criteria that apply
+ to destination entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ http:
+ description: HTTP contains match criteria that apply to HTTP
+ requests.
+ properties:
+ methods:
+ description: Methods is an optional field that restricts
+ the rule to apply only to HTTP requests that use one of
+ the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+ methods are OR'd together.
+ items:
+ type: string
+ type: array
+ paths:
+ description: 'Paths is an optional field that restricts
+ the rule to apply to HTTP requests that use one of the
+ listed HTTP Paths. Multiple paths are OR''d together.
+ e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+ ONLY specify either a `exact` or a `prefix` match. The
+ validator will check for it.'
+ items:
+ description: 'HTTPPath specifies an HTTP path to match.
+ It may be either of the form: exact: <path>: which matches
+ the path exactly or prefix: <path-prefix>: which matches
+ the path prefix'
+ properties:
+ exact:
+ type: string
+ prefix:
+ type: string
+ type: object
+ type: array
+ type: object
+ icmp:
+ description: ICMP is an optional field that restricts the rule
+ to apply to a specific type and code of ICMP traffic. This
+ should only be specified if the Protocol field is set to "ICMP"
+ or "ICMPv6".
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ ipVersion:
+ description: IPVersion is an optional field that restricts the
+ rule to only match a specific IP version.
+ type: integer
+ metadata:
+ description: Metadata contains additional information for this
+ rule
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations is a set of key value pairs that
+ give extra information about the rule
+ type: object
+ type: object
+ notICMP:
+ description: NotICMP is the negated version of the ICMP field.
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ notProtocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: NotProtocol is the negated version of the Protocol
+ field.
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ protocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: "Protocol is an optional field that restricts the
+ rule to only apply to traffic of a specific IP protocol. Required
+ if any of the EntityRules contain Ports (because ports only
+ apply to certain protocols). \n Must be one of these string
+ values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+ \"UDPLite\" or an integer in the range 1-255."
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ source:
+ description: Source contains the match criteria that apply to
+ source entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ ingress:
+ description: The ordered set of ingress rules. Each rule contains
+ a set of packet match criteria and a corresponding action to apply.
+ items:
+ description: "A Rule encapsulates a set of match criteria and an
+ action. Both selector-based security Policy and security Profiles
+ reference rules - separated out as a list of rules for both ingress
+ and egress packet matching. \n Each positive match criteria has
+ a negated version, prefixed with \"Not\". All the match criteria
+ within a rule must be satisfied for a packet to match. A single
+ rule can contain the positive and negative version of a match
+ and both must be satisfied for the rule to match."
+ properties:
+ action:
+ type: string
+ destination:
+ description: Destination contains the match criteria that apply
+ to destination entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ http:
+ description: HTTP contains match criteria that apply to HTTP
+ requests.
+ properties:
+ methods:
+ description: Methods is an optional field that restricts
+ the rule to apply only to HTTP requests that use one of
+ the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+ methods are OR'd together.
+ items:
+ type: string
+ type: array
+ paths:
+ description: 'Paths is an optional field that restricts
+ the rule to apply to HTTP requests that use one of the
+ listed HTTP Paths. Multiple paths are OR''d together.
+ e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+ ONLY specify either a `exact` or a `prefix` match. The
+ validator will check for it.'
+ items:
+ description: 'HTTPPath specifies an HTTP path to match.
+ It may be either of the form: exact: <path>: which matches
+ the path exactly or prefix: <path-prefix>: which matches
+ the path prefix'
+ properties:
+ exact:
+ type: string
+ prefix:
+ type: string
+ type: object
+ type: array
+ type: object
+ icmp:
+ description: ICMP is an optional field that restricts the rule
+ to apply to a specific type and code of ICMP traffic. This
+ should only be specified if the Protocol field is set to "ICMP"
+ or "ICMPv6".
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ ipVersion:
+ description: IPVersion is an optional field that restricts the
+ rule to only match a specific IP version.
+ type: integer
+ metadata:
+ description: Metadata contains additional information for this
+ rule
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations is a set of key value pairs that
+ give extra information about the rule
+ type: object
+ type: object
+ notICMP:
+ description: NotICMP is the negated version of the ICMP field.
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ notProtocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: NotProtocol is the negated version of the Protocol
+ field.
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ protocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: "Protocol is an optional field that restricts the
+ rule to only apply to traffic of a specific IP protocol. Required
+ if any of the EntityRules contain Ports (because ports only
+ apply to certain protocols). \n Must be one of these string
+ values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+ \"UDPLite\" or an integer in the range 1-255."
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ source:
+ description: Source contains the match criteria that apply to
+ source entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ namespaceSelector:
+ description: NamespaceSelector is an optional field for an expression
+ used to select a pod based on namespaces.
+ type: string
+ order:
+ description: Order is an optional field that specifies the order in
+ which the policy is applied. Policies with higher "order" are applied
+ after those with lower order. If the order is omitted, it may be
+ considered to be "infinite" - i.e. the policy will be applied last. Policies
+ with identical order will be applied in alphanumerical order based
+ on the Policy "Name".
+ type: number
+ performanceHints:
+ description: "PerformanceHints contains a list of hints to Calico's
+ policy engine to help process the policy more efficiently. Hints
+ never change the enforcement behaviour of the policy. \n Currently,
+ the only available hint is \"AssumeNeededOnEveryNode\". When that
+ hint is set on a policy, Felix will act as if the policy matches
+ a local endpoint even if it does not. This is useful for \"preloading\"
+ any large static policies that are known to be used on every node.
+ If the policy is _not_ used on a particular node then the work done
+ to preload the policy (and to maintain it) is wasted."
+ items:
+ type: string
+ type: array
+ preDNAT:
+ description: PreDNAT indicates to apply the rules in this policy before
+ any DNAT.
+ type: boolean
+ selector:
+ description: "The selector is an expression used to pick out the endpoints
+ that the policy should be applied to. \n Selector expressions follow
+ this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
+ my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
+ equal; also matches if label is not present \tlabel in { \"a\",
+ \"b\", \"c\", ... } -> true if the value of label X is one of
+ \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
+ \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
+ \thas(label_name) -> True if that label is present \t! expr ->
+ negation of expr \texpr && expr -> Short-circuit and \texpr ||
+ expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
+ or the empty selector -> matches all endpoints. \n Label names are
+ allowed to contain alphanumerics, -, _ and /. String literals are
+ more permissive but they do not support escape characters. \n Examples
+ (with made-up labels): \n \ttype == \"webserver\" && deployment
+ == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
+ \"dev\" \t! has(label_name)"
+ type: string
+ serviceAccountSelector:
+ description: ServiceAccountSelector is an optional field for an expression
+ used to select a pod based on service accounts.
+ type: string
+ types:
+ description: "Types indicates whether this policy applies to ingress,
+ or to egress, or to both. When not explicitly specified (and so
+ the value on creation is empty or nil), Calico defaults Types according
+ to what Ingress and Egress rules are present in the policy. The
+ default is: \n - [ PolicyTypeIngress ], if there are no Egress rules
+ (including the case where there are also no Ingress rules) \n
+ - [ PolicyTypeEgress ], if there are Egress rules but no Ingress
+ rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are
+ both Ingress and Egress rules. \n When the policy is read back again,
+ Types will always be one of these values, never empty or nil."
+ items:
+ description: PolicyType enumerates the possible values of the PolicySpec
+ Types field.
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: globalnetworksets.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: GlobalNetworkSet
+ listKind: GlobalNetworkSetList
+ plural: globalnetworksets
+ singular: globalnetworkset
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs
+ that share labels to allow rules to refer to them via selectors. The labels
+ of GlobalNetworkSet are not namespaced.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: GlobalNetworkSetSpec contains the specification for a NetworkSet
+ resource.
+ properties:
+ nets:
+ description: The list of IP networks that belong to this set.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: hostendpoints.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: HostEndpoint
+ listKind: HostEndpointList
+ plural: hostendpoints
+ singular: hostendpoint
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HostEndpointSpec contains the specification for a HostEndpoint
+ resource.
+ properties:
+ expectedIPs:
+ description: "The expected IP addresses (IPv4 and IPv6) of the endpoint.
+ If \"InterfaceName\" is not present, Calico will look for an interface
+ matching any of the IPs in the list and apply policy to that. Note:
+ \tWhen using the selector match criteria in an ingress or egress
+ security Policy \tor Profile, Calico converts the selector into
+ a set of IP addresses. For host \tendpoints, the ExpectedIPs field
+ is used for that purpose. (If only the interface \tname is specified,
+ Calico does not learn the IPs of the interface for use in match
+ \tcriteria.)"
+ items:
+ type: string
+ type: array
+ interfaceName:
+ description: "Either \"*\", or the name of a specific Linux interface
+ to apply policy to; or empty. \"*\" indicates that this HostEndpoint
+ governs all traffic to, from or through the default network namespace
+ of the host named by the \"Node\" field; entering and leaving that
+ namespace via any interface, including those from/to non-host-networked
+ local workloads. \n If InterfaceName is not \"*\", this HostEndpoint
+ only governs traffic that enters or leaves the host through the
+ specific interface named by InterfaceName, or - when InterfaceName
+ is empty - through the specific interface that has one of the IPs
+ in ExpectedIPs. Therefore, when InterfaceName is empty, at least
+ one expected IP must be specified. Only external interfaces (such
+ as \"eth0\") are supported here; it isn't possible for a HostEndpoint
+ to protect traffic through a specific local workload interface.
+ \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints;
+ initially just pre-DNAT policy. Please check Calico documentation
+ for the latest position."
+ type: string
+ node:
+ description: The node name identifying the Calico node instance.
+ type: string
+ ports:
+ description: Ports contains the endpoint's named ports, which may
+ be referenced in security policy rules.
+ items:
+ properties:
+ name:
+ type: string
+ port:
+ type: integer
+ protocol:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ - port
+ - protocol
+ type: object
+ type: array
+ profiles:
+ description: A list of identifiers of security Profile objects that
+ apply to this endpoint. Each profile is applied in the order that
+ they appear in this list. Profile rules are applied after the selector-based
+ security policy.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ipamblocks.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: IPAMBlock
+ listKind: IPAMBlockList
+ plural: ipamblocks
+ singular: ipamblock
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAMBlockSpec contains the specification for an IPAMBlock
+ resource.
+ properties:
+ affinity:
+ description: Affinity of the block, if this block has one. If set,
+ it will be of the form "host:<hostname>". If not set, this block
+ is not affine to a host.
+ type: string
+ allocations:
+ description: Array of allocations in-use within this block. nil entries
+ mean the allocation is free. For non-nil entries at index i, the
+ index is the ordinal of the allocation within this block and the
+ value is the index of the associated attributes in the Attributes
+ array.
+ items:
+ type: integer
+ # TODO: This nullable is manually added in. We should update controller-gen
+ # to handle []*int properly itself.
+ nullable: true
+ type: array
+ attributes:
+ description: Attributes is an array of arbitrary metadata associated
+ with allocations in the block. To find attributes for a given allocation,
+ use the value of the allocation's entry in the Allocations array
+ as the index of the element in this array.
+ items:
+ properties:
+ handle_id:
+ type: string
+ secondary:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ type: array
+ cidr:
+ description: The block's CIDR.
+ type: string
+ deleted:
+ description: Deleted is an internal boolean used to workaround a limitation
+ in the Kubernetes API whereby deletion will not return a conflict
+ error if the block has been updated. It should not be set manually.
+ type: boolean
+ sequenceNumber:
+ default: 0
+ description: We store a sequence number that is updated each time
+ the block is written. Each allocation will also store the sequence
+ number of the block at the time of its creation. When releasing
+ an IP, passing the sequence number associated with the allocation
+ allows us to protect against a race condition and ensure the IP
+ hasn't been released and re-allocated since the release request.
+ format: int64
+ type: integer
+ sequenceNumberForAllocation:
+ additionalProperties:
+ format: int64
+ type: integer
+ description: Map of allocated ordinal within the block to sequence
+ number of the block at the time of allocation. Kubernetes does not
+ allow numerical keys for maps, so the key is cast to a string.
+ type: object
+ strictAffinity:
+ description: StrictAffinity on the IPAMBlock is deprecated and no
+ longer used by the code. Use IPAMConfig StrictAffinity instead.
+ type: boolean
+ unallocated:
+ description: Unallocated is an ordered list of allocations which are
+ free in the block.
+ items:
+ type: integer
+ type: array
+ required:
+ - allocations
+ - attributes
+ - cidr
+ - strictAffinity
+ - unallocated
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ipamconfigs.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: IPAMConfig
+ listKind: IPAMConfigList
+ plural: ipamconfigs
+ singular: ipamconfig
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAMConfigSpec contains the specification for an IPAMConfig
+ resource.
+ properties:
+ autoAllocateBlocks:
+ type: boolean
+ maxBlocksPerHost:
+ description: MaxBlocksPerHost, if non-zero, is the max number of blocks
+ that can be affine to each host.
+ maximum: 2147483647
+ minimum: 0
+ type: integer
+ strictAffinity:
+ type: boolean
+ required:
+ - autoAllocateBlocks
+ - strictAffinity
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ipamhandles.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: IPAMHandle
+ listKind: IPAMHandleList
+ plural: ipamhandles
+ singular: ipamhandle
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAMHandleSpec contains the specification for an IPAMHandle
+ resource.
+ properties:
+ block:
+ additionalProperties:
+ type: integer
+ type: object
+ deleted:
+ type: boolean
+ handleID:
+ type: string
+ required:
+ - block
+ - handleID
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: ippools.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: IPPool
+ listKind: IPPoolList
+ plural: ippools
+ singular: ippool
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPPoolSpec contains the specification for an IPPool resource.
+ properties:
+ allowedUses:
+ description: AllowedUse controls what the IP pool will be used for. If
+ not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
+ items:
+ type: string
+ type: array
+ blockSize:
+ description: The block size to use for IP address assignments from
+ this pool. Defaults to 26 for IPv4 and 122 for IPv6.
+ type: integer
+ cidr:
+ description: The pool CIDR.
+ type: string
+ disableBGPExport:
+ description: 'Disable exporting routes from this IP Pool''s CIDR over
+ BGP. [Default: false]'
+ type: boolean
+ disabled:
+ description: When disabled is true, Calico IPAM will not assign addresses
+ from this pool.
+ type: boolean
+ ipip:
+ description: 'Deprecated: this field is only used for APIv1 backwards
+ compatibility. Setting this field is not allowed, this field is
+ for internal use only.'
+ properties:
+ enabled:
+ description: When enabled is true, ipip tunneling will be used
+ to deliver packets to destinations within this pool.
+ type: boolean
+ mode:
+ description: The IPIP mode. This can be one of "always" or "cross-subnet". A
+ mode of "always" will also use IPIP tunneling for routing to
+ destination IP addresses within this pool. A mode of "cross-subnet"
+ will only use IPIP tunneling when the destination node is on
+ a different subnet to the originating node. The default value
+ (if not specified) is "always".
+ type: string
+ type: object
+ ipipMode:
+ description: Contains configuration for IPIP tunneling for this pool.
+ If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling
+ is disabled).
+ type: string
+ nat-outgoing:
+ description: 'Deprecated: this field is only used for APIv1 backwards
+ compatibility. Setting this field is not allowed, this field is
+ for internal use only.'
+ type: boolean
+ natOutgoing:
+ description: When natOutgoing is true, packets sent from Calico networked
+ containers in this pool to destinations outside of this pool will
+ be masqueraded.
+ type: boolean
+ nodeSelector:
+ description: Allows IPPool to allocate for a specific node by label
+ selector.
+ type: string
+ vxlanMode:
+ description: Contains configuration for VXLAN tunneling for this pool.
+ If not specified, then this is defaulted to "Never" (i.e. VXLAN
+ tunneling is disabled).
+ type: string
+ required:
+ - cidr
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: (devel)
+ creationTimestamp: null
+ name: ipreservations.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: IPReservation
+ listKind: IPReservationList
+ plural: ipreservations
+ singular: ipreservation
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPReservationSpec contains the specification for an IPReservation
+ resource.
+ properties:
+ reservedCIDRs:
+ description: ReservedCIDRs is a list of CIDRs and/or IP addresses
+ that Calico IPAM will exclude from new allocations.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: kubecontrollersconfigurations.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: KubeControllersConfiguration
+ listKind: KubeControllersConfigurationList
+ plural: kubecontrollersconfigurations
+ singular: kubecontrollersconfiguration
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeControllersConfigurationSpec contains the values of the
+ Kubernetes controllers configuration.
+ properties:
+ controllers:
+ description: Controllers enables and configures individual Kubernetes
+ controllers
+ properties:
+ namespace:
+ description: Namespace enables and configures the namespace controller.
+ Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform reconciliation
+ with the Calico datastore. [Default: 5m]'
+ type: string
+ type: object
+ node:
+ description: Node enables and configures the node controller.
+ Enabled by default, set to nil to disable.
+ properties:
+ hostEndpoint:
+ description: HostEndpoint controls syncing nodes to host endpoints.
+ Disabled by default, set to nil to disable.
+ properties:
+ autoCreate:
+ description: 'AutoCreate enables automatic creation of
+ host endpoints for every node. [Default: Disabled]'
+ type: string
+ type: object
+ leakGracePeriod:
+ description: 'LeakGracePeriod is the period used by the controller
+ to determine if an IP address has been leaked. Set to 0
+ to disable IP garbage collection. [Default: 15m]'
+ type: string
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform reconciliation
+ with the Calico datastore. [Default: 5m]'
+ type: string
+ syncLabels:
+ description: 'SyncLabels controls whether to copy Kubernetes
+ node labels to Calico nodes. [Default: Enabled]'
+ type: string
+ type: object
+ policy:
+ description: Policy enables and configures the policy controller.
+ Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform reconciliation
+ with the Calico datastore. [Default: 5m]'
+ type: string
+ type: object
+ serviceAccount:
+ description: ServiceAccount enables and configures the service
+ account controller. Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform reconciliation
+ with the Calico datastore. [Default: 5m]'
+ type: string
+ type: object
+ workloadEndpoint:
+ description: WorkloadEndpoint enables and configures the workload
+ endpoint controller. Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform reconciliation
+ with the Calico datastore. [Default: 5m]'
+ type: string
+ type: object
+ type: object
+ debugProfilePort:
+ description: DebugProfilePort configures the port to serve memory
+ and cpu profiles on. If not specified, profiling is disabled.
+ format: int32
+ type: integer
+ etcdV3CompactionPeriod:
+ description: 'EtcdV3CompactionPeriod is the period between etcdv3
+ compaction requests. Set to 0 to disable. [Default: 10m]'
+ type: string
+ healthChecks:
+ description: 'HealthChecks enables or disables support for health
+ checks [Default: Enabled]'
+ type: string
+ logSeverityScreen:
+ description: 'LogSeverityScreen is the log severity above which logs
+ are sent to the stdout. [Default: Info]'
+ type: string
+ prometheusMetricsPort:
+ description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+ metrics server should bind to. Set to 0 to disable. [Default: 9094]'
+ type: integer
+ required:
+ - controllers
+ type: object
+ status:
+ description: KubeControllersConfigurationStatus represents the status
+ of the configuration. It's useful for admins to be able to see the actual
+ config that was applied, which can be modified by environment variables
+ on the kube-controllers process.
+ properties:
+ environmentVars:
+ additionalProperties:
+ type: string
+ description: EnvironmentVars contains the environment variables on
+ the kube-controllers that influenced the RunningConfig.
+ type: object
+ runningConfig:
+ description: RunningConfig contains the effective config that is running
+ in the kube-controllers pod, after merging the API resource with
+ any environment variables.
+ properties:
+ controllers:
+ description: Controllers enables and configures individual Kubernetes
+ controllers
+ properties:
+ namespace:
+ description: Namespace enables and configures the namespace
+ controller. Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform
+ reconciliation with the Calico datastore. [Default:
+ 5m]'
+ type: string
+ type: object
+ node:
+ description: Node enables and configures the node controller.
+ Enabled by default, set to nil to disable.
+ properties:
+ hostEndpoint:
+ description: HostEndpoint controls syncing nodes to host
+ endpoints. Disabled by default, set to nil to disable.
+ properties:
+ autoCreate:
+ description: 'AutoCreate enables automatic creation
+ of host endpoints for every node. [Default: Disabled]'
+ type: string
+ type: object
+ leakGracePeriod:
+ description: 'LeakGracePeriod is the period used by the
+ controller to determine if an IP address has been leaked.
+ Set to 0 to disable IP garbage collection. [Default:
+ 15m]'
+ type: string
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform
+ reconciliation with the Calico datastore. [Default:
+ 5m]'
+ type: string
+ syncLabels:
+ description: 'SyncLabels controls whether to copy Kubernetes
+ node labels to Calico nodes. [Default: Enabled]'
+ type: string
+ type: object
+ policy:
+ description: Policy enables and configures the policy controller.
+ Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform
+ reconciliation with the Calico datastore. [Default:
+ 5m]'
+ type: string
+ type: object
+ serviceAccount:
+ description: ServiceAccount enables and configures the service
+ account controller. Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform
+ reconciliation with the Calico datastore. [Default:
+ 5m]'
+ type: string
+ type: object
+ workloadEndpoint:
+ description: WorkloadEndpoint enables and configures the workload
+ endpoint controller. Enabled by default, set to nil to disable.
+ properties:
+ reconcilerPeriod:
+ description: 'ReconcilerPeriod is the period to perform
+ reconciliation with the Calico datastore. [Default:
+ 5m]'
+ type: string
+ type: object
+ type: object
+ debugProfilePort:
+ description: DebugProfilePort configures the port to serve memory
+ and cpu profiles on. If not specified, profiling is disabled.
+ format: int32
+ type: integer
+ etcdV3CompactionPeriod:
+ description: 'EtcdV3CompactionPeriod is the period between etcdv3
+ compaction requests. Set to 0 to disable. [Default: 10m]'
+ type: string
+ healthChecks:
+ description: 'HealthChecks enables or disables support for health
+ checks [Default: Enabled]'
+ type: string
+ logSeverityScreen:
+ description: 'LogSeverityScreen is the log severity above which
+ logs are sent to the stdout. [Default: Info]'
+ type: string
+ prometheusMetricsPort:
+ description: 'PrometheusMetricsPort is the TCP port that the Prometheus
+ metrics server should bind to. Set to 0 to disable. [Default:
+ 9094]'
+ type: integer
+ required:
+ - controllers
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: networkpolicies.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: NetworkPolicy
+ listKind: NetworkPolicyList
+ plural: networkpolicies
+ singular: networkpolicy
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ egress:
+ description: The ordered set of egress rules. Each rule contains
+ a set of packet match criteria and a corresponding action to apply.
+ items:
+ description: "A Rule encapsulates a set of match criteria and an
+ action. Both selector-based security Policy and security Profiles
+ reference rules - separated out as a list of rules for both ingress
+ and egress packet matching. \n Each positive match criteria has
+ a negated version, prefixed with \"Not\". All the match criteria
+ within a rule must be satisfied for a packet to match. A single
+ rule can contain the positive and negative version of a match
+ and both must be satisfied for the rule to match."
+ properties:
+ action:
+ type: string
+ destination:
+ description: Destination contains the match criteria that apply
+ to destination entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ http:
+ description: HTTP contains match criteria that apply to HTTP
+ requests.
+ properties:
+ methods:
+ description: Methods is an optional field that restricts
+ the rule to apply only to HTTP requests that use one of
+ the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+ methods are OR'd together.
+ items:
+ type: string
+ type: array
+ paths:
+ description: 'Paths is an optional field that restricts
+ the rule to apply to HTTP requests that use one of the
+ listed HTTP Paths. Multiple paths are OR''d together.
+ e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+ ONLY specify either a `exact` or a `prefix` match. The
+ validator will check for it.'
+ items:
+ description: 'HTTPPath specifies an HTTP path to match.
+ It may be either of the form: exact: <path>: which matches
+ the path exactly or prefix: <path-prefix>: which matches
+ the path prefix'
+ properties:
+ exact:
+ type: string
+ prefix:
+ type: string
+ type: object
+ type: array
+ type: object
+ icmp:
+ description: ICMP is an optional field that restricts the rule
+ to apply to a specific type and code of ICMP traffic. This
+ should only be specified if the Protocol field is set to "ICMP"
+ or "ICMPv6".
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ ipVersion:
+ description: IPVersion is an optional field that restricts the
+ rule to only match a specific IP version.
+ type: integer
+ metadata:
+ description: Metadata contains additional information for this
+ rule
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations is a set of key value pairs that
+ give extra information about the rule
+ type: object
+ type: object
+ notICMP:
+ description: NotICMP is the negated version of the ICMP field.
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ notProtocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: NotProtocol is the negated version of the Protocol
+ field.
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ protocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: "Protocol is an optional field that restricts the
+ rule to only apply to traffic of a specific IP protocol. Required
+ if any of the EntityRules contain Ports (because ports only
+ apply to certain protocols). \n Must be one of these string
+ values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+ \"UDPLite\" or an integer in the range 1-255."
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ source:
+ description: Source contains the match criteria that apply to
+ source entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ ingress:
+ description: The ordered set of ingress rules. Each rule contains
+ a set of packet match criteria and a corresponding action to apply.
+ items:
+ description: "A Rule encapsulates a set of match criteria and an
+ action. Both selector-based security Policy and security Profiles
+ reference rules - separated out as a list of rules for both ingress
+ and egress packet matching. \n Each positive match criteria has
+ a negated version, prefixed with \"Not\". All the match criteria
+ within a rule must be satisfied for a packet to match. A single
+ rule can contain the positive and negative version of a match
+ and both must be satisfied for the rule to match."
+ properties:
+ action:
+ type: string
+ destination:
+ description: Destination contains the match criteria that apply
+ to destination entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ http:
+ description: HTTP contains match criteria that apply to HTTP
+ requests.
+ properties:
+ methods:
+ description: Methods is an optional field that restricts
+ the rule to apply only to HTTP requests that use one of
+ the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple
+ methods are OR'd together.
+ items:
+ type: string
+ type: array
+ paths:
+ description: 'Paths is an optional field that restricts
+ the rule to apply to HTTP requests that use one of the
+ listed HTTP Paths. Multiple paths are OR''d together.
+ e.g: - exact: /foo - prefix: /bar NOTE: Each entry may
+ ONLY specify either a `exact` or a `prefix` match. The
+ validator will check for it.'
+ items:
+ description: 'HTTPPath specifies an HTTP path to match.
+ It may be either of the form: exact: <path>: which matches
+ the path exactly or prefix: <path-prefix>: which matches
+ the path prefix'
+ properties:
+ exact:
+ type: string
+ prefix:
+ type: string
+ type: object
+ type: array
+ type: object
+ icmp:
+ description: ICMP is an optional field that restricts the rule
+ to apply to a specific type and code of ICMP traffic. This
+ should only be specified if the Protocol field is set to "ICMP"
+ or "ICMPv6".
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ ipVersion:
+ description: IPVersion is an optional field that restricts the
+ rule to only match a specific IP version.
+ type: integer
+ metadata:
+ description: Metadata contains additional information for this
+ rule
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations is a set of key value pairs that
+ give extra information about the rule
+ type: object
+ type: object
+ notICMP:
+ description: NotICMP is the negated version of the ICMP field.
+ properties:
+ code:
+ description: Match on a specific ICMP code. If specified,
+ the Type value must also be specified. This is a technical
+ limitation imposed by the kernel's iptables firewall,
+ which Calico uses to enforce the rule.
+ type: integer
+ type:
+ description: Match on a specific ICMP type. For example
+ a value of 8 refers to ICMP Echo Request (i.e. pings).
+ type: integer
+ type: object
+ notProtocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: NotProtocol is the negated version of the Protocol
+ field.
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ protocol:
+ anyOf:
+ - type: integer
+ - type: string
+ description: "Protocol is an optional field that restricts the
+ rule to only apply to traffic of a specific IP protocol. Required
+ if any of the EntityRules contain Ports (because ports only
+ apply to certain protocols). \n Must be one of these string
+ values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\",
+ \"UDPLite\" or an integer in the range 1-255."
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ source:
+ description: Source contains the match criteria that apply to
+ source entity.
+ properties:
+ namespaceSelector:
+ description: "NamespaceSelector is an optional field that
+ contains a selector expression. Only traffic that originates
+ from (or terminates at) endpoints within the selected
+ namespaces will be matched. When both NamespaceSelector
+ and another selector are defined on the same rule, then
+ only workload endpoints that are matched by both selectors
+ will be selected by the rule. \n For NetworkPolicy, an
+ empty NamespaceSelector implies that the Selector is limited
+ to selecting only workload endpoints in the same namespace
+ as the NetworkPolicy. \n For NetworkPolicy, `global()`
+ NamespaceSelector implies that the Selector is limited
+ to selecting only GlobalNetworkSet or HostEndpoint. \n
+ For GlobalNetworkPolicy, an empty NamespaceSelector implies
+ the Selector applies to workload endpoints across all
+ namespaces."
+ type: string
+ nets:
+ description: Nets is an optional field that restricts the
+ rule to only apply to traffic that originates from (or
+ terminates at) IP addresses in any of the given subnets.
+ items:
+ type: string
+ type: array
+ notNets:
+ description: NotNets is the negated version of the Nets
+ field.
+ items:
+ type: string
+ type: array
+ notPorts:
+ description: NotPorts is the negated version of the Ports
+ field. Since only some protocols have ports, if any ports
+ are specified it requires the Protocol match in the Rule
+ to be set to "TCP" or "UDP".
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ notSelector:
+ description: NotSelector is the negated version of the Selector
+ field. See Selector field for subtleties with negated
+ selectors.
+ type: string
+ ports:
+ description: "Ports is an optional field that restricts
+ the rule to only apply to traffic that has a source (destination)
+ port that matches one of these ranges/values. This value
+ is a list of integers or strings that represent ranges
+ of ports. \n Since only some protocols have ports, if
+ any ports are specified it requires the Protocol match
+ in the Rule to be set to \"TCP\" or \"UDP\"."
+ items:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^.*
+ x-kubernetes-int-or-string: true
+ type: array
+ selector:
+ description: "Selector is an optional field that contains
+ a selector expression (see Policy for sample syntax).
+ \ Only traffic that originates from (terminates at) endpoints
+ matching the selector will be matched. \n Note that: in
+ addition to the negated version of the Selector (see NotSelector
+ below), the selector expression syntax itself supports
+ negation. The two types of negation are subtly different.
+ One negates the set of matched endpoints, the other negates
+ the whole match: \n \tSelector = \"!has(my_label)\" matches
+ packets that are from other Calico-controlled \tendpoints
+ that do not have the label \"my_label\". \n \tNotSelector
+ = \"has(my_label)\" matches packets that are not from
+ Calico-controlled \tendpoints that do have the label \"my_label\".
+ \n The effect is that the latter will accept packets from
+ non-Calico sources whereas the former is limited to packets
+ from Calico-controlled endpoints."
+ type: string
+ serviceAccounts:
+ description: ServiceAccounts is an optional field that restricts
+ the rule to only apply to traffic that originates from
+ (or terminates at) a pod running as a matching service
+ account.
+ properties:
+ names:
+ description: Names is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account whose name is in the list.
+ items:
+ type: string
+ type: array
+ selector:
+ description: Selector is an optional field that restricts
+ the rule to only apply to traffic that originates
+ from (or terminates at) a pod running as a service
+ account that matches the given label selector. If
+ both Names and Selector are specified then they are
+ AND'ed.
+ type: string
+ type: object
+ services:
+ description: "Services is an optional field that contains
+ options for matching Kubernetes Services. If specified,
+ only traffic that originates from or terminates at endpoints
+ within the selected service(s) will be matched, and only
+ to/from each endpoint's port. \n Services cannot be specified
+ on the same rule as Selector, NotSelector, NamespaceSelector,
+ Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
+ can only be specified with Services on ingress rules."
+ properties:
+ name:
+ description: Name specifies the name of a Kubernetes
+ Service to match.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace of the
+ given Service. If left empty, the rule will match
+ within this policy's namespace.
+ type: string
+ type: object
+ type: object
+ required:
+ - action
+ type: object
+ type: array
+ order:
+ description: Order is an optional field that specifies the order in
+ which the policy is applied. Policies with higher "order" are applied
+ after those with lower order. If the order is omitted, it may be
+ considered to be "infinite" - i.e. the policy will be applied last. Policies
+ with identical order will be applied in alphanumerical order based
+ on the Policy "Name".
+ type: number
+ performanceHints:
+ description: "PerformanceHints contains a list of hints to Calico's
+ policy engine to help process the policy more efficiently. Hints
+ never change the enforcement behaviour of the policy. \n Currently,
+ the only available hint is \"AssumeNeededOnEveryNode\". When that
+ hint is set on a policy, Felix will act as if the policy matches
+ a local endpoint even if it does not. This is useful for \"preloading\"
+ any large static policies that are known to be used on every node.
+ If the policy is _not_ used on a particular node then the work done
+ to preload the policy (and to maintain it) is wasted."
+ items:
+ type: string
+ type: array
+ selector:
+ description: "The selector is an expression used to pick out the endpoints
+ that the policy should be applied to. \n Selector expressions follow
+ this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
+ my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
+ equal; also matches if label is not present \tlabel in { \"a\",
+ \"b\", \"c\", ... } -> true if the value of label X is one of
+ \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
+ \ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
+ \thas(label_name) -> True if that label is present \t! expr ->
+ negation of expr \texpr && expr -> Short-circuit and \texpr ||
+ expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
+ or the empty selector -> matches all endpoints. \n Label names are
+ allowed to contain alphanumerics, -, _ and /. String literals are
+ more permissive but they do not support escape characters. \n Examples
+ (with made-up labels): \n \ttype == \"webserver\" && deployment
+ == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment !=
+ \"dev\" \t! has(label_name)"
+ type: string
+ serviceAccountSelector:
+ description: ServiceAccountSelector is an optional field for an expression
+ used to select a pod based on service accounts.
+ type: string
+ types:
+ description: "Types indicates whether this policy applies to ingress,
+ or to egress, or to both. When not explicitly specified (and so
+ the value on creation is empty or nil), Calico defaults Types according
+ to what Ingress and Egress are present in the policy. The default
+ is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including
+ the case where there are also no Ingress rules) \n - [ PolicyTypeEgress
+ ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress,
+ PolicyTypeEgress ], if there are both Ingress and Egress rules.
+ \n When the policy is read back again, Types will always be one
+ of these values, never empty or nil."
+ items:
+ description: PolicyType enumerates the possible values of the PolicySpec
+ Types field.
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/kdd-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: networksets.crd.projectcalico.org
+spec:
+ group: crd.projectcalico.org
+ names:
+ kind: NetworkSet
+ listKind: NetworkSetList
+ plural: networksets
+ singular: networkset
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NetworkSetSpec contains the specification for a NetworkSet
+ resource.
+ properties:
+ nets:
+ description: The list of IP networks that belong to this set.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+# Source: calico/templates/calico-kube-controllers-rbac.yaml
+# Include a clusterrole for the kube-controllers component,
+# and bind it to the calico-kube-controllers serviceaccount.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: calico-kube-controllers
+rules:
+ # Nodes are watched to monitor for deletions.
+ - apiGroups: [""]
+ resources:
+ - nodes
+ verbs:
+ - watch
+ - list
+ - get
+ # Pods are watched to check for existence as part of IPAM controller.
+ - apiGroups: [""]
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - ipreservations
+ verbs:
+ - list
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - blockaffinities
+ - ipamblocks
+ - ipamhandles
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ - watch
+ # Pools are watched to maintain a mapping of blocks to IP pools.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - ippools
+ verbs:
+ - list
+ - watch
+ # kube-controllers manages hostendpoints.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - hostendpoints
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ # Needs access to update clusterinformations.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - clusterinformations
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - watch
+ # KubeControllersConfiguration is where it gets its config
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - kubecontrollersconfigurations
+ verbs:
+ # read its own config
+ - get
+ - list
+ # create a default if none exists
+ - create
+ # update status
+ - update
+ # watch for changes
+ - watch
+---
+# Source: calico/templates/calico-node-rbac.yaml
+# Include a clusterrole for the calico-node DaemonSet,
+# and bind it to the calico-node serviceaccount.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: calico-node
+rules:
+ # Used for creating service account tokens to be used by the CNI plugin
+ - apiGroups: [""]
+ resources:
+ - serviceaccounts/token
+ resourceNames:
+ - calico-cni-plugin
+ verbs:
+ - create
+ # The CNI plugin needs to get pods, nodes, and namespaces.
+ - apiGroups: [""]
+ resources:
+ - pods
+ - nodes
+ - namespaces
+ verbs:
+ - get
+ # EndpointSlices are used for Service-based network policy rule
+ # enforcement.
+ - apiGroups: ["discovery.k8s.io"]
+ resources:
+ - endpointslices
+ verbs:
+ - watch
+ - list
+ - apiGroups: [""]
+ resources:
+ - endpoints
+ - services
+ verbs:
+ # Used to discover service IPs for advertisement.
+ - watch
+ - list
+ # Used to discover Typhas.
+ - get
+ # Pod CIDR auto-detection on kubeadm needs access to config maps.
+ - apiGroups: [""]
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - apiGroups: [""]
+ resources:
+ - nodes/status
+ verbs:
+ # Needed for clearing NodeNetworkUnavailable flag.
+ - patch
+ # Calico stores some configuration information in node annotations.
+ - update
+ # Watch for changes to Kubernetes NetworkPolicies.
+ - apiGroups: ["networking.k8s.io"]
+ resources:
+ - networkpolicies
+ verbs:
+ - watch
+ - list
+ # Used by Calico for policy information.
+ - apiGroups: [""]
+ resources:
+ - pods
+ - namespaces
+ - serviceaccounts
+ verbs:
+ - list
+ - watch
+ # The CNI plugin patches pods/status.
+ - apiGroups: [""]
+ resources:
+ - pods/status
+ verbs:
+ - patch
+ # Calico monitors various CRDs for config.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - globalfelixconfigs
+ - felixconfigurations
+ - bgppeers
+ - bgpfilters
+ - globalbgpconfigs
+ - bgpconfigurations
+ - ippools
+ - ipreservations
+ - ipamblocks
+ - globalnetworkpolicies
+ - globalnetworksets
+ - networkpolicies
+ - networksets
+ - clusterinformations
+ - hostendpoints
+ - blockaffinities
+ - caliconodestatuses
+ verbs:
+ - get
+ - list
+ - watch
+ # Calico must create and update some CRDs on startup.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - ippools
+ - felixconfigurations
+ - clusterinformations
+ verbs:
+ - create
+ - update
+ # Calico must update some CRDs.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - caliconodestatuses
+ verbs:
+ - update
+ # Calico stores some configuration information on the node.
+ - apiGroups: [""]
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ # These permissions are only required for upgrade from v2.6, and can
+ # be removed after upgrade or on fresh installations.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - bgpconfigurations
+ - bgppeers
+ verbs:
+ - create
+ - update
+ # These permissions are required for Calico CNI to perform IPAM allocations.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - blockaffinities
+ - ipamblocks
+ - ipamhandles
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+ # The CNI plugin and calico/node need to be able to create a default
+ # IPAMConfiguration
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - ipamconfigs
+ verbs:
+ - get
+ - create
+ # Block affinities must also be watchable by confd for route aggregation.
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - blockaffinities
+ verbs:
+ - watch
+ # The Calico IPAM migration needs to get daemonsets. These permissions can be
+ # removed if not upgrading from an installation using host-local IPAM.
+ - apiGroups: ["apps"]
+ resources:
+ - daemonsets
+ verbs:
+ - get
+---
+# Source: calico/templates/calico-node-rbac.yaml
+# CNI cluster role
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: calico-cni-plugin
+rules:
+ - apiGroups: [""]
+ resources:
+ - pods
+ - nodes
+ - namespaces
+ verbs:
+ - get
+ - apiGroups: [""]
+ resources:
+ - pods/status
+ verbs:
+ - patch
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - blockaffinities
+ - ipamblocks
+ - ipamhandles
+ - clusterinformations
+ - ippools
+ - ipreservations
+ - ipamconfigs
+ verbs:
+ - get
+ - list
+ - create
+ - update
+ - delete
+---
+# Source: calico/templates/calico-kube-controllers-rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: calico-kube-controllers
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: calico-kube-controllers
+subjects:
+- kind: ServiceAccount
+ name: calico-kube-controllers
+ namespace: kube-system
+---
+# Source: calico/templates/calico-node-rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: calico-node
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: calico-node
+subjects:
+- kind: ServiceAccount
+ name: calico-node
+ namespace: kube-system
+---
+# Source: calico/templates/calico-node-rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: calico-cni-plugin
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: calico-cni-plugin
+subjects:
+- kind: ServiceAccount
+ name: calico-cni-plugin
+ namespace: kube-system
+---
+# Source: calico/templates/calico-node.yaml
+# This manifest installs the calico-node container, as well
+# as the CNI plugins and network config on
+# each master and worker node in a Kubernetes cluster.
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: calico-node
+ namespace: kube-system
+ labels:
+ k8s-app: calico-node
+spec:
+ selector:
+ matchLabels:
+ k8s-app: calico-node
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ template:
+ metadata:
+ labels:
+ k8s-app: calico-node
+ spec:
+ nodeSelector:
+ kubernetes.io/os: linux
+ hostNetwork: true
+ tolerations:
+ # Make sure calico-node gets scheduled on all nodes.
+ - effect: NoSchedule
+ operator: Exists
+ # Mark the pod as a critical add-on for rescheduling.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - effect: NoExecute
+ operator: Exists
+ serviceAccountName: calico-node
+ # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+ # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+ terminationGracePeriodSeconds: 0
+ priorityClassName: system-node-critical
+ initContainers:
+ # This container performs upgrade from host-local IPAM to calico-ipam.
+ # It can be deleted if this is a fresh installation, or if you have already
+ # upgraded to use calico-ipam.
+ - name: upgrade-ipam
+ image: docker.io/calico/cni:v3.28.3
+ imagePullPolicy: IfNotPresent
+ command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
+ envFrom:
+ - configMapRef:
+ # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
+ name: kubernetes-services-endpoint
+ optional: true
+ env:
+ - name: KUBERNETES_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CALICO_NETWORKING_BACKEND
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: calico_backend
+ volumeMounts:
+ - mountPath: /var/lib/cni/networks
+ name: host-local-net-dir
+ - mountPath: /host/opt/cni/bin
+ name: cni-bin-dir
+ securityContext:
+ privileged: true
+ # This container installs the CNI binaries
+ # and CNI network config file on each node.
+ - name: install-cni
+ image: docker.io/calico/cni:v3.28.3
+ imagePullPolicy: IfNotPresent
+ command: ["/opt/cni/bin/install"]
+ envFrom:
+ - configMapRef:
+ # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
+ name: kubernetes-services-endpoint
+ optional: true
+ env:
+ # Name of the CNI config file to create.
+ - name: CNI_CONF_NAME
+ value: "10-calico.conflist"
+ # The CNI network config to install on each node.
+ - name: CNI_NETWORK_CONFIG
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: cni_network_config
+ # Set the hostname based on the k8s node name.
+ - name: KUBERNETES_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ # CNI MTU Config variable
+ - name: CNI_MTU
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: veth_mtu
+ # Prevents the container from sleeping forever.
+ - name: SLEEP
+ value: "false"
+ volumeMounts:
+ - mountPath: /host/opt/cni/bin
+ name: cni-bin-dir
+ - mountPath: /host/etc/cni/net.d
+ name: cni-net-dir
+ securityContext:
+ privileged: true
+ # This init container mounts the necessary filesystems needed by the BPF data plane
+ # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
+ # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
+ - name: "mount-bpffs"
+ image: docker.io/calico/node:v3.28.3
+ imagePullPolicy: IfNotPresent
+ command: ["calico-node", "-init", "-best-effort"]
+ volumeMounts:
+ - mountPath: /sys/fs
+ name: sys-fs
+ # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host
+ # so that it outlives the init container.
+ mountPropagation: Bidirectional
+ - mountPath: /var/run/calico
+ name: var-run-calico
+ # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host
+ # so that it outlives the init container.
+ mountPropagation: Bidirectional
+ # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary,
+ # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly.
+ - mountPath: /nodeproc
+ name: nodeproc
+ readOnly: true
+ securityContext:
+ privileged: true
+ containers:
+ # Runs calico-node container on each Kubernetes node. This
+ # container programs network policy and routes on each
+ # host.
+ - name: calico-node
+ image: docker.io/calico/node:v3.28.3
+ imagePullPolicy: IfNotPresent
+ envFrom:
+ - configMapRef:
+ # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
+ name: kubernetes-services-endpoint
+ optional: true
+ env:
+ # Use Kubernetes API as the backing datastore.
+ - name: DATASTORE_TYPE
+ value: "kubernetes"
+ # Wait for the datastore.
+ - name: WAIT_FOR_DATASTORE
+ value: "true"
+ # Set based on the k8s node name.
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ # Choose the backend to use.
+ - name: CALICO_NETWORKING_BACKEND
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: calico_backend
+ # Cluster type to identify the deployment type
+ - name: CLUSTER_TYPE
+ value: "k8s,bgp"
+ # Auto-detect the BGP IP address.
+ - name: IP
+ value: "autodetect"
+ # Enable IPIP
+ - name: CALICO_IPV4POOL_IPIP
+ value: "Always"
+ # Enable or Disable VXLAN on the default IP pool.
+ - name: CALICO_IPV4POOL_VXLAN
+ value: "Never"
+ # Enable or Disable VXLAN on the default IPv6 IP pool.
+ - name: CALICO_IPV6POOL_VXLAN
+ value: "Never"
+ # Set MTU for tunnel device used if ipip is enabled
+ - name: FELIX_IPINIPMTU
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: veth_mtu
+ # Set MTU for the VXLAN tunnel device.
+ - name: FELIX_VXLANMTU
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: veth_mtu
+ # Set MTU for the Wireguard tunnel device.
+ - name: FELIX_WIREGUARDMTU
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: veth_mtu
+ # The default IPv4 pool to create on startup if none exists. Pod IPs will be
+ # chosen from this range. Changing this value after installation will have
+ # no effect. This should fall within `--cluster-cidr`.
+ # - name: CALICO_IPV4POOL_CIDR
+ # value: "192.168.0.0/16"
+ # Disable file logging so `kubectl logs` works.
+ - name: CALICO_DISABLE_FILE_LOGGING
+ value: "true"
+ # Set Felix endpoint to host default action to ACCEPT.
+ - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
+ value: "ACCEPT"
+ # Disable IPv6 on Kubernetes.
+ - name: FELIX_IPV6SUPPORT
+ value: "false"
+ - name: FELIX_HEALTHENABLED
+ value: "true"
+ securityContext:
+ privileged: true
+ resources:
+ requests:
+ cpu: 250m
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /bin/calico-node
+ - -shutdown
+ livenessProbe:
+ exec:
+ command:
+ - /bin/calico-node
+ - -felix-live
+ - -bird-live
+ periodSeconds: 10
+ initialDelaySeconds: 10
+ failureThreshold: 6
+ timeoutSeconds: 10
+ readinessProbe:
+ exec:
+ command:
+ - /bin/calico-node
+ - -felix-ready
+ - -bird-ready
+ periodSeconds: 10
+ timeoutSeconds: 10
+ volumeMounts:
+ # For maintaining CNI plugin API credentials.
+ - mountPath: /host/etc/cni/net.d
+ name: cni-net-dir
+ readOnly: false
+ - mountPath: /lib/modules
+ name: lib-modules
+ readOnly: true
+ - mountPath: /run/xtables.lock
+ name: xtables-lock
+ readOnly: false
+ - mountPath: /var/run/calico
+ name: var-run-calico
+ readOnly: false
+ - mountPath: /var/lib/calico
+ name: var-lib-calico
+ readOnly: false
+ - name: policysync
+ mountPath: /var/run/nodeagent
+ # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the
+ # parent directory.
+ - name: bpffs
+ mountPath: /sys/fs/bpf
+ - name: cni-log-dir
+ mountPath: /var/log/calico/cni
+ readOnly: true
+ volumes:
+ # Used by calico-node.
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: var-run-calico
+ hostPath:
+ path: /var/run/calico
+ type: DirectoryOrCreate
+ - name: var-lib-calico
+ hostPath:
+ path: /var/lib/calico
+ type: DirectoryOrCreate
+ - name: xtables-lock
+ hostPath:
+ path: /run/xtables.lock
+ type: FileOrCreate
+ - name: sys-fs
+ hostPath:
+ path: /sys/fs/
+ type: DirectoryOrCreate
+ - name: bpffs
+ hostPath:
+ path: /sys/fs/bpf
+ type: Directory
+ # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs.
+ - name: nodeproc
+ hostPath:
+ path: /proc
+ # Used to install CNI.
+ - name: cni-bin-dir
+ hostPath:
+ path: /opt/cni/bin
+ type: DirectoryOrCreate
+ - name: cni-net-dir
+ hostPath:
+ path: /etc/cni/net.d
+ # Used to access CNI logs.
+ - name: cni-log-dir
+ hostPath:
+ path: /var/log/calico/cni
+ # Mount in the directory for host-local IPAM allocations. This is
+ # used when upgrading from host-local to calico-ipam, and can be removed
+ # if not using the upgrade-ipam init container.
+ - name: host-local-net-dir
+ hostPath:
+ path: /var/lib/cni/networks
+ # Used to create per-pod Unix Domain Sockets
+ - name: policysync
+ hostPath:
+ type: DirectoryOrCreate
+ path: /var/run/nodeagent
+---
+# Source: calico/templates/calico-kube-controllers.yaml
+# See https://github.com/projectcalico/kube-controllers
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: calico-kube-controllers
+ namespace: kube-system
+ labels:
+ k8s-app: calico-kube-controllers
+spec:
+ # The controllers can only have a single active instance.
+ replicas: 1
+ selector:
+ matchLabels:
+ k8s-app: calico-kube-controllers
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ name: calico-kube-controllers
+ namespace: kube-system
+ labels:
+ k8s-app: calico-kube-controllers
+ spec:
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations:
+ # Mark the pod as a critical add-on for rescheduling.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ serviceAccountName: calico-kube-controllers
+ priorityClassName: system-cluster-critical
+ containers:
+ - name: calico-kube-controllers
+ image: docker.io/calico/kube-controllers:v3.28.3
+ imagePullPolicy: IfNotPresent
+ env:
+ # Choose which controllers to run.
+ - name: ENABLED_CONTROLLERS
+ value: node
+ - name: DATASTORE_TYPE
+ value: kubernetes
+ livenessProbe:
+ exec:
+ command:
+ - /usr/bin/check-status
+ - -l
+ periodSeconds: 10
+ initialDelaySeconds: 10
+ failureThreshold: 6
+ timeoutSeconds: 10
+ readinessProbe:
+ exec:
+ command:
+ - /usr/bin/check-status
+ - -r
+ periodSeconds: 10
--- /dev/null
+apiVersion: v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: system:cloud-node-controller
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:cloud-node-controller
+ subjects:
+ - kind: ServiceAccount
+ name: cloud-node-controller
+ namespace: kube-system
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: system:cloud-controller-manager
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:cloud-controller-manager
+ subjects:
+ - kind: ServiceAccount
+ name: cloud-controller-manager
+ namespace: kube-system
+kind: List
+metadata: {}
\ No newline at end of file
--- /dev/null
+apiVersion: v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: system:cloud-controller-manager
+ rules:
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/status
+ verbs:
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ verbs:
+ - create
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - serviceaccounts/token
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - list
+ - get
+ - watch
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: system:cloud-node-controller
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/status
+ verbs:
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+kind: List
+metadata: {}
--- /dev/null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cloud-controller-manager
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: openstack-cloud-controller-manager
+ namespace: kube-system
+ labels:
+ k8s-app: openstack-cloud-controller-manager
+spec:
+ selector:
+ matchLabels:
+ k8s-app: openstack-cloud-controller-manager
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ k8s-app: openstack-cloud-controller-manager
+ spec:
+ nodeSelector:
+ node-role.kubernetes.io/control-plane: ""
+ securityContext:
+ runAsUser: 1001
+ tolerations:
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ serviceAccountName: cloud-controller-manager
+ containers:
+ - name: openstack-cloud-controller-manager
+ image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.31.2
+ args:
+ - /bin/openstack-cloud-controller-manager
+ - --v=1
+ - --cluster-name=$(CLUSTER_NAME)
+ - --cloud-config=$(CLOUD_CONFIG)
+ - --cloud-provider=openstack
+ - --use-service-account-credentials=false
+ - --bind-address=127.0.0.1
+ volumeMounts:
+ - mountPath: /etc/kubernetes/pki
+ name: k8s-certs
+ readOnly: true
+ - mountPath: /etc/ssl/certs
+ name: ca-certs
+ readOnly: true
+ - mountPath: /etc/config
+ name: cloud-config-volume
+ readOnly: true
+ resources:
+ requests:
+ cpu: 200m
+ env:
+ - name: CLOUD_CONFIG
+ value: /etc/config/cloud.conf
+ - name: CLUSTER_NAME
+ value: kubernetes
+ dnsPolicy: ClusterFirst
+ hostNetwork: true
+ volumes:
+ - hostPath:
+ path: /etc/kubernetes/pki
+ type: DirectoryOrCreate
+ name: k8s-certs
+ - hostPath:
+ path: /etc/ssl/certs
+ type: DirectoryOrCreate
+ name: ca-certs
+ - name: cloud-config-volume
+ secret:
+ secretName: cloud-config
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-system
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-selfsigned-issuer
+ namespace: capi-system
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-serving-cert
+ namespace: capi-system
+spec:
+ dnsNames:
+ - capi-webhook-service.capi-system.svc
+ - capi-webhook-service.capi-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-selfsigned-issuer
+ secretName: capi-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterclasses.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterClass
+ listKind: ClusterClassList
+ plural: clusterclasses
+ shortNames:
+ - cc
+ singular: clusterclass
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterClass
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClusterClass is a template which can be used to create managed topologies.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterClassSpec describes the desired state of the ClusterClass.
+ properties:
+ controlPlane:
+ description: |-
+ controlPlane is a reference to a local struct that holds the details
+ for provisioning the Control Plane for the Cluster.
+ properties:
+ machineInfrastructure:
+ description: |-
+ MachineTemplate defines the metadata and infrastructure information
+ for control plane machines.
+
+ This field is supported if and only if the control plane provider template
+ referenced above is Machine based and supports setting replicas.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the machines of the ControlPlane.
+ At runtime this metadata is merged with the corresponding metadata from the topology.
+
+ This field is supported if and only if the control plane provider template
+ referenced is Machine based.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: |-
+ infrastructure is a reference to a provider-specific template that holds
+ the details for provisioning infrastructure specific cluster
+ for the underlying provider.
+ The underlying provider is responsible for the implementation
+ of the template to an infrastructure cluster.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ workers:
+ description: |-
+ workers describes the worker nodes for the cluster.
+ It is a collection of node types which can be used to create
+ the worker nodes of the cluster.
+ properties:
+ machineDeployments:
+ description: |-
+ machineDeployments is a list of machine deployment classes that can be used to create
+ a set of worker nodes.
+ items:
+ description: |-
+ MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
+ provisioned using the `ClusterClass`.
+ properties:
+ class:
+ description: |-
+ class denotes a type of worker node present in the cluster,
+ this name MUST be unique within a ClusterClass and can be referenced
+ in the Cluster to create a managed MachineDeployment.
+ type: string
+ template:
+ description: |-
+ template is a local struct containing a collection of templates for creation of
+ MachineDeployment objects representing a set of worker nodes.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap contains the bootstrap template reference to be used
+ for the creation of worker Machines.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: |-
+ infrastructure contains the infrastructure template reference to be used
+ for the creation of worker Machines.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the machines of the MachineDeployment.
+ At runtime this metadata is merged with the corresponding metadata from the topology.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ required:
+ - bootstrap
+ - infrastructure
+ type: object
+ required:
+ - class
+ - template
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterClass
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterClass is a template which can be used to create managed
+ topologies.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterClassSpec describes the desired state of the ClusterClass.
+ properties:
+ controlPlane:
+ description: |-
+ controlPlane is a reference to a local struct that holds the details
+ for provisioning the Control Plane for the Cluster.
+ properties:
+ machineHealthCheck:
+ description: |-
+ machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass.
+ This field is supported if and only if the ControlPlane provider template
+ referenced above is Machine based and supports setting replicas.
+ properties:
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
+ to consider a Machine unhealthy if a corresponding Node isn't associated
+ through a `Spec.ProviderID` field.
+
+ The duration set in this field is compared to the greatest of:
+ - Cluster's infrastructure ready condition timestamp (if and when available)
+ - Control Plane's initialized condition timestamp (if and when available)
+ - Machine's infrastructure ready condition timestamp (if and when available)
+ - Machine's metadata creation timestamp
+
+ Defaults to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ machineInfrastructure:
+ description: |-
+ machineInfrastructure defines the metadata and infrastructure information
+ for control plane machines.
+
+ This field is supported if and only if the control plane provider template
+ referenced above is Machine based and supports setting replicas.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
+ if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the
+ ControlPlane.
+ At runtime this metadata is merged with the corresponding metadata from the topology.
+
+ This field is supported if and only if the control plane provider template
+ referenced is Machine based.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ namingStrategy:
+ description: namingStrategy allows changing the naming pattern
+ used when creating the control plane provider object.
+ properties:
+ template:
+ description: |-
+ template defines the template to use for generating the name of the ControlPlane object.
+ If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`.
+ If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
+ get concatenated with a random suffix of length 5.
+ The templating mechanism provides the following arguments:
+ * `.cluster.name`: The name of the cluster object.
+ * `.random`: A random alphanumeric string, without vowels, of length 5.
+ type: string
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ NOTE: This value can be overridden while defining a Cluster.Topology.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ NOTE: This value can be overridden while defining a Cluster.Topology.
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ NOTE: This value can be overridden while defining a Cluster.Topology.
+ type: string
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: |-
+ infrastructure is a reference to a provider-specific template that holds
+ the details for provisioning infrastructure specific cluster
+ for the underlying provider.
+ The underlying provider is responsible for the implementation
+ of the template to an infrastructure cluster.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ patches:
+ description: |-
+ patches defines the patches which are applied to customize
+ referenced templates of a ClusterClass.
+ Note: Patches will be applied in the order of the array.
+ items:
+ description: ClusterClassPatch defines a patch which is applied
+ to customize the referenced templates.
+ properties:
+ definitions:
+ description: |-
+ definitions define inline patches.
+ Note: Patches will be applied in the order of the array.
+ Note: Exactly one of Definitions or External must be set.
+ items:
+ description: PatchDefinition defines a patch which is applied
+ to customize the referenced templates.
+ properties:
+ jsonPatches:
+ description: |-
+ jsonPatches defines the patches which should be applied on the templates
+ matching the selector.
+ Note: Patches will be applied in the order of the array.
+ items:
+ description: JSONPatch defines a JSON patch.
+ properties:
+ op:
+ description: |-
+ op defines the operation of the patch.
+ Note: Only `add`, `replace` and `remove` are supported.
+ type: string
+ path:
+ description: |-
+ path defines the path of the patch.
+ Note: Only the spec of a template can be patched, thus the path has to start with /spec/.
+ Note: For now the only allowed array modifications are `append` and `prepend`, i.e.:
+ * for op: `add`: only index 0 (prepend) and - (append) are allowed
+ * for op: `replace` or `remove`: no indexes are allowed
+ type: string
+ value:
+ description: |-
+ value defines the value of the patch.
+ Note: Either Value or ValueFrom is required for add and replace
+ operations. Only one of them is allowed to be set at the same time.
+ Note: We have to use apiextensionsv1.JSON instead of our JSON type,
+ because controller-tools has a hard-coded schema for apiextensionsv1.JSON
+ which cannot be produced by another type (unset type field).
+ Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
+ x-kubernetes-preserve-unknown-fields: true
+ valueFrom:
+ description: |-
+ valueFrom defines the value of the patch.
+ Note: Either Value or ValueFrom is required for add and replace
+ operations. Only one of them is allowed to be set at the same time.
+ properties:
+ template:
+ description: |-
+ template is the Go template to be used to calculate the value.
+ A template can reference variables defined in .spec.variables and builtin variables.
+ Note: The template must evaluate to a valid YAML or JSON value.
+ type: string
+ variable:
+ description: |-
+ variable is the variable to be used as value.
+ Variable can be one of the variables defined in .spec.variables or a builtin variable.
+ type: string
+ type: object
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ selector:
+ description: selector defines on which templates the patch
+ should be applied.
+ properties:
+ apiVersion:
+ description: apiVersion filters templates by apiVersion.
+ type: string
+ kind:
+ description: kind filters templates by kind.
+ type: string
+ matchResources:
+ description: matchResources selects templates based
+ on where they are referenced.
+ properties:
+ controlPlane:
+ description: |-
+ controlPlane selects templates referenced in .spec.ControlPlane.
+ Note: this will match the controlPlane and also the controlPlane
+ machineInfrastructure (depending on the kind and apiVersion).
+ type: boolean
+ infrastructureCluster:
+ description: infrastructureCluster selects templates
+ referenced in .spec.infrastructure.
+ type: boolean
+ machineDeploymentClass:
+ description: |-
+ machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in
+ .spec.workers.machineDeployments.
+ properties:
+ names:
+ description: names selects templates by class
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ machinePoolClass:
+ description: |-
+ machinePoolClass selects templates referenced in specific MachinePoolClasses in
+ .spec.workers.machinePools.
+ properties:
+ names:
+ description: names selects templates by class
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - apiVersion
+ - kind
+ - matchResources
+ type: object
+ required:
+ - jsonPatches
+ - selector
+ type: object
+ type: array
+ description:
+ description: description is a human-readable description of
+ this patch.
+ type: string
+ enabledIf:
+ description: |-
+ enabledIf is a Go template to be used to calculate if a patch should be enabled.
+ It can reference variables defined in .spec.variables and builtin variables.
+ The patch will be enabled if the template evaluates to `true`, otherwise it will
+ be disabled.
+ If EnabledIf is not set, the patch will be enabled per default.
+ type: string
+ external:
+ description: |-
+ external defines an external patch.
+ Note: Exactly one of Definitions or External must be set.
+ properties:
+ discoverVariablesExtension:
+ description: discoverVariablesExtension references an extension
+ which is called to discover variables.
+ type: string
+ generateExtension:
+ description: generateExtension references an extension which
+ is called to generate patches.
+ type: string
+ settings:
+ additionalProperties:
+ type: string
+ description: |-
+ settings defines key value pairs to be passed to the extensions.
+ Values defined here take precedence over the values defined in the
+ corresponding ExtensionConfig.
+ type: object
+ validateExtension:
+ description: validateExtension references an extension which
+ is called to validate the topology.
+ type: string
+ type: object
+ name:
+ description: name of the patch.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ variables:
+ description: |-
+ variables defines the variables which can be configured
+ in the Cluster topology and are then used in patches.
+ items:
+ description: |-
+ ClusterClassVariable defines a variable which can
+ be configured in the Cluster topology and used in patches.
+ properties:
+ metadata:
+ description: |-
+ metadata is the metadata of a variable.
+ It can be used to add additional data for higher level tools to
+ a ClusterClassVariable.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map that can be used to store and
+ retrieve arbitrary metadata.
+ They are not queryable.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) variables.
+ type: object
+ type: object
+ name:
+ description: name of the variable.
+ type: string
+ required:
+ description: |-
+ required specifies if the variable is required.
+ Note: this applies to the variable as a whole and thus the
+ top-level object defined in the schema. If nested fields are
+ required, this will be specified inside the schema.
+ type: boolean
+ schema:
+ description: schema defines the schema of the variable.
+ properties:
+ openAPIV3Schema:
+ description: |-
+ openAPIV3Schema defines the schema of a variable via OpenAPI v3
+ schema. The schema is a subset of the schema used in
+ Kubernetes CRDs.
+ properties:
+ additionalProperties:
+ description: |-
+ additionalProperties specifies the schema of values in a map (keys are always strings).
+ NOTE: Can only be set if type is object.
+ NOTE: AdditionalProperties is mutually exclusive with Properties.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ allOf:
+ description: |-
+ allOf specifies that the variable must validate against all of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ anyOf:
+ description: |-
+ anyOf specifies that the variable must validate against one or more of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ default:
+ description: |-
+ default is the default value of the variable.
+ NOTE: Can be set for all types.
+ x-kubernetes-preserve-unknown-fields: true
+ description:
+ description: description is a human-readable description
+ of this variable.
+ type: string
+ enum:
+ description: |-
+ enum is the list of valid values of the variable.
+ NOTE: Can be set for all types.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ example:
+ description: example is an example for this variable.
+ x-kubernetes-preserve-unknown-fields: true
+ exclusiveMaximum:
+ description: |-
+ exclusiveMaximum specifies if the Maximum is exclusive.
+ NOTE: Can only be set if type is integer or number.
+ type: boolean
+ exclusiveMinimum:
+ description: |-
+ exclusiveMinimum specifies if the Minimum is exclusive.
+ NOTE: Can only be set if type is integer or number.
+ type: boolean
+ format:
+ description: |-
+ format is an OpenAPI v3 format string. Unknown formats are ignored.
+ For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
+ https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
+ NOTE: Can only be set if type is string.
+ type: string
+ items:
+ description: |-
+ items specifies fields of an array.
+ NOTE: Can only be set if type is array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ maxItems:
+ description: |-
+ maxItems is the max length of an array variable.
+ NOTE: Can only be set if type is array.
+ format: int64
+ type: integer
+ maxLength:
+ description: |-
+ maxLength is the max length of a string variable.
+ NOTE: Can only be set if type is string.
+ format: int64
+ type: integer
+ maxProperties:
+ description: |-
+ maxProperties is the maximum amount of entries in a map or properties in an object.
+ NOTE: Can only be set if type is object.
+ format: int64
+ type: integer
+ maximum:
+ description: |-
+ maximum is the maximum of an integer or number variable.
+ If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
+ If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
+ NOTE: Can only be set if type is integer or number.
+ format: int64
+ type: integer
+ minItems:
+ description: |-
+ minItems is the min length of an array variable.
+ NOTE: Can only be set if type is array.
+ format: int64
+ type: integer
+ minLength:
+ description: |-
+ minLength is the min length of a string variable.
+ NOTE: Can only be set if type is string.
+ format: int64
+ type: integer
+ minProperties:
+ description: |-
+ minProperties is the minimum amount of entries in a map or properties in an object.
+ NOTE: Can only be set if type is object.
+ format: int64
+ type: integer
+ minimum:
+ description: |-
+ minimum is the minimum of an integer or number variable.
+ If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
+ If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
+ NOTE: Can only be set if type is integer or number.
+ format: int64
+ type: integer
+ not:
+ description: |-
+ not specifies that the variable must not validate against the subschema.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ oneOf:
+ description: |-
+ oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ pattern:
+ description: |-
+ pattern is the regex which a string variable must match.
+ NOTE: Can only be set if type is string.
+ type: string
+ properties:
+ description: |-
+ properties specifies fields of an object.
+ NOTE: Can only be set if type is object.
+ NOTE: Properties is mutually exclusive with AdditionalProperties.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ description: |-
+ required specifies which fields of an object are required.
+ NOTE: Can only be set if type is object.
+ items:
+ type: string
+ type: array
+ type:
+ description: |-
+ type is the type of the variable.
+ Valid values are: object, array, string, integer, number or boolean.
+ type: string
+ uniqueItems:
+ description: |-
+ uniqueItems specifies if items in an array must be unique.
+ NOTE: Can only be set if type is array.
+ type: boolean
+ x-kubernetes-int-or-string:
+ description: |-
+ x-kubernetes-int-or-string specifies that this value is
+ either an integer or a string. If this is true, an empty
+ type is allowed and type as child of anyOf is permitted
+ if following one of the following patterns:
+
+ 1) anyOf:
+ - type: integer
+ - type: string
+ 2) allOf:
+ - anyOf:
+ - type: integer
+ - type: string
+ - ... zero or more
+ type: boolean
+ x-kubernetes-preserve-unknown-fields:
+ description: |-
+ x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
+ which are not defined in the variable schema. This affects fields recursively,
+ except if nested properties or additionalProperties are specified in the schema.
+ type: boolean
+ x-kubernetes-validations:
+ description: x-kubernetes-validations describes a list
+ of validation rules written in the CEL expression
+ language.
+ items:
+ description: ValidationRule describes a validation
+ rule written in the CEL expression language.
+ properties:
+ fieldPath:
+ description: |-
+ fieldPath represents the field path returned when the validation fails.
+ It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
+ e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
+ If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
+ It does not support list numeric index.
+ It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
+ Numeric index of array is not supported.
+ For field name which contains special characters, use `['specialName']` to refer the field name.
+ e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
+ type: string
+ message:
+ description: |-
+ message represents the message displayed when validation fails. The message is required if the Rule contains
+ line breaks. The message must not contain line breaks.
+ If unset, the message is "failed rule: {Rule}".
+ e.g. "must be a URL with the host matching spec.host"
+ type: string
+ messageExpression:
+ description: |-
+ messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+ Since messageExpression is used as a failure message, it must evaluate to a string.
+ If both message and messageExpression are present on a rule, then messageExpression will be used if validation
+ fails. If messageExpression results in a runtime error, the validation failure message is produced
+ as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+ that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
+ messageExpression has access to all the same variables as the rule; the only difference is the return type.
+ Example:
+ "x must be less than max ("+string(self.max)+")"
+ type: string
+ reason:
+ default: FieldValueInvalid
+ description: |-
+ reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
+ The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
+ If not set, default to use "FieldValueInvalid".
+ All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
+ enum:
+ - FieldValueInvalid
+ - FieldValueForbidden
+ - FieldValueRequired
+ - FieldValueDuplicate
+ type: string
+ rule:
+ description: "rule represents the expression which
+ will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe
+ Rule is scoped to the location of the x-kubernetes-validations
+ extension in the schema.\nThe `self` variable
+ in the CEL expression is bound to the scoped
+ value.\nIf the Rule is scoped to an object with
+ properties, the accessible properties of the
+ object are field selectable\nvia `self.field`
+ and field presence can be checked via `has(self.field)`.\nIf
+ the Rule is scoped to an object with additionalProperties
+ (i.e. a map) the value of the map\nare accessible
+ via `self[mapKey]`, map containment can be checked
+ via `mapKey in self` and all entries of the
+ map\nare accessible via CEL macros and functions
+ such as `self.all(...)`.\nIf the Rule is scoped
+ to an array, the elements of the array are accessible
+ via `self[i]` and also by macros and\nfunctions.\nIf
+ the Rule is scoped to a scalar, `self` is bound
+ to the scalar value.\nExamples:\n- Rule scoped
+ to a map of objects: {\"rule\": \"self.components['Widget'].priority
+ < 10\"}\n- Rule scoped to a list of integers:
+ {\"rule\": \"self.values.all(value, value >=
+ 0 && value < 100)\"}\n- Rule scoped to a string
+ value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
+ data preserved in custom resources via x-kubernetes-preserve-unknown-fields
+ is not accessible in CEL\nexpressions. This
+ includes:\n- Unknown field values that are preserved
+ by object schemas with x-kubernetes-preserve-unknown-fields.\n-
+ Object properties where the property schema
+ is of an \"unknown type\". An \"unknown type\"
+ is recursively defined as:\n - A schema with
+ no type and x-kubernetes-preserve-unknown-fields
+ set to true\n - An array where the items schema
+ is of an \"unknown type\"\n - An object where
+ the additionalProperties schema is of an \"unknown
+ type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
+ are accessible.\nAccessible property names are
+ escaped according to the following rules when
+ accessed in the expression:\n- '__' escapes
+ to '__underscores__'\n- '.' escapes to '__dot__'\n-
+ '-' escapes to '__dash__'\n- '/' escapes to
+ '__slash__'\n- Property names that exactly match
+ a CEL RESERVED keyword escape to '__{keyword}__'.
+ The keywords are:\n\t \"true\", \"false\",
+ \"null\", \"in\", \"as\", \"break\", \"const\",
+ \"continue\", \"else\", \"for\", \"function\",
+ \"if\",\n\t \"import\", \"let\", \"loop\",
+ \"package\", \"namespace\", \"return\".\nExamples:\n
+ \ - Rule accessing a property named \"namespace\":
+ {\"rule\": \"self.__namespace__ > 0\"}\n -
+ Rule accessing a property named \"x-prop\":
+ {\"rule\": \"self.x__dash__prop > 0\"}\n -
+ Rule accessing a property named \"redact__d\":
+ {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf
+ `rule` makes use of the `oldSelf` variable it
+ is implicitly a\n`transition rule`.\n\nBy default,
+ the `oldSelf` variable is the same type as `self`.\n\nTransition
+ rules by default are applied only on UPDATE
+ requests and are\nskipped if an old value could
+ not be found."
+ type: string
+ required:
+ - rule
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - rule
+ x-kubernetes-list-type: map
+ x-metadata:
+ description: |-
+ x-metadata is the metadata of a variable or a nested field within a variable.
+ It can be used to add additional data for higher level tools.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map that can be used to store and
+ retrieve arbitrary metadata.
+ They are not queryable.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) variables.
+ type: object
+ type: object
+ type: object
+ required:
+ - openAPIV3Schema
+ type: object
+ required:
+ - name
+ - required
+ - schema
+ type: object
+ type: array
+ workers:
+ description: |-
+ workers describes the worker nodes for the cluster.
+ It is a collection of node types which can be used to create
+ the worker nodes of the cluster.
+ properties:
+ machineDeployments:
+ description: |-
+ machineDeployments is a list of machine deployment classes that can be used to create
+ a set of worker nodes.
+ items:
+ description: |-
+ MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster
+ provisioned using the `ClusterClass`.
+ properties:
+ class:
+ description: |-
+ class denotes a type of worker node present in the cluster,
+ this name MUST be unique within a ClusterClass and can be referenced
+ in the Cluster to create a managed MachineDeployment.
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machines will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ type: string
+ machineHealthCheck:
+ description: machineHealthCheck defines a MachineHealthCheck
+ for this MachineDeploymentClass.
+ properties:
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
+ to consider a Machine unhealthy if a corresponding Node isn't associated
+ through a `Spec.ProviderID` field.
+
+ The duration set in this field is compared to the greatest of:
+ - Cluster's infrastructure ready condition timestamp (if and when available)
+ - Control Plane's initialized condition timestamp (if and when available)
+ - Machine's infrastructure ready condition timestamp (if and when available)
+ - Machine's metadata creation timestamp
+
+ Defaults to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ format: int32
+ type: integer
+ namingStrategy:
+ description: namingStrategy allows changing the naming pattern
+ used when creating the MachineDeployment.
+ properties:
+ template:
+ description: |-
+ template defines the template to use for generating the name of the MachineDeployment object.
+ If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`.
+ If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
+ get concatenated with a random suffix of length 5.
+ The templating mechanism provides the following arguments:
+ * `.cluster.name`: The name of the cluster object.
+ * `.random`: A random alphanumeric string, without vowels, of length 5.
+ * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name).
+ type: string
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ type: string
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machines with
+ new ones.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass.
+ properties:
+ remediation:
+ description: |-
+ remediation controls the strategy of remediating unhealthy machines
+ and how remediating operations should occur during the lifecycle of the dependant MachineSets.
+ properties:
+ maxInFlight:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxInFlight determines how many in flight remediations should happen at the same time.
+
+ Remediation only happens on the MachineSet with the most current revision, while
+ older MachineSets (usually present during rollout operations) aren't allowed to remediate.
+
+ Note: In general (independent of remediations), unhealthy machines are always
+ prioritized during scale down operations over healthy ones.
+
+ MaxInFlight can be set to a fixed number or a percentage.
+ Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
+ the desired replicas.
+
+ If not set, remediation is limited to all machines (bounded by replicas)
+ under the active MachineSet's management.
+ x-kubernetes-int-or-string: true
+ type: object
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
+ Valid values are "Random, "Newest", "Oldest"
+ When no value is supplied, the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment. Allowed values are RollingUpdate and OnDelete.
+ The default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: |-
+ template is a local struct containing a collection of templates for creation of
+ MachineDeployment objects representing a set of worker nodes.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap contains the bootstrap template reference to be used
+ for the creation of worker Machines.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: |-
+ infrastructure contains the infrastructure template reference to be used
+ for the creation of worker Machines.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
+ At runtime this metadata is merged with the corresponding metadata from the topology.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ required:
+ - bootstrap
+ - infrastructure
+ type: object
+ required:
+ - class
+ - template
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - class
+ x-kubernetes-list-type: map
+ machinePools:
+ description: |-
+ machinePools is a list of machine pool classes that can be used to create
+ a set of worker nodes.
+ items:
+ description: |-
+ MachinePoolClass serves as a template to define a pool of worker nodes of the cluster
+ provisioned using `ClusterClass`.
+ properties:
+ class:
+ description: |-
+ class denotes a type of machine pool present in the cluster,
+ this name MUST be unique within a ClusterClass and can be referenced
+ in the Cluster to create a managed MachinePool.
+ type: string
+ failureDomains:
+ description: |-
+ failureDomains is the list of failure domains the MachinePool should be attached to.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine pool should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
+ format: int32
+ type: integer
+ namingStrategy:
+ description: namingStrategy allows changing the naming pattern
+ used when creating the MachinePool.
+ properties:
+ template:
+ description: |-
+ template defines the template to use for generating the name of the MachinePool object.
+ If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`.
+ If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will
+ get concatenated with a random suffix of length 5.
+ The templating mechanism provides the following arguments:
+ * `.cluster.name`: The name of the cluster object.
+ * `.random`: A random alphanumeric string, without vowels, of length 5.
+ * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name).
+ type: string
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass.
+ type: string
+ template:
+ description: |-
+ template is a local struct containing a collection of templates for creation of
+ MachinePools objects representing a pool of worker nodes.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap contains the bootstrap template reference to be used
+ for the creation of the Machines in the MachinePool.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: |-
+ infrastructure contains the infrastructure template reference to be used
+ for the creation of the MachinePool.
+ properties:
+ ref:
+ description: |-
+ ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the MachinePool.
+ At runtime this metadata is merged with the corresponding metadata from the topology.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ required:
+ - bootstrap
+ - infrastructure
+ type: object
+ required:
+ - class
+ - template
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - class
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ status:
+ description: ClusterClassStatus defines the observed state of the ClusterClass.
+ properties:
+ conditions:
+ description: conditions defines current observed state of the ClusterClass.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in ClusterClass's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a ClusterClass's current state.
+ Known condition types are VariablesReady, RefVersionsUpToDate, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ variables:
+ description: variables is a list of ClusterClassStatusVariable that
+ are defined for the ClusterClass.
+ items:
+ description: ClusterClassStatusVariable defines a variable which
+ appears in the status of a ClusterClass.
+ properties:
+ definitions:
+ description: definitions is a list of definitions for a variable.
+ items:
+ description: ClusterClassStatusVariableDefinition defines
+ a variable which appears in the status of a ClusterClass.
+ properties:
+ from:
+ description: |-
+ from specifies the origin of the variable definition.
+ This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass
+ for variables discovered from a DiscoverVariables runtime extensions.
+ type: string
+ metadata:
+ description: |-
+ metadata is the metadata of a variable.
+ It can be used to add additional data for higher level tools to
+ a ClusterClassVariable.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map that can be used to store and
+ retrieve arbitrary metadata.
+ They are not queryable.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) variables.
+ type: object
+ type: object
+ required:
+ description: |-
+ required specifies if the variable is required.
+ Note: this applies to the variable as a whole and thus the
+ top-level object defined in the schema. If nested fields are
+ required, this will be specified inside the schema.
+ type: boolean
+ schema:
+ description: schema defines the schema of the variable.
+ properties:
+ openAPIV3Schema:
+ description: |-
+ openAPIV3Schema defines the schema of a variable via OpenAPI v3
+ schema. The schema is a subset of the schema used in
+ Kubernetes CRDs.
+ properties:
+ additionalProperties:
+ description: |-
+ additionalProperties specifies the schema of values in a map (keys are always strings).
+ NOTE: Can only be set if type is object.
+ NOTE: AdditionalProperties is mutually exclusive with Properties.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ allOf:
+ description: |-
+ allOf specifies that the variable must validate against all of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ anyOf:
+ description: |-
+ anyOf specifies that the variable must validate against one or more of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ default:
+ description: |-
+ default is the default value of the variable.
+ NOTE: Can be set for all types.
+ x-kubernetes-preserve-unknown-fields: true
+ description:
+ description: description is a human-readable description
+ of this variable.
+ type: string
+ enum:
+ description: |-
+ enum is the list of valid values of the variable.
+ NOTE: Can be set for all types.
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ example:
+ description: example is an example for this variable.
+ x-kubernetes-preserve-unknown-fields: true
+ exclusiveMaximum:
+ description: |-
+ exclusiveMaximum specifies if the Maximum is exclusive.
+ NOTE: Can only be set if type is integer or number.
+ type: boolean
+ exclusiveMinimum:
+ description: |-
+ exclusiveMinimum specifies if the Minimum is exclusive.
+ NOTE: Can only be set if type is integer or number.
+ type: boolean
+ format:
+ description: |-
+ format is an OpenAPI v3 format string. Unknown formats are ignored.
+ For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using)
+ https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
+ NOTE: Can only be set if type is string.
+ type: string
+ items:
+ description: |-
+ items specifies fields of an array.
+ NOTE: Can only be set if type is array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ maxItems:
+ description: |-
+ maxItems is the max length of an array variable.
+ NOTE: Can only be set if type is array.
+ format: int64
+ type: integer
+ maxLength:
+ description: |-
+ maxLength is the max length of a string variable.
+ NOTE: Can only be set if type is string.
+ format: int64
+ type: integer
+ maxProperties:
+ description: |-
+ maxProperties is the maximum amount of entries in a map or properties in an object.
+ NOTE: Can only be set if type is object.
+ format: int64
+ type: integer
+ maximum:
+ description: |-
+ maximum is the maximum of an integer or number variable.
+ If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum.
+ If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum.
+ NOTE: Can only be set if type is integer or number.
+ format: int64
+ type: integer
+ minItems:
+ description: |-
+ minItems is the min length of an array variable.
+ NOTE: Can only be set if type is array.
+ format: int64
+ type: integer
+ minLength:
+ description: |-
+ minLength is the min length of a string variable.
+ NOTE: Can only be set if type is string.
+ format: int64
+ type: integer
+ minProperties:
+ description: |-
+ minProperties is the minimum amount of entries in a map or properties in an object.
+ NOTE: Can only be set if type is object.
+ format: int64
+ type: integer
+ minimum:
+ description: |-
+ minimum is the minimum of an integer or number variable.
+ If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum.
+ If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum.
+ NOTE: Can only be set if type is integer or number.
+ format: int64
+ type: integer
+ not:
+ description: |-
+ not specifies that the variable must not validate against the subschema.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ oneOf:
+ description: |-
+ oneOf specifies that the variable must validate against exactly one of the subschemas in the array.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ pattern:
+ description: |-
+ pattern is the regex which a string variable must match.
+ NOTE: Can only be set if type is string.
+ type: string
+ properties:
+ description: |-
+ properties specifies fields of an object.
+ NOTE: Can only be set if type is object.
+ NOTE: Properties is mutually exclusive with AdditionalProperties.
+ NOTE: This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ description: |-
+ required specifies which fields of an object are required.
+ NOTE: Can only be set if type is object.
+ items:
+ type: string
+ type: array
+ type:
+ description: |-
+ type is the type of the variable.
+ Valid values are: object, array, string, integer, number or boolean.
+ type: string
+ uniqueItems:
+ description: |-
+ uniqueItems specifies if items in an array must be unique.
+ NOTE: Can only be set if type is array.
+ type: boolean
+ x-kubernetes-int-or-string:
+ description: |-
+ x-kubernetes-int-or-string specifies that this value is
+ either an integer or a string. If this is true, an empty
+ type is allowed and type as child of anyOf is permitted
+ if following one of the following patterns:
+
+ 1) anyOf:
+ - type: integer
+ - type: string
+ 2) allOf:
+ - anyOf:
+ - type: integer
+ - type: string
+ - ... zero or more
+ type: boolean
+ x-kubernetes-preserve-unknown-fields:
+ description: |-
+ x-kubernetes-preserve-unknown-fields allows setting fields in a variable object
+ which are not defined in the variable schema. This affects fields recursively,
+ except if nested properties or additionalProperties are specified in the schema.
+ type: boolean
+ x-kubernetes-validations:
+ description: x-kubernetes-validations describes
+ a list of validation rules written in the CEL
+ expression language.
+ items:
+ description: ValidationRule describes a validation
+ rule written in the CEL expression language.
+ properties:
+ fieldPath:
+ description: |-
+ fieldPath represents the field path returned when the validation fails.
+ It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field.
+ e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo`
+ If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList`
+ It does not support list numeric index.
+ It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info.
+ Numeric index of array is not supported.
+ For field name which contains special characters, use `['specialName']` to refer the field name.
+ e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']`
+ type: string
+ message:
+ description: |-
+ message represents the message displayed when validation fails. The message is required if the Rule contains
+ line breaks. The message must not contain line breaks.
+ If unset, the message is "failed rule: {Rule}".
+ e.g. "must be a URL with the host matching spec.host"
+ type: string
+ messageExpression:
+ description: |-
+ messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+ Since messageExpression is used as a failure message, it must evaluate to a string.
+ If both message and messageExpression are present on a rule, then messageExpression will be used if validation
+ fails. If messageExpression results in a runtime error, the validation failure message is produced
+ as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+ that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset.
+ messageExpression has access to all the same variables as the rule; the only difference is the return type.
+ Example:
+ "x must be less than max ("+string(self.max)+")"
+ type: string
+ reason:
+ default: FieldValueInvalid
+ description: |-
+ reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule.
+ The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate".
+ If not set, default to use "FieldValueInvalid".
+ All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid.
+ enum:
+ - FieldValueInvalid
+ - FieldValueForbidden
+ - FieldValueRequired
+ - FieldValueDuplicate
+ type: string
+ rule:
+ description: "rule represents the expression
+ which will be evaluated by CEL.\nref:
+ https://github.com/google/cel-spec\nThe
+ Rule is scoped to the location of the
+ x-kubernetes-validations extension in
+ the schema.\nThe `self` variable in the
+ CEL expression is bound to the scoped
+ value.\nIf the Rule is scoped to an object
+ with properties, the accessible properties
+ of the object are field selectable\nvia
+ `self.field` and field presence can be
+ checked via `has(self.field)`.\nIf the
+ Rule is scoped to an object with additionalProperties
+ (i.e. a map) the value of the map\nare
+ accessible via `self[mapKey]`, map containment
+ can be checked via `mapKey in self` and
+ all entries of the map\nare accessible
+ via CEL macros and functions such as `self.all(...)`.\nIf
+ the Rule is scoped to an array, the elements
+ of the array are accessible via `self[i]`
+ and also by macros and\nfunctions.\nIf
+ the Rule is scoped to a scalar, `self`
+ is bound to the scalar value.\nExamples:\n-
+ Rule scoped to a map of objects: {\"rule\":
+ \"self.components['Widget'].priority <
+ 10\"}\n- Rule scoped to a list of integers:
+ {\"rule\": \"self.values.all(value, value
+ >= 0 && value < 100)\"}\n- Rule scoped
+ to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown
+ data preserved in custom resources via
+ x-kubernetes-preserve-unknown-fields is
+ not accessible in CEL\nexpressions. This
+ includes:\n- Unknown field values that
+ are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n-
+ Object properties where the property schema
+ is of an \"unknown type\". An \"unknown
+ type\" is recursively defined as:\n -
+ A schema with no type and x-kubernetes-preserve-unknown-fields
+ set to true\n - An array where the items
+ schema is of an \"unknown type\"\n -
+ An object where the additionalProperties
+ schema is of an \"unknown type\"\n\nOnly
+ property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*`
+ are accessible.\nAccessible property names
+ are escaped according to the following
+ rules when accessed in the expression:\n-
+ '__' escapes to '__underscores__'\n- '.'
+ escapes to '__dot__'\n- '-' escapes to
+ '__dash__'\n- '/' escapes to '__slash__'\n-
+ Property names that exactly match a CEL
+ RESERVED keyword escape to '__{keyword}__'.
+ The keywords are:\n\t \"true\", \"false\",
+ \"null\", \"in\", \"as\", \"break\", \"const\",
+ \"continue\", \"else\", \"for\", \"function\",
+ \"if\",\n\t \"import\", \"let\", \"loop\",
+ \"package\", \"namespace\", \"return\".\nExamples:\n
+ \ - Rule accessing a property named \"namespace\":
+ {\"rule\": \"self.__namespace__ > 0\"}\n
+ \ - Rule accessing a property named \"x-prop\":
+ {\"rule\": \"self.x__dash__prop > 0\"}\n
+ \ - Rule accessing a property named \"redact__d\":
+ {\"rule\": \"self.redact__underscores__d
+ > 0\"}\n\nIf `rule` makes use of the `oldSelf`
+ variable it is implicitly a\n`transition
+ rule`.\n\nBy default, the `oldSelf` variable
+ is the same type as `self`.\n\nTransition
+ rules by default are applied only on UPDATE
+ requests and are\nskipped if an old value
+ could not be found."
+ type: string
+ required:
+ - rule
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - rule
+ x-kubernetes-list-type: map
+ x-metadata:
+ description: |-
+ x-metadata is the metadata of a variable or a nested field within a variable.
+ It can be used to add additional data for higher level tools.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map that can be used to store and
+ retrieve arbitrary metadata.
+ They are not queryable.
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) variables.
+ type: object
+ type: object
+ type: object
+ required:
+ - openAPIV3Schema
+ type: object
+ required:
+ - from
+ - required
+ - schema
+ type: object
+ type: array
+ definitionsConflict:
+ description: definitionsConflict specifies whether or not there
+ are conflicting definitions for a single variable name.
+ type: boolean
+ name:
+ description: name is the name of the variable.
+ type: string
+ required:
+ - definitions
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterresourcesetbindings.addons.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: addons.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterResourceSetBinding
+ listKind: ClusterResourceSetBindingList
+ plural: clusterresourcesetbindings
+ singular: clusterresourcesetbinding
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: clusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: |-
+ hash is the hash of a resource's data. This can be used to decide if a resource is changed.
+ For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: lastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSetBinding
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: clusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: |-
+ hash is the hash of a resource's data. This can be used to decide if a resource is changed.
+ For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: lastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSetBinding
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+ with the cluster it belongs to.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: clusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: |-
+ hash is the hash of a resource's data. This can be used to decide if a resource is changed.
+ For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: lastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ clusterName:
+ description: |-
+ clusterName is the name of the Cluster this binding applies to.
+ Note: this field mandatory in v1beta2.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterresourcesets.addons.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: addons.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterResourceSet
+ listKind: ClusterResourceSetList
+ plural: clusterresourcesets
+ singular: clusterresourceset
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClusterResourceSet is the Schema for the clusterresourcesets API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: |-
+ Label selector for Clusters. The Clusters that are
+ selected by this will be the ones affected by this ClusterResourceSet.
+ It must match the Cluster labels. This field is immutable.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ ClusterResourceSet is the Schema for the clusterresourcesets API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: |-
+ Label selector for Clusters. The Clusters that are
+ selected by this will be the ones affected by this ClusterResourceSet.
+ It must match the Cluster labels. This field is immutable.
+ Label selector cannot be empty.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSet is the Schema for the clusterresourcesets
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: |-
+ Label selector for Clusters. The Clusters that are
+ selected by this will be the ones affected by this ClusterResourceSet.
+ It must match the Cluster labels. This field is immutable.
+ Label selector cannot be empty.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ - Reconcile
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in ClusterResourceSet's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a ClusterResourceSet's current state.
+ Known condition types are ResourceSetApplied, Deleting.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusters.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Cluster
+ listKind: ClusterList
+ plural: clusters
+ shortNames:
+ - cl
+ singular: cluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: Cluster is the Schema for the clusters API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: |-
+ apiServerPort specifies the port the API Server should bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: controlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: |-
+ controlPlaneRef is an optional reference to a provider-specific resource that holds
+ the details for provisioning the Control Plane for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a reference to a provider-specific resource that holds the details
+ for provisioning infrastructure for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneInitialized:
+ description: controlPlaneInitialized defines if the control plane
+ has been initialized.
+ type: boolean
+ controlPlaneReady:
+ description: controlPlaneReady defines if the control plane is ready.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: |-
+ FailureDomainSpec is the Schema for Cluster API failure domains.
+ It allows controllers to understand how many failure domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: controlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: failureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a fatal problem reconciling the
+ state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a fatal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Cluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Cluster is the Schema for the clusters API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: |-
+ apiServerPort specifies the port the API Server should bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: controlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: |-
+ controlPlaneRef is an optional reference to a provider-specific resource that holds
+ the details for provisioning the Control Plane for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a reference to a provider-specific resource that holds the details
+ for provisioning infrastructure for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ topology:
+ description: |-
+ This encapsulates the topology for the cluster.
+ NOTE: It is required to enable the ClusterTopology
+ feature gate flag to activate managed topologies support;
+ this feature is highly experimental, and parts of it might still be not implemented.
+ properties:
+ class:
+ description: The name of the ClusterClass object to create the
+ topology.
+ type: string
+ controlPlane:
+ description: controlPlane describes the cluster control plane.
+ properties:
+ metadata:
+ description: |-
+ metadata is the metadata applied to the machines of the ControlPlane.
+ At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
+
+ This field is supported if and only if the control plane provider template
+ referenced in the ClusterClass is Machine based.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ replicas:
+ description: |-
+ replicas is the number of control plane nodes.
+ If the value is nil, the ControlPlane object is created without the number of Replicas
+ and it's assumed that the control plane controller does not implement support for this field.
+ When specified against a control plane provider that lacks support for this field, this value will be ignored.
+ format: int32
+ type: integer
+ type: object
+ rolloutAfter:
+ description: |-
+ rolloutAfter performs a rollout of the entire cluster one component at a time,
+ control plane first and then machine deployments.
+ format: date-time
+ type: string
+ version:
+ description: The Kubernetes version of the cluster.
+ type: string
+ workers:
+ description: |-
+ workers encapsulates the different constructs that form the worker nodes
+ for the cluster.
+ properties:
+ machineDeployments:
+ description: machineDeployments is a list of machine deployments
+ in the cluster.
+ items:
+ description: |-
+ MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
+ This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
+ properties:
+ class:
+ description: |-
+ class is the name of the MachineDeploymentClass used to create the set of worker nodes.
+ This should match one of the deployment classes defined in the ClusterClass object
+ mentioned in the `Cluster.Spec.Class` field.
+ type: string
+ metadata:
+ description: |-
+ metadata is the metadata applied to the machines of the MachineDeployment.
+ At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ name:
+ description: |-
+ name is the unique identifier for this MachineDeploymentTopology.
+ The value is used with other unique identifiers to create a MachineDeployment's Name
+ (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
+ the values are hashed together.
+ type: string
+ replicas:
+ description: |-
+ replicas is the number of worker nodes belonging to this set.
+ If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero)
+ and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
+ of this value.
+ format: int32
+ type: integer
+ required:
+ - class
+ - name
+ type: object
+ type: array
+ type: object
+ required:
+ - class
+ - version
+ type: object
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneReady:
+ description: controlPlaneReady defines if the control plane is ready.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: |-
+ FailureDomainSpec is the Schema for Cluster API failure domains.
+ It allows controllers to understand how many failure domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: controlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: failureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a fatal problem reconciling the
+ state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a fatal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: ClusterClass of this Cluster, empty if the Cluster is not using
+ a ClusterClass
+ jsonPath: .spec.topology.class
+ name: ClusterClass
+ type: string
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of Cluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this Cluster
+ jsonPath: .spec.topology.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Cluster is the Schema for the clusters API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ availabilityGates:
+ description: |-
+ availabilityGates specifies additional conditions to include when evaluating Cluster Available condition.
+
+ NOTE: this field is considered only for computing v1beta2 conditions.
+ items:
+ description: ClusterAvailabilityGate contains the type of a Cluster
+ condition to be used as availability gate.
+ properties:
+ conditionType:
+ description: |-
+ conditionType refers to a positive polarity condition (status true means good) with matching type in the Cluster's condition list.
+ If the conditions doesn't exist, it will be treated as unknown.
+ Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates.
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - conditionType
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - conditionType
+ x-kubernetes-list-type: map
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: |-
+ apiServerPort specifies the port the API Server should bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: controlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: |-
+ controlPlaneRef is an optional reference to a provider-specific resource that holds
+ the details for provisioning the Control Plane for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a reference to a provider-specific resource that holds the details
+ for provisioning infrastructure for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ topology:
+ description: |-
+ This encapsulates the topology for the cluster.
+ NOTE: It is required to enable the ClusterTopology
+ feature gate flag to activate managed topologies support;
+ this feature is highly experimental, and parts of it might still be not implemented.
+ properties:
+ class:
+ description: The name of the ClusterClass object to create the
+ topology.
+ type: string
+ classNamespace:
+ description: |-
+ classNamespace is the namespace of the ClusterClass object to create the topology.
+ If the namespace is empty or not set, it is defaulted to the namespace of the cluster object.
+ Value must follow the DNS1123Subdomain syntax.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ controlPlane:
+ description: controlPlane describes the cluster control plane.
+ properties:
+ machineHealthCheck:
+ description: |-
+ machineHealthCheck allows to enable, disable and override
+ the MachineHealthCheck configuration in the ClusterClass for this control plane.
+ properties:
+ enable:
+ description: |-
+ enable controls if a MachineHealthCheck should be created for the target machines.
+
+ If false: No MachineHealthCheck will be created.
+
+ If not set(default): A MachineHealthCheck will be created if it is defined here or
+ in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
+
+ If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
+ block if `enable` is true and no MachineHealthCheck definition is available.
+ type: boolean
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
+ to consider a Machine unhealthy if a corresponding Node isn't associated
+ through a `Spec.ProviderID` field.
+
+ The duration set in this field is compared to the greatest of:
+ - Cluster's infrastructure ready condition timestamp (if and when available)
+ - Control Plane's initialized condition timestamp (if and when available)
+ - Machine's infrastructure ready condition timestamp (if and when available)
+ - Machine's metadata creation timestamp
+
+ Defaults to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane
+ if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it
+ is applied only to the ControlPlane.
+ At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ replicas:
+ description: |-
+ replicas is the number of control plane nodes.
+ If the value is nil, the ControlPlane object is created without the number of Replicas
+ and it's assumed that the control plane controller does not implement support for this field.
+ When specified against a control plane provider that lacks support for this field, this value will be ignored.
+ format: int32
+ type: integer
+ variables:
+ description: variables can be used to customize the ControlPlane
+ through patches.
+ properties:
+ overrides:
+ description: overrides can be used to override Cluster
+ level variables.
+ items:
+ description: |-
+ ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
+ Variable definition in the ClusterClass `status` variables.
+ properties:
+ definitionFrom:
+ description: |-
+ definitionFrom specifies where the definition of this Variable is from.
+
+ Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
+ type: string
+ name:
+ description: name of the variable.
+ type: string
+ value:
+ description: |-
+ value of the variable.
+ Note: the value will be validated against the schema of the corresponding ClusterClassVariable
+ from the ClusterClass.
+ Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
+ hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
+ i.e. it is not possible to have no type field.
+ Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ rolloutAfter:
+ description: |-
+ rolloutAfter performs a rollout of the entire cluster one component at a time,
+ control plane first and then machine deployments.
+
+ Deprecated: This field has no function and is going to be removed in the next apiVersion.
+ format: date-time
+ type: string
+ variables:
+ description: |-
+ variables can be used to customize the Cluster through
+ patches. They must comply to the corresponding
+ VariableClasses defined in the ClusterClass.
+ items:
+ description: |-
+ ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
+ Variable definition in the ClusterClass `status` variables.
+ properties:
+ definitionFrom:
+ description: |-
+ definitionFrom specifies where the definition of this Variable is from.
+
+ Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
+ type: string
+ name:
+ description: name of the variable.
+ type: string
+ value:
+ description: |-
+ value of the variable.
+ Note: the value will be validated against the schema of the corresponding ClusterClassVariable
+ from the ClusterClass.
+ Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
+ hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
+ i.e. it is not possible to have no type field.
+ Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ version:
+ description: The Kubernetes version of the cluster.
+ type: string
+ workers:
+ description: |-
+ workers encapsulates the different constructs that form the worker nodes
+ for the cluster.
+ properties:
+ machineDeployments:
+ description: machineDeployments is a list of machine deployments
+ in the cluster.
+ items:
+ description: |-
+ MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology.
+ This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller.
+ properties:
+ class:
+ description: |-
+ class is the name of the MachineDeploymentClass used to create the set of worker nodes.
+ This should match one of the deployment classes defined in the ClusterClass object
+ mentioned in the `Cluster.Spec.Class` field.
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machines will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ machineHealthCheck:
+ description: |-
+ machineHealthCheck allows to enable, disable and override
+ the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment.
+ properties:
+ enable:
+ description: |-
+ enable controls if a MachineHealthCheck should be created for the target machines.
+
+ If false: No MachineHealthCheck will be created.
+
+ If not set(default): A MachineHealthCheck will be created if it is defined here or
+ in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created.
+
+ If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will
+ block if `enable` is true and no MachineHealthCheck definition is available.
+ type: boolean
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
+ to consider a Machine unhealthy if a corresponding Node isn't associated
+ through a `Spec.ProviderID` field.
+
+ The duration set in this field is compared to the greatest of:
+ - Cluster's infrastructure ready condition timestamp (if and when available)
+ - Control Plane's initialized condition timestamp (if and when available)
+ - Machine's infrastructure ready condition timestamp (if and when available)
+ - Machine's metadata creation timestamp
+
+ Defaults to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ metadata:
+ description: |-
+ metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment.
+ At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ name:
+ description: |-
+ name is the unique identifier for this MachineDeploymentTopology.
+ The value is used with other unique identifiers to create a MachineDeployment's Name
+ (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
+ the values are hashed together.
+ type: string
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ replicas:
+ description: |-
+ replicas is the number of worker nodes belonging to this set.
+ If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1)
+ and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
+ of this value.
+ format: int32
+ type: integer
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machines with
+ new ones.
+ properties:
+ remediation:
+ description: |-
+ remediation controls the strategy of remediating unhealthy machines
+ and how remediating operations should occur during the lifecycle of the dependant MachineSets.
+ properties:
+ maxInFlight:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxInFlight determines how many in flight remediations should happen at the same time.
+
+ Remediation only happens on the MachineSet with the most current revision, while
+ older MachineSets (usually present during rollout operations) aren't allowed to remediate.
+
+ Note: In general (independent of remediations), unhealthy machines are always
+ prioritized during scale down operations over healthy ones.
+
+ MaxInFlight can be set to a fixed number or a percentage.
+ Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
+ the desired replicas.
+
+ If not set, remediation is limited to all machines (bounded by replicas)
+ under the active MachineSet's management.
+ x-kubernetes-int-or-string: true
+ type: object
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
+ Valid values are "Random, "Newest", "Oldest"
+ When no value is supplied, the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment. Allowed values are RollingUpdate and OnDelete.
+ The default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ variables:
+ description: variables can be used to customize the
+ MachineDeployment through patches.
+ properties:
+ overrides:
+ description: overrides can be used to override Cluster
+ level variables.
+ items:
+ description: |-
+ ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
+ Variable definition in the ClusterClass `status` variables.
+ properties:
+ definitionFrom:
+ description: |-
+ definitionFrom specifies where the definition of this Variable is from.
+
+ Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
+ type: string
+ name:
+ description: name of the variable.
+ type: string
+ value:
+ description: |-
+ value of the variable.
+ Note: the value will be validated against the schema of the corresponding ClusterClassVariable
+ from the ClusterClass.
+ Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
+ hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
+ i.e. it is not possible to have no type field.
+ Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - class
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ machinePools:
+ description: machinePools is a list of machine pools in the
+ cluster.
+ items:
+ description: |-
+ MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology.
+ This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller.
+ properties:
+ class:
+ description: |-
+ class is the name of the MachinePoolClass used to create the pool of worker nodes.
+ This should match one of the deployment classes defined in the ClusterClass object
+ mentioned in the `Cluster.Spec.Class` field.
+ type: string
+ failureDomains:
+ description: |-
+ failureDomains is the list of failure domains the machine pool will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ items:
+ type: string
+ type: array
+ metadata:
+ description: |-
+ metadata is the metadata applied to the MachinePool.
+ At runtime this metadata is merged with the corresponding metadata from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine pool should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ name:
+ description: |-
+ name is the unique identifier for this MachinePoolTopology.
+ The value is used with other unique identifiers to create a MachinePool's Name
+ (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length,
+ the values are hashed together.
+ type: string
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool
+ hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ replicas:
+ description: |-
+ replicas is the number of nodes belonging to this pool.
+ If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1)
+ and it's assumed that an external entity (like cluster autoscaler) is responsible for the management
+ of this value.
+ format: int32
+ type: integer
+ variables:
+ description: variables can be used to customize the
+ MachinePool through patches.
+ properties:
+ overrides:
+ description: overrides can be used to override Cluster
+ level variables.
+ items:
+ description: |-
+ ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a
+ Variable definition in the ClusterClass `status` variables.
+ properties:
+ definitionFrom:
+ description: |-
+ definitionFrom specifies where the definition of this Variable is from.
+
+ Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion.
+ type: string
+ name:
+ description: name of the variable.
+ type: string
+ value:
+ description: |-
+ value of the variable.
+ Note: the value will be validated against the schema of the corresponding ClusterClassVariable
+ from the ClusterClass.
+ Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a
+ hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools,
+ i.e. it is not possible to have no type field.
+ Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - class
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - class
+ - version
+ type: object
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneReady:
+ description: |-
+ controlPlaneReady denotes if the control plane became ready during initial provisioning
+ to receive requests.
+ NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
+ The value of this field is never updated after provisioning is completed. Please use conditions
+ to check the operational state of the control plane.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: |-
+ FailureDomainSpec is the Schema for Cluster API failure domains.
+ It allows controllers to understand how many failure domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: controlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: failureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a fatal problem reconciling the
+ state, and will be set to a descriptive error message.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a fatal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in Cluster's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a Cluster's current state.
+ Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady
+ MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
+ Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controlPlane:
+ description: controlPlane groups all the observations about Cluster's
+ ControlPlane current state.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the total number of available
+ control plane machines in this cluster. A machine is considered
+ available when Machine's Available condition is true.
+ format: int32
+ type: integer
+ desiredReplicas:
+ description: desiredReplicas is the total number of desired
+ control plane machines in this cluster.
+ format: int32
+ type: integer
+ readyReplicas:
+ description: readyReplicas is the total number of ready control
+ plane machines in this cluster. A machine is considered
+ ready when Machine's Ready condition is true.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ replicas is the total number of control plane machines in this cluster.
+ NOTE: replicas also includes machines still being provisioned or being deleted.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date
+ control plane machines in this cluster. A machine is considered
+ up-to-date when Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ workers:
+ description: workers groups all the observations about Cluster's
+ Workers current state.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the total number of available
+ worker machines in this cluster. A machine is considered
+ available when Machine's Available condition is true.
+ format: int32
+ type: integer
+ desiredReplicas:
+ description: desiredReplicas is the total number of desired
+ worker machines in this cluster.
+ format: int32
+ type: integer
+ readyReplicas:
+ description: readyReplicas is the total number of ready worker
+ machines in this cluster. A machine is considered ready
+ when Machine's Ready condition is true.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ replicas is the total number of worker machines in this cluster.
+ NOTE: replicas also includes machines still being provisioned or being deleted.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date
+ worker machines in this cluster. A machine is considered
+ up-to-date when Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: extensionconfigs.runtime.cluster.x-k8s.io
+spec:
+ group: runtime.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ExtensionConfig
+ listKind: ExtensionConfigList
+ plural: extensionconfigs
+ shortNames:
+ - ext
+ singular: extensionconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ExtensionConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ExtensionConfig is the Schema for the ExtensionConfig API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ExtensionConfigSpec is the desired state of the ExtensionConfig
+ properties:
+ clientConfig:
+ description: clientConfig defines how to communicate with the Extension
+ server.
+ properties:
+ caBundle:
+ description: caBundle is a PEM encoded CA bundle which will be
+ used to validate the Extension server's server certificate.
+ format: byte
+ type: string
+ service:
+ description: |-
+ service is a reference to the Kubernetes service for the Extension server.
+ Note: Exactly one of `url` or `service` must be specified.
+
+ If the Extension server is running within a cluster, then you should use `service`.
+ properties:
+ name:
+ description: name is the name of the service.
+ type: string
+ namespace:
+ description: namespace is the namespace of the service.
+ type: string
+ path:
+ description: |-
+ path is an optional URL path and if present may be any string permissible in
+ a URL. If a path is set it will be used as prefix to the hook-specific path.
+ type: string
+ port:
+ description: |-
+ port is the port on the service that's hosting the Extension server.
+ Defaults to 443.
+ Port should be a valid port number (1-65535, inclusive).
+ format: int32
+ type: integer
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ description: |-
+ url gives the location of the Extension server, in standard URL form
+ (`scheme://host:port/path`).
+ Note: Exactly one of `url` or `service` must be specified.
+
+ The scheme must be "https".
+
+ The `host` should not refer to a service running in the cluster; use
+ the `service` field instead.
+
+ A path is optional, and if present may be any string permissible in
+ a URL. If a path is set it will be used as prefix to the hook-specific path.
+
+ Attempting to use a user or basic auth e.g. "user:password@" is not
+ allowed. Fragments ("#...") and query parameters ("?...") are not
+ allowed either.
+ type: string
+ type: object
+ namespaceSelector:
+ description: |-
+ namespaceSelector decides whether to call the hook for an object based
+ on whether the namespace for that object matches the selector.
+ Defaults to the empty LabelSelector, which matches all objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ settings:
+ additionalProperties:
+ type: string
+ description: |-
+ settings defines key value pairs to be passed to all calls
+ to all supported RuntimeExtensions.
+ Note: Settings can be overridden on the ClusterClass.
+ type: object
+ required:
+ - clientConfig
+ type: object
+ status:
+ description: ExtensionConfigStatus is the current state of the ExtensionConfig
+ properties:
+ conditions:
+ description: conditions define the current service state of the ExtensionConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ handlers:
+ description: handlers defines the current ExtensionHandlers supported
+ by an Extension.
+ items:
+ description: ExtensionHandler specifies the details of a handler
+ for a particular runtime hook registered by an Extension server.
+ properties:
+ failurePolicy:
+ description: |-
+ failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client.
+ Defaults to Fail if not set.
+ type: string
+ name:
+ description: name is the unique name of the ExtensionHandler.
+ type: string
+ requestHook:
+ description: requestHook defines the versioned runtime hook
+ which this ExtensionHandler serves.
+ properties:
+ apiVersion:
+ description: apiVersion is the group and version of the
+ Hook.
+ type: string
+ hook:
+ description: hook is the name of the hook.
+ type: string
+ required:
+ - apiVersion
+ - hook
+ type: object
+ timeoutSeconds:
+ description: |-
+ timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler.
+ Defaults to 10 is not set.
+ format: int32
+ type: integer
+ required:
+ - name
+ - requestHook
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: ipaddressclaims.ipam.cluster.x-k8s.io
+spec:
+ group: ipam.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPAddressClaim
+ listKind: IPAddressClaimList
+ plural: ipaddressclaims
+ singular: ipaddressclaim
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Name of the pool to allocate an address from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool to allocate an address from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ - description: Time duration since creation of IPAdressClaim
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPAddressClaim is the Schema for the ipaddressclaim API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
+ properties:
+ poolRef:
+ description: poolRef is a reference to the pool from which an IP address
+ should be created.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - poolRef
+ type: object
+ status:
+ description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
+ properties:
+ addressRef:
+ description: addressRef is a reference to the address that was created
+ for this claim.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ conditions:
+ description: conditions summarises the current state of the IPAddressClaim
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Name of the pool to allocate an address from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool to allocate an address from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ - description: Time duration since creation of IPAdressClaim
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: IPAddressClaim is the Schema for the ipaddressclaim API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ type: string
+ poolRef:
+ description: poolRef is a reference to the pool from which an IP address
+ should be created.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - poolRef
+ type: object
+ status:
+ description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
+ properties:
+ addressRef:
+ description: addressRef is a reference to the address that was created
+ for this claim.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ conditions:
+ description: conditions summarises the current state of the IPAddressClaim
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: ipaddresses.ipam.cluster.x-k8s.io
+spec:
+ group: ipam.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPAddress
+ listKind: IPAddressList
+ plural: ipaddresses
+ singular: ipaddress
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Address
+ jsonPath: .spec.address
+ name: Address
+ type: string
+ - description: Name of the pool the address is from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool the address is from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ - description: Time duration since creation of IPAdress
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPAddress is the Schema for the ipaddress API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressSpec is the desired state of an IPAddress.
+ properties:
+ address:
+ description: address is the IP address.
+ type: string
+ claimRef:
+ description: claimRef is a reference to the claim this IPAddress was
+ created for.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ gateway:
+ description: gateway is the network gateway of the network the address
+ is from.
+ type: string
+ poolRef:
+ description: poolRef is a reference to the pool that this IPAddress
+ was created from.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: prefix is the prefix of the address.
+ type: integer
+ required:
+ - address
+ - claimRef
+ - poolRef
+ - prefix
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Address
+ jsonPath: .spec.address
+ name: Address
+ type: string
+ - description: Name of the pool the address is from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool the address is from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ - description: Time duration since creation of IPAdress
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: IPAddress is the Schema for the ipaddress API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressSpec is the desired state of an IPAddress.
+ properties:
+ address:
+ description: address is the IP address.
+ type: string
+ claimRef:
+ description: claimRef is a reference to the claim this IPAddress was
+ created for.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ gateway:
+ description: gateway is the network gateway of the network the address
+ is from.
+ type: string
+ poolRef:
+ description: poolRef is a reference to the pool that this IPAddress
+ was created from.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: prefix is the prefix of the address.
+ type: integer
+ required:
+ - address
+ - claimRef
+ - poolRef
+ - prefix
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinedeployments.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineDeployment
+ listKind: MachineDeploymentList
+ plural: machinedeployments
+ shortNames:
+ - md
+ singular: machinedeployment
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineDeployment is the Schema for the machinedeployments API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: |-
+ The maximum time in seconds for a deployment to make progress before it
+ is considered to be failed. The deployment controller will continue to
+ process failed deployments and a condition with a ProgressDeadlineExceeded
+ reason will be surfaced in the deployment status. Note that progress will
+ not be estimated during the time a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1.
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: |-
+ The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ Label selector for machines. Existing MachineSets whose machines are
+ selected by this will be the ones affected by this deployment.
+ It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ generateName:
+ description: |-
+ generateName is an optional prefix, used by the server, to generate a unique
+ name ONLY IF the Name field has not been provided.
+ If this field is used, the name returned to the client will be different
+ than the name passed. This value will also be combined with a unique suffix.
+ The provided value has the same validation rules as the Name field,
+ and may be truncated by the length of the suffix required to make the value
+ unique on the server.
+
+ If this field is specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the Retry-After header).
+
+ Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ name:
+ description: |-
+ name must be unique within a namespace. Is required when creating resources, although
+ some resources may allow a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence and configuration
+ definition.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/identifiers#names
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ namespace:
+ description: |-
+ namespace defines the space within each name must be unique. An empty namespace is
+ equivalent to the "default" namespace, but "default" is the canonical representation.
+ Not all objects are required to be scoped to a namespace - the value of this field for
+ those objects will be empty.
+
+ Must be a DNS_LABEL.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ ownerReferences:
+ description: |-
+ List of objects depended by this object. If ALL objects in the list have
+ been deleted, this object will be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller, with the controller field set to true.
+ There cannot be more than one managing controller.
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ items:
+ description: |-
+ OwnerReference contains enough information to let you identify an owning
+ object. An owning object must be in the same namespace as the dependent, or
+ be cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: |-
+ If true, AND if the owner has the "foregroundDeletion" finalizer, then
+ the owner cannot be deleted from the key-value store until this
+ reference is removed.
+ See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and enforces the foreground deletion.
+ Defaults to false.
+ To set this field, a user needs "delete" permission of the owner,
+ otherwise 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.Data without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: |-
+ data contains the bootstrap data, such as cloud-init details scripts.
+ If nil, the Machine should remain in the Pending state.
+
+ Deprecated: Switch to DataSecretName.
+ type: string
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: |-
+ Total number of available machines (ready for at least minReadySeconds)
+ targeted by this deployment.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this deployment.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet available or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineDeployment
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineDeployment is the Schema for the machinedeployments API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine should
+ be ready.
+ Defaults to 0 (machine will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: |-
+ The maximum time in seconds for a deployment to make progress before it
+ is considered to be failed. The deployment controller will continue to
+ process failed deployments and a condition with a ProgressDeadlineExceeded
+ reason will be surfaced in the deployment status. Note that progress will
+ not be estimated during the time a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: |-
+ Number of desired machines. Defaults to 1.
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: |-
+ The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ Label selector for machines. Existing MachineSets whose machines are
+ selected by this will be the ones affected by this deployment.
+ It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
+ Valid values are "Random, "Newest", "Oldest"
+ When no value is supplied, the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment.
+ Default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: |-
+ Total number of available machines (ready for at least minReadySeconds)
+ targeted by this deployment.
+ format: int32
+ type: integer
+ conditions:
+ description: conditions defines current service state of the MachineDeployment.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this deployment.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet available or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this MachineDeployment
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of MachineDeployment
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachineDeployment
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineDeployment is the Schema for the machinedeployments API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: |-
+ minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
+ Defaults to 0 (machine will be considered available as soon as the Node is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: |-
+ The maximum time in seconds for a deployment to make progress before it
+ is considered to be failed. The deployment controller will continue to
+ process failed deployments and a condition with a ProgressDeadlineExceeded
+ reason will be surfaced in the deployment status. Note that progress will
+ not be estimated during the time a deployment is paused. Defaults to 600s.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Number of desired machines.
+ This is a pointer to distinguish between explicit zero and not specified.
+
+ Defaults to:
+ * if the Kubernetes autoscaler min size and max size annotations are set:
+ - if it's a new MachineDeployment, use min size
+ - if the replicas field of the old MachineDeployment is < min size, use min size
+ - if the replicas field of the old MachineDeployment is > max size, use max size
+ - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD
+ * otherwise use 1
+ Note: Defaulting will be run whenever the replicas field is not set:
+ * A new MachineDeployment is created with replicas not set.
+ * On an existing MachineDeployment the replicas field was first set and is now unset.
+ Those cases are especially relevant for the following Kubernetes autoscaler use cases:
+ * A new MachineDeployment is created and replicas should be managed by the autoscaler
+ * An existing MachineDeployment which initially wasn't controlled by the autoscaler
+ should be later controlled by the autoscaler
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: |-
+ The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: |-
+ rolloutAfter is a field to indicate a rollout should be performed
+ after the specified time even if no changes have been made to the
+ MachineDeployment.
+ Example: In the YAML the time can be specified in the RFC3339 format.
+ To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
+ use "2023-03-09T09:00:00Z".
+ format: date-time
+ type: string
+ selector:
+ description: |-
+ Label selector for machines. Existing MachineSets whose machines are
+ selected by this will be the ones affected by this deployment.
+ It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machines with
+ new ones.
+ properties:
+ remediation:
+ description: |-
+ remediation controls the strategy of remediating unhealthy machines
+ and how remediating operations should occur during the lifecycle of the dependant MachineSets.
+ properties:
+ maxInFlight:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxInFlight determines how many in flight remediations should happen at the same time.
+
+ Remediation only happens on the MachineSet with the most current revision, while
+ older MachineSets (usually present during rollout operations) aren't allowed to remediate.
+
+ Note: In general (independent of remediations), unhealthy machines are always
+ prioritized during scale down operations over healthy ones.
+
+ MaxInFlight can be set to a fixed number or a percentage.
+ Example: when this is set to 20%, the MachineSet controller deletes at most 20% of
+ the desired replicas.
+
+ If not set, remediation is limited to all machines (bounded by replicas)
+ under the active MachineSet's management.
+ x-kubernetes-int-or-string: true
+ type: object
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling.
+ Valid values are "Random, "Newest", "Oldest"
+ When no value is supplied, the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment. Allowed values are RollingUpdate and OnDelete.
+ The default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ readinessGates:
+ description: |-
+ readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
+
+ This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
+ Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
+ for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
+
+ Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
+ they can include the status of those components with a new condition and add this condition to ReadinessGates.
+
+ NOTE: This field is considered only for computing v1beta2 conditions.
+ NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
+ readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
+ readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
+ This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
+ items:
+ description: MachineReadinessGate contains the type of a
+ Machine condition to be used as a readiness gate.
+ properties:
+ conditionType:
+ description: |-
+ conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
+ If the conditions doesn't exist, it will be treated as unknown.
+ Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - conditionType
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - conditionType
+ x-kubernetes-list-type: map
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: |-
+ Total number of available machines (ready for at least minReadySeconds)
+ targeted by this deployment.
+ format: int32
+ type: integer
+ conditions:
+ description: conditions defines current service state of the MachineDeployment.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this deployment.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet available or machines
+ that still have not been created.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec.
+ format: int32
+ type: integer
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in MachineDeployment's status with the V1Beta2 version.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the number of available replicas
+ for this MachineDeployment. A machine is considered available
+ when Machine's Available condition is true.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a MachineDeployment's current state.
+ Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ readyReplicas:
+ description: readyReplicas is the number of ready replicas for
+ this MachineDeployment. A machine is considered ready when Machine's
+ Ready condition is true.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date replicas
+ targeted by this deployment. A machine is considered up-to-date
+ when Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinedrainrules.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineDrainRule
+ listKind: MachineDrainRuleList
+ plural: machinedrainrules
+ singular: machinedrainrule
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Drain behavior
+ jsonPath: .spec.drain.behavior
+ name: Behavior
+ type: string
+ - description: Drain order
+ jsonPath: .spec.drain.order
+ name: Order
+ type: string
+ - description: Time duration since creation of the MachineDrainRule
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineDrainRule is the Schema for the MachineDrainRule API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec defines the spec of a MachineDrainRule.
+ properties:
+ drain:
+ description: drain configures if and how Pods are drained.
+ properties:
+ behavior:
+ description: |-
+ behavior defines the drain behavior.
+ Can be either "Drain", "Skip", or "WaitCompleted".
+ "Drain" means that the Pods to which this MachineDrainRule applies will be drained.
+ If behavior is set to "Drain" the order in which Pods are drained can be configured
+ with the order field. When draining Pods of a Node the Pods will be grouped by order
+ and one group after another will be drained (by increasing order). Cluster API will
+ wait until all Pods of a group are terminated / removed from the Node before starting
+ with the next group.
+ "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain.
+ "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted
+ and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0.
+ enum:
+ - Drain
+ - Skip
+ - WaitCompleted
+ type: string
+ order:
+ description: |-
+ order defines the order in which Pods are drained.
+ Pods with higher order are drained after Pods with lower order.
+ order can only be set if behavior is set to "Drain".
+ If order is not set, 0 will be used.
+ Valid values for order are from -2147483648 to 2147483647 (inclusive).
+ format: int32
+ type: integer
+ required:
+ - behavior
+ type: object
+ machines:
+ description: |-
+ machines defines to which Machines this MachineDrainRule should be applied.
+
+ If machines is not set, the MachineDrainRule applies to all Machines in the Namespace.
+ If machines contains multiple selectors, the results are ORed.
+ Within a single Machine selector the results of selector and clusterSelector are ANDed.
+ Machines will be selected from all Clusters in the Namespace unless otherwise
+ restricted with the clusterSelector.
+
+ Example: Selects control plane Machines in all Clusters or
+ Machines with label "os" == "linux" in Clusters with label
+ "stage" == "production".
+
+ - selector:
+ matchExpressions:
+ - key: cluster.x-k8s.io/control-plane
+ operator: Exists
+ - selector:
+ matchLabels:
+ os: linux
+ clusterSelector:
+ matchExpressions:
+ - key: stage
+ operator: In
+ values:
+ - production
+ items:
+ description: MachineDrainRuleMachineSelector defines to which Machines
+ this MachineDrainRule should be applied.
+ minProperties: 1
+ properties:
+ clusterSelector:
+ description: |-
+ clusterSelector is a label selector which selects Machines by the labels of
+ their Clusters.
+ This field follows standard label selector semantics; if not present or
+ empty, it selects Machines of all Clusters.
+
+ If selector is also set, then the selector as a whole selects
+ Machines matching selector belonging to Clusters selected by clusterSelector.
+ If selector is not set, it selects all Machines belonging to Clusters
+ selected by clusterSelector.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: |-
+ selector is a label selector which selects Machines by their labels.
+ This field follows standard label selector semantics; if not present or
+ empty, it selects all Machines.
+
+ If clusterSelector is also set, then the selector as a whole selects
+ Machines matching selector belonging to Clusters selected by clusterSelector.
+ If clusterSelector is not set, it selects all Machines matching selector in
+ all Clusters.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ maxItems: 32
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ pods:
+ description: |-
+ pods defines to which Pods this MachineDrainRule should be applied.
+
+ If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces.
+ If pods contains multiple selectors, the results are ORed.
+ Within a single Pod selector the results of selector and namespaceSelector are ANDed.
+ Pods will be selected from all Namespaces unless otherwise
+ restricted with the namespaceSelector.
+
+ Example: Selects Pods with label "app" == "logging" in all Namespaces or
+ Pods with label "app" == "prometheus" in the "monitoring"
+ Namespace.
+
+ - selector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - logging
+ - selector:
+ matchLabels:
+ app: prometheus
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: monitoring
+ items:
+ description: MachineDrainRulePodSelector defines to which Pods this
+ MachineDrainRule should be applied.
+ minProperties: 1
+ properties:
+ namespaceSelector:
+ description: |-
+ namespaceSelector is a label selector which selects Pods by the labels of
+ their Namespaces.
+ This field follows standard label selector semantics; if not present or
+ empty, it selects Pods of all Namespaces.
+
+ If selector is also set, then the selector as a whole selects
+ Pods matching selector in Namespaces selected by namespaceSelector.
+ If selector is not set, it selects all Pods in Namespaces selected by
+ namespaceSelector.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: |-
+ selector is a label selector which selects Pods by their labels.
+ This field follows standard label selector semantics; if not present or
+ empty, it selects all Pods.
+
+ If namespaceSelector is also set, then the selector as a whole selects
+ Pods matching selector in Namespaces selected by namespaceSelector.
+ If namespaceSelector is not set, it selects all Pods matching selector in
+ all Namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ maxItems: 32
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - drain
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinehealthchecks.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineHealthCheck
+ listKind: MachineHealthCheckList
+ plural: machinehealthchecks
+ shortNames:
+ - mhc
+ - mhcs
+ singular: machinehealthcheck
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineHealthCheck is the Schema for the machinehealthchecks API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ Machines older than this duration without a node will be considered to have
+ failed and will be remediated.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - clusterName
+ - selector
+ - unhealthyConditions
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: |-
+ remediationsAllowed is the number of further remediations allowed by this machine health check before
+ maxUnhealthy short circuiting will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineHealthCheck
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineHealthCheck is the Schema for the machinehealthchecks API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ Machines older than this duration without a node will be considered to have
+ failed and will be remediated.
+ If not set, this value is defaulted to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ minItems: 1
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ required:
+ - clusterName
+ - selector
+ - unhealthyConditions
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: |-
+ remediationsAllowed is the number of further remediations allowed by this machine health check before
+ maxUnhealthy short circuiting will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ - description: Time duration since creation of MachineHealthCheck
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineHealthCheck is the Schema for the machinehealthchecks
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: |-
+ nodeStartupTimeout allows to set the maximum time for MachineHealthCheck
+ to consider a Machine unhealthy if a corresponding Node isn't associated
+ through a `Spec.ProviderID` field.
+
+ The duration set in this field is compared to the greatest of:
+ - Cluster's infrastructure ready condition timestamp (if and when available)
+ - Control Plane's initialized condition timestamp (if and when available)
+ - Machine's infrastructure ready condition timestamp (if and when available)
+ - Machine's metadata creation timestamp
+
+ Defaults to 10 minutes.
+ If you wish to disable this feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: |-
+ remediationTemplate is a reference to a remediation template
+ provided by an infrastructure provider.
+
+ This field is completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off remediation of the machine to
+ a controller that lives outside of Cluster API.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: |-
+ unhealthyConditions contains a list of the conditions that determine
+ whether a node is considered unhealthy. The conditions are combined in a
+ logical OR, i.e. if any of the conditions is met, the node is unhealthy.
+ items:
+ description: |-
+ UnhealthyCondition represents a Node condition type and value with a timeout
+ specified as a duration. When the named condition has been in the given
+ status for at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: |-
+ Any further remediation is only allowed if the number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy.
+ Eg. "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details.
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: |-
+ remediationsAllowed is the number of further remediations allowed by this machine health check before
+ maxUnhealthy short circuiting will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in MachineHealthCheck's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a MachineHealthCheck's current state.
+ Known condition types are RemediationAllowed, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinepools.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachinePool
+ listKind: MachinePoolList
+ plural: machinepools
+ shortNames:
+ - mp
+ singular: machinepool
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachinePool is the Schema for the machinepools API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: failureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine instances should
+ be ready.
+ Defaults to 0 (machine instance will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: |-
+ providerIDList are the identification IDs of machine instances provided by the provider.
+ This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1.
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ strategy:
+ description: |-
+ The deployment strategy to use to replace existing machine instances with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be scheduled above the
+ desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage of
+ desired machines (ex: 10%).
+ This can not be 0 if MaxUnavailable is 0.
+ Absolute number is calculated from percentage by rounding up.
+ Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet can be scaled
+ up immediately when the rolling update starts, such that the total
+ number of old and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed, new MachineSet can
+ be scaled up further, ensuring that total number of machines running
+ at any time during the update is at most 130% of desired machines.
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of machines that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or a percentage of desired
+ machines (ex: 10%).
+ Absolute number is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0.
+ Defaults to 0.
+ Example: when this is set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately when the rolling update
+ starts. Once new machines are ready, old MachineSet can be scaled
+ down further, followed by scaling up the new MachineSet, ensuring
+ that the total number of machines available at all times
+ during the update is at least 70% of desired machines.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of deployment. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ generateName:
+ description: |-
+ generateName is an optional prefix, used by the server, to generate a unique
+ name ONLY IF the Name field has not been provided.
+ If this field is used, the name returned to the client will be different
+ than the name passed. This value will also be combined with a unique suffix.
+ The provided value has the same validation rules as the Name field,
+ and may be truncated by the length of the suffix required to make the value
+ unique on the server.
+
+ If this field is specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the Retry-After header).
+
+ Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ name:
+ description: |-
+ name must be unique within a namespace. Is required when creating resources, although
+ some resources may allow a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence and configuration
+ definition.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/identifiers#names
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ namespace:
+ description: |-
+ namespace defines the space within each name must be unique. An empty namespace is
+ equivalent to the "default" namespace, but "default" is the canonical representation.
+ Not all objects are required to be scoped to a namespace - the value of this field for
+ those objects will be empty.
+
+ Must be a DNS_LABEL.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ ownerReferences:
+ description: |-
+ List of objects depended by this object. If ALL objects in the list have
+ been deleted, this object will be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller, with the controller field set to true.
+ There cannot be more than one managing controller.
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ items:
+ description: |-
+ OwnerReference contains enough information to let you identify an owning
+ object. An owning object must be in the same namespace as the dependent, or
+ be cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: |-
+ If true, AND if the owner has the "foregroundDeletion" finalizer, then
+ the owner cannot be deleted from the key-value store until this
+ reference is removed.
+ See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and enforces the foreground deletion.
+ Defaults to false.
+ To set this field, a user needs "delete" permission of the owner,
+ otherwise 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.Data without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: |-
+ data contains the bootstrap data, such as cloud-init details scripts.
+ If nil, the Machine should remain in the Pending state.
+
+ Deprecated: Switch to DataSecretName.
+ type: string
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a problem reconciling the state,
+ and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a problem reconciling the state, and
+ will be set to a token value suitable for programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: nodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: ObjectReference contains enough information to let
+ you inspect or modify the referred object.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machine instances targeted by this machine pool.
+ This is the total number of machine instances that are still required for
+ the machine pool to have 100% available capacity. They may either
+ be machine instances that are running but not yet available or machine instances
+ that still have not been created.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of MachinePool
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachinePool is the Schema for the machinepools API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: failureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine instances should
+ be ready.
+ Defaults to 0 (machine instance will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: |-
+ providerIDList are the identification IDs of machine instances provided by the provider.
+ This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1.
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a problem reconciling the state,
+ and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a problem reconciling the state, and
+ will be set to a token value suitable for programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: nodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: ObjectReference contains enough information to let
+ you inspect or modify the referred object.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machine instances targeted by this machine pool.
+ This is the total number of machine instances that are still required for
+ the machine pool to have 100% available capacity. They may either
+ be machine instances that are running but not yet available or machine instances
+ that still have not been created.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this MachinePool
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of MachinePool
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachinePool is the Schema for the machinepools API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: failureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: |-
+ Minimum number of seconds for which a newly created machine instances should
+ be ready.
+ Defaults to 0 (machine instance will be considered available as soon as it
+ is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: |-
+ providerIDList are the identification IDs of machine instances provided by the provider.
+ This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1.
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ template:
+ description: template describes the machines that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ readinessGates:
+ description: |-
+ readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
+
+ This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
+ Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
+ for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
+
+ Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
+ they can include the status of those components with a new condition and add this condition to ReadinessGates.
+
+ NOTE: This field is considered only for computing v1beta2 conditions.
+ NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
+ readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
+ readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
+ This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
+ items:
+ description: MachineReadinessGate contains the type of a
+ Machine condition to be used as a readiness gate.
+ properties:
+ conditionType:
+ description: |-
+ conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
+ If the conditions doesn't exist, it will be treated as unknown.
+ Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - conditionType
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - conditionType
+ x-kubernetes-list-type: map
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ failureMessage indicates that there is a problem reconciling the state,
+ and will be set to a descriptive error message.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a problem reconciling the state, and
+ will be set to a token value suitable for programmatic interpretation.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: nodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: ObjectReference contains enough information to let
+ you inspect or modify the referred object.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machine instances targeted by this machine pool.
+ This is the total number of machine instances that are still required for
+ the machine pool to have 100% available capacity. They may either
+ be machine instances that are running but not yet available or machine instances
+ that still have not been created.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ format: int32
+ type: integer
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in MachinePool's status with the V1Beta2 version.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the number of available replicas
+ for this MachinePool. A machine is considered available when
+ Machine's Available condition is true.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a MachinePool's current state.
+ Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate,
+ ScalingUp, ScalingDown, Remediating, Deleting, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ readyReplicas:
+ description: readyReplicas is the number of ready replicas for
+ this MachinePool. A machine is considered ready when Machine's
+ Ready condition is true.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date replicas
+ targeted by this MachinePool. A machine is considered up-to-date
+ when Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machines.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Machine
+ listKind: MachineList
+ plural: machines
+ shortNames:
+ - ma
+ singular: machine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ priority: 1
+ type: string
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Machine is the Schema for the machines API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.Data without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: |-
+ data contains the bootstrap data, such as cloud-init details scripts.
+ If nil, the Machine should remain in the Pending state.
+
+ Deprecated: Switch to DataSecretName.
+ type: string
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: |-
+ addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ failureMessage will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ failureReason:
+ description: |-
+ failureReason will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a succinct value suitable
+ for machine interpretation.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: lastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeRef:
+ description: nodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ version:
+ description: |-
+ version specifies the current version of Kubernetes running
+ on the corresponding Node. This is meant to be a means of bubbling
+ up status from the Node to the Machine.
+ It is entirely optional, but useful for end-user UX if it’s present.
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of Machine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ priority: 1
+ type: string
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Machine is the Schema for the machines API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: |-
+ addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ failureMessage will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ failureReason:
+ description: |-
+ failureReason will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a succinct value suitable
+ for machine interpretation.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: lastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeInfo:
+ description: |-
+ nodeInfo is a set of ids/uuids to uniquely identify the node.
+ More info: https://kubernetes.io/docs/concepts/nodes/node/#info
+ properties:
+ architecture:
+ description: The Architecture reported by the node
+ type: string
+ bootID:
+ description: Boot ID reported by the node.
+ type: string
+ containerRuntimeVersion:
+ description: ContainerRuntime Version reported by the node through
+ runtime remote API (e.g. containerd://1.4.2).
+ type: string
+ kernelVersion:
+ description: Kernel Version reported by the node from 'uname -r'
+ (e.g. 3.16.0-0.bpo.4-amd64).
+ type: string
+ kubeProxyVersion:
+ description: 'Deprecated: KubeProxy Version reported by the node.'
+ type: string
+ kubeletVersion:
+ description: Kubelet Version reported by the node.
+ type: string
+ machineID:
+ description: |-
+ MachineID reported by the node. For unique machine identification
+ in the cluster this field is preferred. Learn more from man(5)
+ machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
+ type: string
+ operatingSystem:
+ description: The Operating System reported by the node
+ type: string
+ osImage:
+ description: OS Image reported by the node from /etc/os-release
+ (e.g. Debian GNU/Linux 7 (wheezy)).
+ type: string
+ systemUUID:
+ description: |-
+ SystemUUID reported by the node. For unique machine identification
+ MachineID is preferred. This field is specific to Red Hat hosts
+ https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+ type: string
+ required:
+ - architecture
+ - bootID
+ - containerRuntimeVersion
+ - kernelVersion
+ - kubeProxyVersion
+ - kubeletVersion
+ - machineID
+ - operatingSystem
+ - osImage
+ - systemUUID
+ type: object
+ nodeRef:
+ description: nodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ version:
+ description: |-
+ version specifies the current version of Kubernetes running
+ on the corresponding Node. This is meant to be a means of bubbling
+ up status from the Node to the Machine.
+ It is entirely optional, but useful for end-user UX if it’s present.
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ type: string
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of Machine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Machine is the Schema for the machines API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ readinessGates:
+ description: |-
+ readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
+
+ This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
+ Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
+ for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
+
+ Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
+ they can include the status of those components with a new condition and add this condition to ReadinessGates.
+
+ NOTE: This field is considered only for computing v1beta2 conditions.
+ NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
+ readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
+ readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
+ This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
+ items:
+ description: MachineReadinessGate contains the type of a Machine
+ condition to be used as a readiness gate.
+ properties:
+ conditionType:
+ description: |-
+ conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
+ If the conditions doesn't exist, it will be treated as unknown.
+ Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - conditionType
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - conditionType
+ x-kubernetes-list-type: map
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: |-
+ addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP,
+ InternalIP, ExternalDNS or InternalDNS.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: bootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ certificatesExpiryDate:
+ description: |-
+ certificatesExpiryDate is the expiry date of the machine certificates.
+ This value is only set for control plane machines.
+ format: date-time
+ type: string
+ conditions:
+ description: conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ deletion:
+ description: |-
+ deletion contains information relating to removal of the Machine.
+ Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started.
+ properties:
+ nodeDrainStartTime:
+ description: |-
+ nodeDrainStartTime is the time when the drain of the node started and is used to determine
+ if the NodeDrainTimeout is exceeded.
+ Only present when the Machine has a deletionTimestamp and draining the node had been started.
+ format: date-time
+ type: string
+ waitForNodeVolumeDetachStartTime:
+ description: |-
+ waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started
+ and is used to determine if the NodeVolumeDetachTimeout is exceeded.
+ Detaching volumes from nodes is usually done by CSI implementations and the current state
+ is observed from the node's `.Status.VolumesAttached` field.
+ Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started.
+ format: date-time
+ type: string
+ type: object
+ failureMessage:
+ description: |-
+ failureMessage will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ failureReason:
+ description: |-
+ failureReason will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a succinct value suitable
+ for machine interpretation.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ infrastructureReady:
+ description: infrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: lastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeInfo:
+ description: |-
+ nodeInfo is a set of ids/uuids to uniquely identify the node.
+ More info: https://kubernetes.io/docs/concepts/nodes/node/#info
+ properties:
+ architecture:
+ description: The Architecture reported by the node
+ type: string
+ bootID:
+ description: Boot ID reported by the node.
+ type: string
+ containerRuntimeVersion:
+ description: ContainerRuntime Version reported by the node through
+ runtime remote API (e.g. containerd://1.4.2).
+ type: string
+ kernelVersion:
+ description: Kernel Version reported by the node from 'uname -r'
+ (e.g. 3.16.0-0.bpo.4-amd64).
+ type: string
+ kubeProxyVersion:
+ description: 'Deprecated: KubeProxy Version reported by the node.'
+ type: string
+ kubeletVersion:
+ description: Kubelet Version reported by the node.
+ type: string
+ machineID:
+ description: |-
+ MachineID reported by the node. For unique machine identification
+ in the cluster this field is preferred. Learn more from man(5)
+ machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
+ type: string
+ operatingSystem:
+ description: The Operating System reported by the node
+ type: string
+ osImage:
+ description: OS Image reported by the node from /etc/os-release
+ (e.g. Debian GNU/Linux 7 (wheezy)).
+ type: string
+ systemUUID:
+ description: |-
+ SystemUUID reported by the node. For unique machine identification
+ MachineID is preferred. This field is specific to Red Hat hosts
+ https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+ type: string
+ required:
+ - architecture
+ - bootID
+ - containerRuntimeVersion
+ - kernelVersion
+ - kubeProxyVersion
+ - kubeletVersion
+ - machineID
+ - operatingSystem
+ - osImage
+ - systemUUID
+ type: object
+ nodeRef:
+ description: nodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: |-
+ phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in Machine's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a Machine's current state.
+ Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady,
+ NodeHealthy, Deleting, Paused.
+ If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added.
+ Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions:
+ APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinesets.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineSet
+ listKind: MachineSetList
+ plural: machinesets
+ shortNames:
+ - ms
+ singular: machineset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineSet is the Schema for the machinesets API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used to identify nodes to delete when downscaling.
+ Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: |-
+ minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
+ Defaults to 0 (machine will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ replicas is the number of desired replicas.
+ This is a pointer to distinguish between explicit zero and unspecified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is a label query over machines that should match the replica count.
+ Label keys and values that must match in order to be controlled by this MachineSet.
+ It must match the machine template's labels.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: |-
+ template is the object that describes the machine that will be created if
+ insufficient replicas are detected.
+ Object references to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ generateName:
+ description: |-
+ generateName is an optional prefix, used by the server, to generate a unique
+ name ONLY IF the Name field has not been provided.
+ If this field is used, the name returned to the client will be different
+ than the name passed. This value will also be combined with a unique suffix.
+ The provided value has the same validation rules as the Name field,
+ and may be truncated by the length of the suffix required to make the value
+ unique on the server.
+
+ If this field is specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
+ ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the Retry-After header).
+
+ Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ name:
+ description: |-
+ name must be unique within a namespace. Is required when creating resources, although
+ some resources may allow a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence and configuration
+ definition.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/identifiers#names
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ namespace:
+ description: |-
+ namespace defines the space within each name must be unique. An empty namespace is
+ equivalent to the "default" namespace, but "default" is the canonical representation.
+ Not all objects are required to be scoped to a namespace - the value of this field for
+ those objects will be empty.
+
+ Must be a DNS_LABEL.
+ Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ type: string
+ ownerReferences:
+ description: |-
+ List of objects depended by this object. If ALL objects in the list have
+ been deleted, this object will be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller, with the controller field set to true.
+ There cannot be more than one managing controller.
+
+ Deprecated: This field has no function and is going to be removed in a next release.
+ items:
+ description: |-
+ OwnerReference contains enough information to let you identify an owning
+ object. An owning object must be in the same namespace as the dependent, or
+ be cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: |-
+ If true, AND if the owner has the "foregroundDeletion" finalizer, then
+ the owner cannot be deleted from the key-value store until this
+ reference is removed.
+ See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this field and enforces the foreground deletion.
+ Defaults to false.
+ To set this field, a user needs "delete" permission of the owner,
+ otherwise 422 (Unprocessable Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.Data without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: |-
+ data contains the bootstrap data, such as cloud-init details scripts.
+ If nil, the Machine should remain in the Pending state.
+
+ Deprecated: Switch to DataSecretName.
+ type: string
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ failureMessage:
+ type: string
+ failureReason:
+ description: |-
+ In the event that there is a terminal problem reconciling the
+ replicas, both FailureReason and FailureMessage will be set. FailureReason
+ will be populated with a succinct value suitable for machine
+ interpretation, while FailureMessage will contain a more verbose
+ string suitable for logging and human consumption.
+
+ These fields should not be set for transitive errors that a
+ controller faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the MachineTemplate's spec or the configuration of
+ the machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the machine controller, or the
+ responsible machine controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the MachineSet object and/or logged in the
+ controller's output.
+ type: string
+ fullyLabeledReplicas:
+ description: The number of replicas that have labels matching the
+ labels of the machine template of the MachineSet.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ MachineSet is the Schema for the machinesets API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used to identify nodes to delete when downscaling.
+ Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: |-
+ minReadySeconds is the minimum number of seconds for which a newly created machine should be ready.
+ Defaults to 0 (machine will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: |-
+ replicas is the number of desired replicas.
+ This is a pointer to distinguish between explicit zero and unspecified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is a label query over machines that should match the replica count.
+ Label keys and values that must match in order to be controlled by this MachineSet.
+ It must match the machine template's labels.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: |-
+ template is the object that describes the machine that will be created if
+ insufficient replicas are detected.
+ Object references to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ conditions:
+ description: conditions defines current service state of the MachineSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ type: string
+ failureReason:
+ description: |-
+ In the event that there is a terminal problem reconciling the
+ replicas, both FailureReason and FailureMessage will be set. FailureReason
+ will be populated with a succinct value suitable for machine
+ interpretation, while FailureMessage will contain a more verbose
+ string suitable for logging and human consumption.
+
+ These fields should not be set for transitive errors that a
+ controller faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the MachineTemplate's spec or the configuration of
+ the machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the machine controller, or the
+ responsible machine controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the MachineSet object and/or logged in the
+ controller's output.
+ type: string
+ fullyLabeledReplicas:
+ description: The number of replicas that have labels matching the
+ labels of the machine template of the MachineSet.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this machineset
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Time duration since creation of MachineSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachineSet
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineSet is the Schema for the machinesets API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: clusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: |-
+ deletePolicy defines the policy used to identify nodes to delete when downscaling.
+ Defaults to "Random". Valid values are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: |-
+ minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available.
+ Defaults to 0 (machine will be considered available as soon as the Node is ready)
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ replicas is the number of desired replicas.
+ This is a pointer to distinguish between explicit zero and unspecified.
+
+ Defaults to:
+ * if the Kubernetes autoscaler min size and max size annotations are set:
+ - if it's a new MachineSet, use min size
+ - if the replicas field of the old MachineSet is < min size, use min size
+ - if the replicas field of the old MachineSet is > max size, use max size
+ - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS
+ * otherwise use 1
+ Note: Defaulting will be run whenever the replicas field is not set:
+ * A new MachineSet is created with replicas not set.
+ * On an existing MachineSet the replicas field was first set and is now unset.
+ Those cases are especially relevant for the following Kubernetes autoscaler use cases:
+ * A new MachineSet is created and replicas should be managed by the autoscaler
+ * An existing MachineSet which initially wasn't controlled by the autoscaler
+ should be later controlled by the autoscaler
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is a label query over machines that should match the replica count.
+ Label keys and values that must match in order to be controlled by this MachineSet.
+ It must match the machine template's labels.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: |-
+ template is the object that describes the machine that will be created if
+ insufficient replicas are detected.
+ Object references to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bootstrap:
+ description: |-
+ bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: |-
+ configRef is a reference to a bootstrap provider-specific resource
+ that holds configuration details. The reference is optional to
+ allow users/operators to specify Bootstrap.DataSecretName without
+ the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: |-
+ dataSecretName is the name of the secret that stores the bootstrap data script.
+ If nil, the Machine should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: clusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: |-
+ failureDomain is the failure domain the machine will be created in.
+ Must match a key in the FailureDomains map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a node.
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: |-
+ providerID is the identification ID of the machine provided by the provider.
+ This field must match the provider ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler
+ with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out
+ machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a
+ generic out-of-tree provider for autoscaler, this field is required by autoscaler to be
+ able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ readinessGates:
+ description: |-
+ readinessGates specifies additional conditions to include when evaluating Machine Ready condition.
+
+ This field can be used e.g. by Cluster API control plane providers to extend the semantic of the
+ Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates
+ for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.
+
+ Another example are external controllers, e.g. responsible to install special software/hardware on the Machines;
+ they can include the status of those components with a new condition and add this condition to ReadinessGates.
+
+ NOTE: This field is considered only for computing v1beta2 conditions.
+ NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those
+ readiness gates condition are reporting the same message, when computing the Machine's Ready condition those
+ readinessGates will be replaced by a single entry reporting "Control plane components: " + message.
+ This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster).
+ items:
+ description: MachineReadinessGate contains the type of a
+ Machine condition to be used as a readiness gate.
+ properties:
+ conditionType:
+ description: |-
+ conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list.
+ If the conditions doesn't exist, it will be treated as unknown.
+ Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates.
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - conditionType
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - conditionType
+ x-kubernetes-list-type: map
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ conditions:
+ description: conditions defines current service state of the MachineSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: 'Deprecated: This field is deprecated and is going to
+ be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md
+ for more details.'
+ type: string
+ failureReason:
+ description: |-
+ In the event that there is a terminal problem reconciling the
+ replicas, both FailureReason and FailureMessage will be set. FailureReason
+ will be populated with a succinct value suitable for machine
+ interpretation, while FailureMessage will contain a more verbose
+ string suitable for logging and human consumption.
+
+ These fields should not be set for transitive errors that a
+ controller faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the MachineTemplate's spec or the configuration of
+ the machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the machine controller, or the
+ responsible machine controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the MachineSet object and/or logged in the
+ controller's output.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ fullyLabeledReplicas:
+ description: |-
+ The number of replicas that have labels matching the labels of the machine template of the MachineSet.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: observedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the same as the label selector but in the string format to avoid introspection
+ by clients. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in MachineSet's status with the V1Beta2 version.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the number of available replicas
+ for this MachineSet. A machine is considered available when
+ Machine's Available condition is true.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a MachineSet's current state.
+ Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ readyReplicas:
+ description: readyReplicas is the number of ready replicas for
+ this MachineSet. A machine is considered ready when Machine's
+ Ready condition is true.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date replicas
+ for this MachineSet. A machine is considered up-to-date when
+ Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-leader-election-role
+ namespace: capi-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - addons.cluster.x-k8s.io
+ resources:
+ - clusterresourcesets/finalizers
+ - clusterresourcesets/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - addons.cluster.x-k8s.io
+ - bootstrap.cluster.x-k8s.io
+ - controlplane.cluster.x-k8s.io
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusterclasses
+ - clusterclasses/status
+ - clusters
+ - clusters/finalizers
+ - clusters/status
+ - machinehealthchecks/finalizers
+ - machinehealthchecks/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedeployments
+ - machinedeployments/finalizers
+ - machinedeployments/status
+ - machinehealthchecks
+ - machinepools
+ - machinepools/finalizers
+ - machinepools/status
+ - machines
+ - machines/finalizers
+ - machines/status
+ - machinesets
+ - machinesets/finalizers
+ - machinesets/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedrainrules
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddressclaims
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - runtime.cluster.x-k8s.io
+ resources:
+ - extensionconfigs
+ - extensionconfigs/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-leader-election-rolebinding
+ namespace: capi-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-webhook-service
+ namespace: capi-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: cluster-api
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-controller-manager
+ namespace: capi-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: cluster-api
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --diagnostics-address=:8443
+ - --insecure-diagnostics=false
+ - --use-deprecated-infra-machine-naming=false
+ - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=false,RuntimeSDK=false,MachineSetPreflightChecks=true,MachineWaitForVolumeDetachConsiderVolumeAttachments=true
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: registry.k8s.io/cluster-api/cluster-api-controller:v1.9.5
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ terminationMessagePolicy: FallbackToLogsOnError
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: capi-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-webhook-service-cert
+status: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.cluster.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.clusterclass.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterclasses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machine.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinedeployment.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinedeployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinehealthcheck.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinehealthchecks
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machineset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machineset.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - runtime.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - extensionconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinepool.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinepools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.clusterresourceset.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - addons.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterresourcesets
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.cluster.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.clusterclass.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - clusterclasses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machine.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinedeployment.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinedeployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinedrainrule
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinedrainrule.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinedrainrules
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinehealthcheck.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinehealthchecks
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machineset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machineset.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.extensionconfig.runtime.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - runtime.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - extensionconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinepool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinepool.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinepools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.clusterresourceset.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - addons.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterresourcesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - addons.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterresourcesetbindings
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipaddress.ipam.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - ipaddresses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - ipaddressclaims
+ sideEffects: None
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-bootstrap-system
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-selfsigned-issuer
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-serving-cert
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ dnsNames:
+ - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc
+ - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-kubeadm-bootstrap-selfsigned-issuer
+ secretName: capi-kubeadm-bootstrap-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmConfig
+ listKind: KubeadmConfigList
+ plural: kubeadmconfigs
+ singular: kubeadmconfig
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmConfig is the Schema for the kubeadmconfigs API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ CertificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: |-
+ Etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ External describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ CAFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ CertFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ KeyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ Local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ DataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ ExtraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ KubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ Networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should be
+ used for Kubernetes components instead of their respective separate
+ images
+ type: boolean
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ Description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ Expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ Groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ TTL defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ Usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ CACertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ ControlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: Discovery specifies the options for the kubelet to
+ use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ BootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ CACertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ UnsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: |-
+ File is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ bootstrapData:
+ description: |-
+ bootstrapData will be a cloud-init script for now.
+
+ Deprecated: Switch to DataSecretName.
+ format: byte
+ type: string
+ conditions:
+ description: conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: dataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: failureMessage will be set on non-retryable errors
+ type: string
+ failureReason:
+ description: failureReason will be set on non-retryable errors
+ type: string
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmConfig is the Schema for the kubeadmconfigs API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet to
+ use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ conditions:
+ description: conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: dataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: failureMessage will be set on non-retryable errors
+ type: string
+ failureReason:
+ description: failureReason will be set on non-retryable errors
+ type: string
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+ name: Cluster
+ type: string
+ - description: Time duration since creation of KubeadmConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ * If not set, the default registry of kubeadm will be used, i.e.
+ * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
+ * k8s.gcr.io (old registry): all older versions
+ Please note that when imageRepository is not set we don't allow upgrades to
+ versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
+ a newer patch version with the new registry instead (i.e. >= v1.22.17,
+ >= v1.23.15, >= v1.24.9, >= v1.25.0).
+ * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass to
+ the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable present
+ in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value.
+ Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's
+ namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its
+ key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ append:
+ description: append specifies whether to append Content to existing
+ file if Path exists.
+ type: boolean
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: containerLinuxConfig contains CLC specific configuration.
+ properties:
+ additionalConfig:
+ description: |-
+ additionalConfig contains additional configuration to be merged with the Ignition
+ configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+
+ The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ type: string
+ strict:
+ description: strict controls if AdditionalConfig should be
+ strictly parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet to
+ use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfig:
+ description: |-
+ kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
+ The file is generated at the path specified in KubeConfigPath.
+
+ Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
+ Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
+ properties:
+ cluster:
+ description: |-
+ cluster contains information about how to communicate with the kubernetes cluster.
+
+ By default the following fields are automatically populated:
+ - Server with the Cluster's ControlPlaneEndpoint.
+ - CertificateAuthorityData with the Cluster's CA certificate.
+ properties:
+ certificateAuthorityData:
+ description: |-
+ certificateAuthorityData contains PEM-encoded certificate authority certificates.
+
+ Defaults to the Cluster's CA certificate if empty.
+ format: byte
+ type: string
+ insecureSkipTLSVerify:
+ description: insecureSkipTLSVerify skips the validity
+ check for the server's certificate. This will
+ make your HTTPS connections insecure.
+ type: boolean
+ proxyURL:
+ description: |-
+ proxyURL is the URL to the proxy to be used for all requests made by this
+ client. URLs with "http", "https", and "socks5" schemes are supported. If
+ this configuration is not provided or the empty string, the client
+ attempts to construct a proxy configuration from http_proxy and
+ https_proxy environment variables. If these environment variables are not
+ set, the client does not attempt to proxy requests.
+
+ socks5 proxying does not currently support spdy streaming endpoints (exec,
+ attach, port forward).
+ type: string
+ server:
+ description: |-
+ server is the address of the kubernetes cluster (https://hostname:port).
+
+ Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
+ type: string
+ tlsServerName:
+ description: tlsServerName is used to check server
+ certificate. If TLSServerName is empty, the
+ hostname used to contact the server is used.
+ type: string
+ type: object
+ user:
+ description: |-
+ user contains information that describes identity information.
+ This is used to tell the kubernetes cluster who you are.
+ properties:
+ authProvider:
+ description: authProvider specifies a custom authentication
+ plugin for the kubernetes cluster.
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: config holds the parameters for
+ the authentication plugin.
+ type: object
+ name:
+ description: name is the name of the authentication
+ plugin.
+ type: string
+ required:
+ - name
+ type: object
+ exec:
+ description: exec specifies a custom exec-based
+ authentication plugin for the kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+ the same encoding version as the input.
+ Defaults to client.authentication.k8s.io/v1 if not set.
+ type: string
+ args:
+ description: Arguments to pass to the command
+ when executing it.
+ items:
+ type: string
+ type: array
+ command:
+ description: command to execute.
+ type: string
+ env:
+ description: |-
+ env defines additional environment variables to expose to the process. These
+ are unioned with the host's environment, as well as variables client-go uses
+ to pass argument to the plugin.
+ items:
+ description: |-
+ KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
+ credential plugin.
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ provideClusterInfo:
+ description: |-
+ provideClusterInfo determines whether or not to provide cluster information,
+ which could potentially contain very large CA data, to this exec plugin as a
+ part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
+ to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
+ reading this environment variable.
+ type: boolean
+ required:
+ - command
+ type: object
+ type: object
+ required:
+ - user
+ type: object
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+
+ Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
+ When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the user
+ type: string
+ passwdFrom:
+ description: passwdFrom is a referenced source of passwd to
+ populate the passwd.
+ properties:
+ secret:
+ description: secret represents a secret that should populate
+ this password.
+ properties:
+ key:
+ description: key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: primaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ conditions:
+ description: conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: dataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: |-
+ failureMessage will be set on non-retryable errors
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ failureReason:
+ description: |-
+ failureReason will be set on non-retryable errors
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in KubeadmConfig's status with the V1Beta2 version.
+ properties:
+ conditions:
+ description: |-
+ conditions represents the observations of a KubeadmConfig's current state.
+ Known condition types are Ready, DataSecretAvailable, CertificatesAvailable.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmConfigTemplate
+ listKind: KubeadmConfigTemplateList
+ plural: kubeadmconfigtemplates
+ singular: kubeadmconfigtemplate
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ CertificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: |-
+ Etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ External describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ CAFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ CertFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ KeyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ Local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ DataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ ExtraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ KubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ Networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should
+ be used for Kubernetes components instead of their respective
+ separate images
+ type: boolean
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ Description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ Expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ Groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ TTL defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ Usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ CACertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ ControlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ BootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ CACertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ UnsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: |-
+ File is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for
+ the user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: false
+ storage: false
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfigTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for
+ the user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfigTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ * If not set, the default registry of kubeadm will be used, i.e.
+ * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
+ * k8s.gcr.io (old registry): all older versions
+ Please note that when imageRepository is not set we don't allow upgrades to
+ versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
+ a newer patch version with the new registry instead (i.e. >= v1.22.17,
+ >= v1.23.15, >= v1.24.9, >= v1.25.0).
+ * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to
+ pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: append specifies whether to append Content
+ to existing file if Path exists.
+ type: boolean
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: containerLinuxConfig contains CLC specific
+ configuration.
+ properties:
+ additionalConfig:
+ description: |-
+ additionalConfig contains additional configuration to be merged with the Ignition
+ configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+
+ The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ type: string
+ strict:
+ description: strict controls if AdditionalConfig should
+ be strictly parsed. If so, warnings are treated
+ as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfig:
+ description: |-
+ kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
+ The file is generated at the path specified in KubeConfigPath.
+
+ Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
+ Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
+ properties:
+ cluster:
+ description: |-
+ cluster contains information about how to communicate with the kubernetes cluster.
+
+ By default the following fields are automatically populated:
+ - Server with the Cluster's ControlPlaneEndpoint.
+ - CertificateAuthorityData with the Cluster's CA certificate.
+ properties:
+ certificateAuthorityData:
+ description: |-
+ certificateAuthorityData contains PEM-encoded certificate authority certificates.
+
+ Defaults to the Cluster's CA certificate if empty.
+ format: byte
+ type: string
+ insecureSkipTLSVerify:
+ description: insecureSkipTLSVerify skips
+ the validity check for the server's
+ certificate. This will make your HTTPS
+ connections insecure.
+ type: boolean
+ proxyURL:
+ description: |-
+ proxyURL is the URL to the proxy to be used for all requests made by this
+ client. URLs with "http", "https", and "socks5" schemes are supported. If
+ this configuration is not provided or the empty string, the client
+ attempts to construct a proxy configuration from http_proxy and
+ https_proxy environment variables. If these environment variables are not
+ set, the client does not attempt to proxy requests.
+
+ socks5 proxying does not currently support spdy streaming endpoints (exec,
+ attach, port forward).
+ type: string
+ server:
+ description: |-
+ server is the address of the kubernetes cluster (https://hostname:port).
+
+ Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
+ type: string
+ tlsServerName:
+ description: tlsServerName is used to
+ check server certificate. If TLSServerName
+ is empty, the hostname used to contact
+ the server is used.
+ type: string
+ type: object
+ user:
+ description: |-
+ user contains information that describes identity information.
+ This is used to tell the kubernetes cluster who you are.
+ properties:
+ authProvider:
+ description: authProvider specifies a
+ custom authentication plugin for the
+ kubernetes cluster.
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: config holds the parameters
+ for the authentication plugin.
+ type: object
+ name:
+ description: name is the name of the
+ authentication plugin.
+ type: string
+ required:
+ - name
+ type: object
+ exec:
+ description: exec specifies a custom exec-based
+ authentication plugin for the kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+ the same encoding version as the input.
+ Defaults to client.authentication.k8s.io/v1 if not set.
+ type: string
+ args:
+ description: Arguments to pass to
+ the command when executing it.
+ items:
+ type: string
+ type: array
+ command:
+ description: command to execute.
+ type: string
+ env:
+ description: |-
+ env defines additional environment variables to expose to the process. These
+ are unioned with the host's environment, as well as variables client-go uses
+ to pass argument to the plugin.
+ items:
+ description: |-
+ KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
+ credential plugin.
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ provideClusterInfo:
+ description: |-
+ provideClusterInfo determines whether or not to provide cluster information,
+ which could potentially contain very large CA data, to this exec plugin as a
+ part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
+ to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
+ reading this environment variable.
+ type: boolean
+ required:
+ - command
+ type: object
+ type: object
+ required:
+ - user
+ type: object
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+
+ Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
+ When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for
+ the user
+ type: string
+ passwdFrom:
+ description: passwdFrom is a referenced source of passwd
+ to populate the passwd.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this password.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: primaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-leader-election-role
+ namespace: capi-kubeadm-bootstrap-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - kubeadmconfigs
+ - kubeadmconfigs/finalizers
+ - kubeadmconfigs/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machinepools
+ - machinepools/status
+ - machines
+ - machines/status
+ - machinesets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-leader-election-rolebinding
+ namespace: capi-kubeadm-bootstrap-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-kubeadm-bootstrap-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-kubeadm-bootstrap-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-bootstrap-controller-manager
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --diagnostics-address=:8443
+ - --insecure-diagnostics=false
+ - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=false
+ - --bootstrap-token-ttl=15m
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.9.5
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ terminationMessagePolicy: FallbackToLogsOnError
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: capi-kubeadm-bootstrap-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-kubeadm-bootstrap-webhook-service-cert
+status: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+ failurePolicy: Fail
+ name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+ failurePolicy: Fail
+ name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigtemplates
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigtemplates
+ sideEffects: None
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-control-plane-system
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-selfsigned-issuer
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-serving-cert
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ dnsNames:
+ - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc
+ - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-kubeadm-control-plane-selfsigned-issuer
+ secretName: capi-kubeadm-control-plane-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmControlPlane
+ listKind: KubeadmControlPlaneList
+ plural: kubeadmcontrolplanes
+ shortNames:
+ - kcp
+ singular: kubeadmcontrolplane
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ deprecated: true
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ infrastructureTemplate:
+ description: |-
+ infrastructureTemplate is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeadmConfigSpec:
+ description: |-
+ kubeadmConfigSpec is a KubeadmConfigSpec
+ to use for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ CertificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: |-
+ Etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ External describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ CAFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ CertFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ KeyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ Local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ DataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ ExtraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ ImageRepository sets the container registry to pull images from.
+ If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ KubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ Networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ HostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should
+ be used for Kubernetes components instead of their respective
+ separate images
+ type: boolean
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ Description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ Expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ Groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ TTL defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ Usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ CACertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ ControlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ BindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ BootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ CACertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ Token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ UnsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: |-
+ File is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ NodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the
+ user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1. When stacked etcd is used only
+ odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutStrategy:
+ description: |-
+ The RolloutStrategy to use to replace control plane machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of rollout. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ upgradeAfter:
+ description: |-
+ upgradeAfter is a field to indicate an upgrade should be performed
+ after the specified time even if no changes have been made to the
+ KubeadmControlPlane
+ format: date-time
+ type: string
+ version:
+ description: version defines the desired Kubernetes version.
+ type: string
+ required:
+ - infrastructureTemplate
+ - kubeadmConfigSpec
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ ErrorMessage indicates that there is a terminal problem reconciling the
+ state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a terminal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+ type: string
+ initialized:
+ description: |-
+ initialized denotes whether or not the control plane has the
+ uploaded kubeadm-config configmap.
+ type: boolean
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: |-
+ ready denotes that the KubeadmControlPlane API Server is ready to
+ receive requests.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the label selector in string format to avoid introspection
+ by clients, and is used to provide the CRD-based integration for the
+ scale subresource and additional integrations for things like kubectl
+ describe.. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this control plane.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet ready or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlane
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmControlPlane is the Schema for the KubeadmControlPlane API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: |-
+ kubeadmConfigSpec is a KubeadmConfigSpec
+ to use for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the
+ user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: |-
+ machineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1. When stacked etcd is used only
+ odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: |-
+ rolloutAfter is a field to indicate a rollout should be performed
+ after the specified time even if no changes have been made to the
+ KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: |-
+ The RolloutStrategy to use to replace control plane machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of rollout. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: version defines the desired Kubernetes version.
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may not be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ ErrorMessage indicates that there is a terminal problem reconciling the
+ state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a terminal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+ type: string
+ initialized:
+ description: |-
+ initialized denotes whether or not the control plane has the
+ uploaded kubeadm-config configmap.
+ type: boolean
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: |-
+ ready denotes that the KubeadmControlPlane API Server is ready to
+ receive requests.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the label selector in string format to avoid introspection
+ by clients, and is used to provide the CRD-based integration for the
+ scale subresource and additional integrations for things like kubectl
+ describe.. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this control plane.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet ready or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ that have the desired template spec.
+ format: int32
+ type: integer
+ version:
+ description: |-
+ version represents the minimum Kubernetes version for the control plane machines
+ in the cluster.
+ type: string
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+ name: Cluster
+ type: string
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Total number of machines desired by this control plane
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ - description: Time duration since creation of KubeadmControlPlane
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: |-
+ kubeadmConfigSpec is a KubeadmConfigSpec
+ to use for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ * If not set, the default registry of kubeadm will be used, i.e.
+ * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
+ * k8s.gcr.io (old registry): all older versions
+ Please note that when imageRepository is not set we don't allow upgrades to
+ versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
+ a newer patch version with the new registry instead (i.e. >= v1.22.17,
+ >= v1.23.15, >= v1.24.9, >= v1.25.0).
+ * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags to pass
+ to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system type.
+ type: string
+ label:
+ description: label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: append specifies whether to append Content
+ to existing file if Path exists.
+ type: boolean
+ content:
+ description: content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: containerLinuxConfig contains CLC specific configuration.
+ properties:
+ additionalConfig:
+ description: |-
+ additionalConfig contains additional configuration to be merged with the Ignition
+ configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+
+ The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ type: string
+ strict:
+ description: strict controls if AdditionalConfig should
+ be strictly parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfig:
+ description: |-
+ kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
+ The file is generated at the path specified in KubeConfigPath.
+
+ Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
+ Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
+ properties:
+ cluster:
+ description: |-
+ cluster contains information about how to communicate with the kubernetes cluster.
+
+ By default the following fields are automatically populated:
+ - Server with the Cluster's ControlPlaneEndpoint.
+ - CertificateAuthorityData with the Cluster's CA certificate.
+ properties:
+ certificateAuthorityData:
+ description: |-
+ certificateAuthorityData contains PEM-encoded certificate authority certificates.
+
+ Defaults to the Cluster's CA certificate if empty.
+ format: byte
+ type: string
+ insecureSkipTLSVerify:
+ description: insecureSkipTLSVerify skips the
+ validity check for the server's certificate.
+ This will make your HTTPS connections insecure.
+ type: boolean
+ proxyURL:
+ description: |-
+ proxyURL is the URL to the proxy to be used for all requests made by this
+ client. URLs with "http", "https", and "socks5" schemes are supported. If
+ this configuration is not provided or the empty string, the client
+ attempts to construct a proxy configuration from http_proxy and
+ https_proxy environment variables. If these environment variables are not
+ set, the client does not attempt to proxy requests.
+
+ socks5 proxying does not currently support spdy streaming endpoints (exec,
+ attach, port forward).
+ type: string
+ server:
+ description: |-
+ server is the address of the kubernetes cluster (https://hostname:port).
+
+ Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
+ type: string
+ tlsServerName:
+ description: tlsServerName is used to check
+ server certificate. If TLSServerName is
+ empty, the hostname used to contact the
+ server is used.
+ type: string
+ type: object
+ user:
+ description: |-
+ user contains information that describes identity information.
+ This is used to tell the kubernetes cluster who you are.
+ properties:
+ authProvider:
+ description: authProvider specifies a custom
+ authentication plugin for the kubernetes
+ cluster.
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: config holds the parameters
+ for the authentication plugin.
+ type: object
+ name:
+ description: name is the name of the authentication
+ plugin.
+ type: string
+ required:
+ - name
+ type: object
+ exec:
+ description: exec specifies a custom exec-based
+ authentication plugin for the kubernetes
+ cluster.
+ properties:
+ apiVersion:
+ description: |-
+ Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+ the same encoding version as the input.
+ Defaults to client.authentication.k8s.io/v1 if not set.
+ type: string
+ args:
+ description: Arguments to pass to the
+ command when executing it.
+ items:
+ type: string
+ type: array
+ command:
+ description: command to execute.
+ type: string
+ env:
+ description: |-
+ env defines additional environment variables to expose to the process. These
+ are unioned with the host's environment, as well as variables client-go uses
+ to pass argument to the plugin.
+ items:
+ description: |-
+ KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
+ credential plugin.
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ provideClusterInfo:
+ description: |-
+ provideClusterInfo determines whether or not to provide cluster information,
+ which could potentially contain very large CA data, to this exec plugin as a
+ part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
+ to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
+ reading this environment variable.
+ type: boolean
+ required:
+ - command
+ type: object
+ type: object
+ required:
+ - user
+ type: object
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+
+ Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
+ When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password for the
+ user
+ type: string
+ passwdFrom:
+ description: passwdFrom is a referenced source of passwd
+ to populate the passwd.
+ properties:
+ secret:
+ description: secret represents a secret that should
+ populate this password.
+ properties:
+ key:
+ description: key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: primaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineNamingStrategy:
+ description: |-
+ MachineNamingStrategy allows changing the naming pattern used when creating Machines.
+ InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
+ properties:
+ template:
+ description: |-
+ Template defines the template to use for generating the names of the Machine objects.
+ If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
+ If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
+ get concatenated with a random suffix of length 5.
+ Length of the template string must not exceed 256 characters.
+ The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
+ The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
+ The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
+ The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
+ maxLength: 256
+ type: string
+ type: object
+ machineTemplate:
+ description: |-
+ machineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ If no value is provided, the default value for this property of the Machine resource will be used.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ remediationStrategy:
+ description: The RemediationStrategy that controls how control plane
+ machine remediation happens.
+ properties:
+ maxRetry:
+ description: "maxRetry is the Max number of retries while attempting
+ to remediate an unhealthy machine.\nA retry happens when a machine
+ that was created as a replacement for an unhealthy machine also
+ fails.\nFor example, given a control plane with three machines
+ M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
+ M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
+ M1) has problems while bootstrapping it will become unhealthy,
+ and then be\n\tremediated; such operation is considered a retry,
+ remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
+ unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
+ could happen only after RetryPeriod from the previous retry.\nIf
+ a machine is marked as unhealthy after MinHealthyPeriod from
+ the previous remediation expired,\nthis is not considered a
+ retry anymore because the new issue is assumed unrelated from
+ the previous one.\n\nIf not set, the remedation will be retried
+ infinitely."
+ format: int32
+ type: integer
+ minHealthyPeriod:
+ description: "minHealthyPeriod defines the duration after which
+ KCP will consider any failure to a machine unrelated\nfrom the
+ previous one. In this case the remediation is not considered
+ a retry anymore, and thus the retry\ncounter restarts from 0.
+ For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
+ become unhealthy; remediation happens, and M1-1 is created as
+ a replacement.\n\tIf M1-1 (replacement of M1) has problems within
+ the 1hr after the creation, also\n\tthis machine will be remediated
+ and this operation is considered a retry - a problem related\n\tto
+ the original issue happened to M1 -.\n\n\tIf instead the problem
+ on M1-1 is happening after MinHealthyPeriod expired, e.g. four
+ days after\n\tm1-1 has been created as a remediation of M1,
+ the problem on M1-1 is considered unrelated to\n\tthe original
+ issue happened to M1.\n\nIf not set, this value is defaulted
+ to 1h."
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
+ for an unhealthy machine (a retry).
+
+ If not set, a retry will happen immediately.
+ type: string
+ type: object
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1. When stacked etcd is used only
+ odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: |-
+ rolloutAfter is a field to indicate a rollout should be performed
+ after the specified time even if no changes have been made to the
+ KubeadmControlPlane.
+ Example: In the YAML the time can be specified in the RFC3339 format.
+ To specify the rolloutAfter target as March 9, 2023, at 9 am UTC
+ use "2023-03-09T09:00:00Z".
+ format: date-time
+ type: string
+ rolloutBefore:
+ description: |-
+ rolloutBefore is a field to indicate a rollout should be performed
+ if the specified criteria is met.
+ properties:
+ certificatesExpiryDays:
+ description: |-
+ certificatesExpiryDays indicates a rollout needs to be performed if the
+ certificates of the machine will expire within the specified days.
+ format: int32
+ type: integer
+ type: object
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: |-
+ The RolloutStrategy to use to replace control plane machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of rollout. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: |-
+ version defines the desired Kubernetes version.
+ Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set
+ we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io).
+ Please use a newer patch version with the new registry instead. The default registries of kubeadm are:
+ * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
+ * k8s.gcr.io (old registry): all older versions
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ ErrorMessage indicates that there is a terminal problem reconciling the
+ state, and will be set to a descriptive error message.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ failureReason:
+ description: |-
+ failureReason indicates that there is a terminal problem reconciling the
+ state, and will be set to a token value suitable for
+ programmatic interpretation.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ type: string
+ initialized:
+ description: |-
+ initialized denotes that the KubeadmControlPlane API Server is initialized and thus
+ it can accept requests.
+ NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
+ The value of this field is never updated after provisioning is completed. Please use conditions
+ to check the operational state of the control plane.
+ type: boolean
+ lastRemediation:
+ description: lastRemediation stores info about last remediation performed.
+ properties:
+ machine:
+ description: machine is the machine name of the latest machine
+ being remediated.
+ type: string
+ retryCount:
+ description: |-
+ retryCount used to keep track of remediation retry for the last remediated machine.
+ A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
+ format: int32
+ type: integer
+ timestamp:
+ description: timestamp is when last remediation happened. It is
+ represented in RFC3339 form and is in UTC.
+ format: date-time
+ type: string
+ required:
+ - machine
+ - retryCount
+ - timestamp
+ type: object
+ observedGeneration:
+ description: observedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: |-
+ ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning
+ to receive requests.
+ NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
+ The value of this field is never updated after provisioning is completed. Please use conditions
+ to check the operational state of the control plane.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: |-
+ selector is the label selector in string format to avoid introspection
+ by clients, and is used to provide the CRD-based integration for the
+ scale subresource and additional integrations for things like kubectl
+ describe.. The string will be in the same format as the query-param syntax.
+ More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
+ type: string
+ unavailableReplicas:
+ description: |-
+ Total number of unavailable machines targeted by this control plane.
+ This is the total number of machines that are still required for
+ the deployment to have 100% available capacity. They may either
+ be machines that are running but not yet ready or machines
+ that still have not been created.
+
+ Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: |-
+ Total number of non-terminated machines targeted by this control plane
+ that have the desired template spec.
+ format: int32
+ type: integer
+ v1beta2:
+ description: v1beta2 groups all the fields that will be added or modified
+ in KubeadmControlPlane's status with the V1Beta2 version.
+ properties:
+ availableReplicas:
+ description: availableReplicas is the number of available replicas
+ targeted by this KubeadmControlPlane. A machine is considered
+ available when Machine's Available condition is true.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ conditions represents the observations of a KubeadmControlPlane's current state.
+ Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate,
+ ScalingUp, ScalingDown, Remediating, Deleting, Paused.
+ items:
+ description: Condition contains details for one aspect of the
+ current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ readyReplicas:
+ description: readyReplicas is the number of ready replicas for
+ this KubeadmControlPlane. A machine is considered ready when
+ Machine's Ready condition is true.
+ format: int32
+ type: integer
+ upToDateReplicas:
+ description: upToDateReplicas is the number of up-to-date replicas
+ targeted by this KubeadmControlPlane. A machine is considered
+ up-to-date when Machine's UpToDate condition is true.
+ format: int32
+ type: integer
+ type: object
+ version:
+ description: |-
+ version represents the minimum Kubernetes version for the control plane machines
+ in the cluster.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmControlPlaneTemplate
+ listKind: KubeadmControlPlaneTemplateList
+ plural: kubeadmcontrolplanetemplates
+ singular: kubeadmcontrolplanetemplate
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlaneTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: |-
+ KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API.
+
+ Deprecated: This type will be removed in one of the next releases.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneTemplateSpec defines the desired state
+ of KubeadmControlPlaneTemplate.
+ properties:
+ template:
+ description: KubeadmControlPlaneTemplateResource describes the data
+ needed to create a KubeadmControlPlane from a template.
+ properties:
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state
+ of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: |-
+ kubeadmConfigSpec is a KubeadmConfigSpec
+ to use for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for
+ the API server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the
+ timeout that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject
+ Alternative Names for the etcd peer signing
+ cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io`
+ will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used
+ by k8s services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for
+ the scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file
+ systems to setup.
+ items:
+ description: Filesystem defines the file systems
+ to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options
+ to add to the command for creating the file
+ system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: label specifies the file system
+ label to be used. If set to None, no label
+ is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition
+ to use. The valid options are: "auto|any",
+ "auto", "any", "none", and <NUM>, where NUM
+ is the actual partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the
+ partitions to setup.
+ items:
+ description: Partition defines how to create and
+ layout a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed
+ to user_data upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: content is the actual content of the
+ file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source
+ of content to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that
+ should populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of
+ the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the
+ file, e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk
+ where to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions
+ to assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the
+ bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on
+ this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP
+ address for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the
+ kubelet to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or
+ domain name to the API server from which
+ info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to
+ be setup.
+ items:
+ description: MountPoints defines input for generated
+ mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands
+ to run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated
+ user in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for
+ the user
+ type: string
+ groups:
+ description: groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory
+ to use for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark
+ the user as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password
+ login should be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password
+ for the user
+ type: string
+ primaryGroup:
+ description: primaryGroup specifies the primary
+ group for the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list
+ of ssh authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the
+ user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: |-
+ machineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: |-
+ infrastructureRef is a required reference to a custom resource
+ offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: |-
+ If referring to a piece of an object instead of an entire object, this string
+ should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only to have some well-defined way of
+ referencing a part of an object.
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ type: string
+ resourceVersion:
+ description: |-
+ Specific resourceVersion to which this reference is made, if any.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+ type: string
+ uid:
+ description: |-
+ UID of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ replicas:
+ description: |-
+ Number of desired machines. Defaults to 1. When stacked etcd is used only
+ odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: |-
+ rolloutAfter is a field to indicate a rollout should be performed
+ after the specified time even if no changes have been made to the
+ KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: |-
+ The RolloutStrategy to use to replace control plane machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of rollout. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: version defines the desired Kubernetes version.
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlaneTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneTemplateSpec defines the desired state
+ of KubeadmControlPlaneTemplate.
+ properties:
+ template:
+ description: KubeadmControlPlaneTemplateResource describes the data
+ needed to create a KubeadmControlPlane from a template.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ spec:
+ description: |-
+ KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane.
+ NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but
+ omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate,
+ because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot
+ be configured on the KubeadmControlPlaneTemplate.
+ properties:
+ kubeadmConfigSpec:
+ description: |-
+ kubeadmConfigSpec is a KubeadmConfigSpec
+ to use for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: clusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: apiServer contains extra settings for
+ the API server control plane component
+ properties:
+ certSANs:
+ description: certSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: timeoutForControlPlane controls the
+ timeout that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ certificatesDir:
+ description: |-
+ certificatesDir specifies where to store or look for all required certificates.
+ NB: if not provided, this will default to `/etc/kubernetes/pki`
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: |-
+ controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it
+ can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+ In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+ the BindPort is used.
+ Possible usages are:
+ e.g. In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+ e.g. in environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.
+ type: string
+ controllerManager:
+ description: controllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: dns defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: |-
+ etcd holds configuration for etcd.
+ NB: This value defaults to a Local (stacked) etcd
+ properties:
+ external:
+ description: |-
+ external describes how to connect to an external etcd cluster
+ Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: |-
+ caFile is an SSL Certificate Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: |-
+ certFile is an SSL certification file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: |-
+ keyFile is an SSL key file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: |-
+ local provides configuration knobs for configuring the local etcd instance
+ Local and External are mutually exclusive
+ properties:
+ dataDir:
+ description: |-
+ dataDir is the directory etcd will place its data.
+ Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ extraArgs are extra arguments provided to the etcd binary
+ when run inside a static pod.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment
+ variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a
+ ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether
+ the ConfigMap or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a
+ secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the
+ secret to select from. Must
+ be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether
+ the Secret or its key must
+ be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ if not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: |-
+ imageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: peerCertSANs sets extra Subject
+ Alternative Names for the etcd peer signing
+ cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: serverCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: featureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: |-
+ imageRepository sets the container registry to pull images from.
+ * If not set, the default registry of kubeadm will be used, i.e.
+ * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0
+ * k8s.gcr.io (old registry): all older versions
+ Please note that when imageRepository is not set we don't allow upgrades to
+ versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use
+ a newer patch version with the new registry instead (i.e. >= v1.22.17,
+ >= v1.23.15, >= v1.24.9, >= v1.25.0).
+ * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will be used for all the other images.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ kubernetesVersion:
+ description: |-
+ kubernetesVersion is the target version of the control plane.
+ NB: This value defaults to the Machine object spec.version
+ type: string
+ networking:
+ description: |-
+ networking holds configuration for the networking topology of the cluster.
+ NB: This value defaults to the Cluster object spec.clusterNetwork.
+ properties:
+ dnsDomain:
+ description: dnsDomain is the dns domain used
+ by k8s services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: |-
+ podSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: |-
+ serviceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or
+ to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: scheduler contains extra settings for
+ the scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: extraArgs is an extra set of flags
+ to pass to the control plane component.
+ type: object
+ extraEnvs:
+ description: |-
+ extraEnvs is an extra set of environment variables to pass to the control plane component.
+ Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default.
+ This option takes effect only on Kubernetes >=1.31.0.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ extraVolumes:
+ description: extraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: |-
+ HostPathMount contains elements describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: |-
+ hostPath is the path in the host that will be mounted inside
+ the pod.
+ type: string
+ mountPath:
+ description: mountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: pathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: readOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: diskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: filesystems specifies the list of file
+ systems to setup.
+ items:
+ description: Filesystem defines the file systems
+ to be created.
+ properties:
+ device:
+ description: device specifies the device name
+ type: string
+ extraOpts:
+ description: extraOpts defined extra options
+ to add to the command for creating the file
+ system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: label specifies the file system
+ label to be used. If set to None, no label
+ is used.
+ type: string
+ overwrite:
+ description: |-
+ overwrite defines whether or not to overwrite any existing filesystem.
+ If true, any pre-existing file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'partition specifies the partition
+ to use. The valid options are: "auto|any",
+ "auto", "any", "none", and <NUM>, where NUM
+ is the actual partition number.'
+ type: string
+ replaceFS:
+ description: |-
+ replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>.
+ NOTE: unless you define a label, this requires the use of the 'any' partition directive.
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: partitions specifies the list of the
+ partitions to setup.
+ items:
+ description: Partition defines how to create and
+ layout a partition.
+ properties:
+ device:
+ description: device is the name of the device.
+ type: string
+ layout:
+ description: |-
+ layout specifies the device layout.
+ If it is true, a single partition will be created for the entire device.
+ When layout is false, it means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: |-
+ overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: |-
+ tableType specifies the tupe of partition table. The following are supported:
+ 'mbr': default and setups a MS-DOS partition table
+ 'gpt': setups a GPT partition table
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: files specifies extra files to be passed
+ to user_data upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: append specifies whether to append
+ Content to existing file if Path exists.
+ type: boolean
+ content:
+ description: content is the actual content of the
+ file.
+ type: string
+ contentFrom:
+ description: contentFrom is a referenced source
+ of content to populate the file.
+ properties:
+ secret:
+ description: secret represents a secret that
+ should populate this file.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: encoding specifies the encoding of
+ the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: owner specifies the ownership of the
+ file, e.g. "root:root".
+ type: string
+ path:
+ description: path specifies the full path on disk
+ where to store the file.
+ type: string
+ permissions:
+ description: permissions specifies the permissions
+ to assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: format specifies the output format of the
+ bootstrap data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: containerLinuxConfig contains CLC specific
+ configuration.
+ properties:
+ additionalConfig:
+ description: |-
+ additionalConfig contains additional configuration to be merged with the Ignition
+ configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+
+ The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
+ type: string
+ strict:
+ description: strict controls if AdditionalConfig
+ should be strictly parsed. If so, warnings are
+ treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: initConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ bootstrapTokens:
+ description: |-
+ bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: |-
+ description sets a human-friendly message why this token exists and what it's used
+ for, so other administrators can know its purpose.
+ type: string
+ expires:
+ description: |-
+ expires specifies the timestamp when this token expires. Defaults to being set
+ dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: |-
+ groups specifies the extra groups that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is used for establishing bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: |-
+ ttl defines the time to live for this token. Defaults to 24h.
+ Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: |-
+ usages describes the ways in which this token can be used. Can by default be used
+ for establishing bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ localAPIEndpoint:
+ description: |-
+ localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node
+ In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+ is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+ configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: joinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ caCertPath:
+ description: |-
+ caCertPath is the path to the SSL certificate authority used to
+ secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt".
+ type: string
+ controlPlane:
+ description: |-
+ controlPlane defines the additional control plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: localAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on
+ this node.
+ properties:
+ advertiseAddress:
+ description: advertiseAddress sets the IP
+ address for the API server to advertise.
+ type: string
+ bindPort:
+ description: |-
+ bindPort sets the secure port for the API Server to bind to.
+ Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: discovery specifies the options for the
+ kubelet to use during the TLS Bootstrap process
+ properties:
+ bootstrapToken:
+ description: |-
+ bootstrapToken is used to set the options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: apiServerEndpoint is an IP or
+ domain name to the API server from which
+ info will be fetched.
+ type: string
+ caCertHashes:
+ description: |-
+ caCertHashes specifies a set of public key pins to verify
+ when token-based discovery is used. The root CA found during discovery
+ must match one of these values. Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256". This is a hex-encoded
+ SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using, for example, OpenSSL:
+ openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex
+ items:
+ type: string
+ type: array
+ token:
+ description: |-
+ token is a token used to validate cluster information
+ fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: |-
+ unsafeSkipCAVerification allows token-based discovery
+ without CA verification via CACertHashes. This can weaken
+ the security of kubeadm since other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: |-
+ file is used to specify a file or URL to a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfig:
+ description: |-
+ kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
+ The file is generated at the path specified in KubeConfigPath.
+
+ Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
+ Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
+ properties:
+ cluster:
+ description: |-
+ cluster contains information about how to communicate with the kubernetes cluster.
+
+ By default the following fields are automatically populated:
+ - Server with the Cluster's ControlPlaneEndpoint.
+ - CertificateAuthorityData with the Cluster's CA certificate.
+ properties:
+ certificateAuthorityData:
+ description: |-
+ certificateAuthorityData contains PEM-encoded certificate authority certificates.
+
+ Defaults to the Cluster's CA certificate if empty.
+ format: byte
+ type: string
+ insecureSkipTLSVerify:
+ description: insecureSkipTLSVerify
+ skips the validity check for the
+ server's certificate. This will
+ make your HTTPS connections insecure.
+ type: boolean
+ proxyURL:
+ description: |-
+ proxyURL is the URL to the proxy to be used for all requests made by this
+ client. URLs with "http", "https", and "socks5" schemes are supported. If
+ this configuration is not provided or the empty string, the client
+ attempts to construct a proxy configuration from http_proxy and
+ https_proxy environment variables. If these environment variables are not
+ set, the client does not attempt to proxy requests.
+
+ socks5 proxying does not currently support spdy streaming endpoints (exec,
+ attach, port forward).
+ type: string
+ server:
+ description: |-
+ server is the address of the kubernetes cluster (https://hostname:port).
+
+ Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint.
+ type: string
+ tlsServerName:
+ description: tlsServerName is used
+ to check server certificate. If
+ TLSServerName is empty, the hostname
+ used to contact the server is used.
+ type: string
+ type: object
+ user:
+ description: |-
+ user contains information that describes identity information.
+ This is used to tell the kubernetes cluster who you are.
+ properties:
+ authProvider:
+ description: authProvider specifies
+ a custom authentication plugin for
+ the kubernetes cluster.
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: config holds the
+ parameters for the authentication
+ plugin.
+ type: object
+ name:
+ description: name is the name
+ of the authentication plugin.
+ type: string
+ required:
+ - name
+ type: object
+ exec:
+ description: exec specifies a custom
+ exec-based authentication plugin
+ for the kubernetes cluster.
+ properties:
+ apiVersion:
+ description: |-
+ Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+ the same encoding version as the input.
+ Defaults to client.authentication.k8s.io/v1 if not set.
+ type: string
+ args:
+ description: Arguments to pass
+ to the command when executing
+ it.
+ items:
+ type: string
+ type: array
+ command:
+ description: command to execute.
+ type: string
+ env:
+ description: |-
+ env defines additional environment variables to expose to the process. These
+ are unioned with the host's environment, as well as variables client-go uses
+ to pass argument to the plugin.
+ items:
+ description: |-
+ KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
+ credential plugin.
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ provideClusterInfo:
+ description: |-
+ provideClusterInfo determines whether or not to provide cluster information,
+ which could potentially contain very large CA data, to this exec plugin as a
+ part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
+ to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
+ reading this environment variable.
+ type: boolean
+ required:
+ - command
+ type: object
+ type: object
+ required:
+ - user
+ type: object
+ kubeConfigPath:
+ description: kubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: |-
+ tlsBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ nodeRegistration:
+ description: |-
+ nodeRegistration holds fields that relate to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: criSocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: ignorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ imagePullPolicy:
+ description: |-
+ imagePullPolicy specifies the policy for image pulling
+ during kubeadm "init" and "join" operations. The value of
+ this field must be one of "Always", "IfNotPresent" or
+ "Never". Defaults to "IfNotPresent". This can be used only
+ with Kubernetes version equal to 1.22 and later.
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ imagePullSerial:
+ description: |-
+ imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel.
+ This option takes effect only on Kubernetes >=1.31.0.
+ Default: true (defaulted in kubeadm)
+ type: boolean
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file
+ kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: |-
+ name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field of the kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: |-
+ taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an
+ empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: |-
+ patches contains options related to applying patches to components deployed by kubeadm during
+ "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: |-
+ directory is a path to a directory that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of
+ "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one
+ of "strategic" "merge" or "json" and they match the patch formats supported by kubectl.
+ The default "patchtype" is "strategic". "extension" must be either "json" or "yaml".
+ "suffix" is an optional string that can be used to determine which patches are applied
+ first alpha-numerically.
+ These files can be written into the target directory via KubeadmConfig.Files which
+ specifies additional files to be created on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: |-
+ skipPhases is a list of phases to skip during command execution.
+ The list of phases can be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: mounts specifies a list of mount points to
+ be setup.
+ items:
+ description: MountPoints defines input for generated
+ mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: ntp specifies NTP configuration
+ properties:
+ enabled:
+ description: enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: postKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: preKubeadmCommands specifies extra commands
+ to run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: |-
+ useExperimentalRetryJoin replaces a basic kubeadm command with a shell
+ script with retries for joins.
+
+ This is meant to be an experimental temporary workaround on some environments
+ where joins fail due to timing (and other issues). The long term goal is to add retries to
+ kubeadm proper and use that functionality.
+
+ This will add about 40KB to userdata
+
+ For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+
+ Deprecated: This experimental fix is no longer needed and this field will be removed in a future release.
+ When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml
+ type: boolean
+ users:
+ description: users specifies extra users to add
+ items:
+ description: User defines the input for a generated
+ user in cloud-init.
+ properties:
+ gecos:
+ description: gecos specifies the gecos to use for
+ the user
+ type: string
+ groups:
+ description: groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: homeDir specifies the home directory
+ to use for the user
+ type: string
+ inactive:
+ description: inactive specifies whether to mark
+ the user as inactive
+ type: boolean
+ lockPassword:
+ description: lockPassword specifies if password
+ login should be disabled
+ type: boolean
+ name:
+ description: name specifies the user name
+ type: string
+ passwd:
+ description: passwd specifies a hashed password
+ for the user
+ type: string
+ passwdFrom:
+ description: passwdFrom is a referenced source of
+ passwd to populate the passwd.
+ properties:
+ secret:
+ description: secret represents a secret that
+ should populate this password.
+ properties:
+ key:
+ description: key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: primaryGroup specifies the primary
+ group for the user
+ type: string
+ shell:
+ description: shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: sshAuthorizedKeys specifies a list
+ of ssh authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: sudo specifies a sudo role for the
+ user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: |-
+ verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineNamingStrategy:
+ description: |-
+ MachineNamingStrategy allows changing the naming pattern used when creating Machines.
+ InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines.
+ properties:
+ template:
+ description: |-
+ Template defines the template to use for generating the names of the Machine objects.
+ If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`.
+ If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will
+ get concatenated with a random suffix of length 5.
+ Length of the template string must not exceed 256 characters.
+ The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`.
+ The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created.
+ The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created.
+ The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5.
+ maxLength: 256
+ type: string
+ type: object
+ machineTemplate:
+ description: |-
+ machineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: |-
+ annotations is an unstructured key value map stored with a resource that may be
+ set by external tools to store and retrieve arbitrary metadata. They are not
+ queryable and should be preserved when modifying objects.
+ More info: http://kubernetes.io/docs/user-guide/annotations
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: |-
+ Map of string keys and values that can be used to organize and categorize
+ (scope and select) objects. May match selectors of replication controllers
+ and services.
+ More info: http://kubernetes.io/docs/user-guide/labels
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: |-
+ nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ If no value is provided, the default value for this property of the Machine resource will be used.
+ type: string
+ nodeDrainTimeout:
+ description: |-
+ nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
+ The default value is 0, meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+ type: string
+ nodeVolumeDetachTimeout:
+ description: |-
+ nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
+ type: string
+ type: object
+ remediationStrategy:
+ description: The RemediationStrategy that controls how control
+ plane machine remediation happens.
+ properties:
+ maxRetry:
+ description: "maxRetry is the Max number of retries while
+ attempting to remediate an unhealthy machine.\nA retry
+ happens when a machine that was created as a replacement
+ for an unhealthy machine also fails.\nFor example, given
+ a control plane with three machines M1, M2, M3:\n\n\tM1
+ become unhealthy; remediation happens, and M1-1 is created
+ as a replacement.\n\tIf M1-1 (replacement of M1) has
+ problems while bootstrapping it will become unhealthy,
+ and then be\n\tremediated; such operation is considered
+ a retry, remediation-retry #1.\n\tIf M1-2 (replacement
+ of M1-1) becomes unhealthy, remediation-retry #2 will
+ happen, etc.\n\nA retry could happen only after RetryPeriod
+ from the previous retry.\nIf a machine is marked as
+ unhealthy after MinHealthyPeriod from the previous remediation
+ expired,\nthis is not considered a retry anymore because
+ the new issue is assumed unrelated from the previous
+ one.\n\nIf not set, the remedation will be retried infinitely."
+ format: int32
+ type: integer
+ minHealthyPeriod:
+ description: "minHealthyPeriod defines the duration after
+ which KCP will consider any failure to a machine unrelated\nfrom
+ the previous one. In this case the remediation is not
+ considered a retry anymore, and thus the retry\ncounter
+ restarts from 0. For example, assuming MinHealthyPeriod
+ is set to 1h (default)\n\n\tM1 become unhealthy; remediation
+ happens, and M1-1 is created as a replacement.\n\tIf
+ M1-1 (replacement of M1) has problems within the 1hr
+ after the creation, also\n\tthis machine will be remediated
+ and this operation is considered a retry - a problem
+ related\n\tto the original issue happened to M1 -.\n\n\tIf
+ instead the problem on M1-1 is happening after MinHealthyPeriod
+ expired, e.g. four days after\n\tm1-1 has been created
+ as a remediation of M1, the problem on M1-1 is considered
+ unrelated to\n\tthe original issue happened to M1.\n\nIf
+ not set, this value is defaulted to 1h."
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
+ for an unhealthy machine (a retry).
+
+ If not set, a retry will happen immediately.
+ type: string
+ type: object
+ rolloutAfter:
+ description: |-
+ rolloutAfter is a field to indicate a rollout should be performed
+ after the specified time even if no changes have been made to the
+ KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutBefore:
+ description: |-
+ rolloutBefore is a field to indicate a rollout should be performed
+ if the specified criteria is met.
+ properties:
+ certificatesExpiryDays:
+ description: |-
+ certificatesExpiryDays indicates a rollout needs to be performed if the
+ certificates of the machine will expire within the specified days.
+ format: int32
+ type: integer
+ type: object
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: |-
+ The RolloutStrategy to use to replace control plane machines with
+ new ones.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of control planes that can be scheduled above or under the
+ desired number of control planes.
+ Value can be an absolute number 1 or 0.
+ Defaults to 1.
+ Example: when this is set to 1, the control plane can be scaled
+ up immediately when the rolling update starts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type of rollout. Currently the only supported strategy is
+ "RollingUpdate".
+ Default is RollingUpdate.
+ type: string
+ type: object
+ required:
+ - kubeadmConfigSpec
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-leader-election-role
+ namespace: capi-kubeadm-control-plane-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+ name: capi-kubeadm-control-plane-manager-role
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ - controlplane.cluster.x-k8s.io
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machinepools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-leader-election-rolebinding
+ namespace: capi-kubeadm-control-plane-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-kubeadm-control-plane-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-kubeadm-control-plane-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-control-plane-controller-manager
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --diagnostics-address=:8443
+ - --insecure-diagnostics=false
+ - --use-deprecated-infra-machine-naming=false
+ - --feature-gates=MachinePool=true,ClusterTopology=false,KubeadmBootstrapFormatIgnition=false
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.9.5
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ terminationMessagePolicy: FallbackToLogsOnError
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: capi-kubeadm-control-plane-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-kubeadm-control-plane-webhook-service-cert
+status: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+ failurePolicy: Fail
+ name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanetemplates
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes/scale
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+ failurePolicy: Fail
+ name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanetemplates
+ sideEffects: None
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ control-plane: controller-manager
+ name: orc-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.4
+ name: images.openstack.k-orc.cloud
+spec:
+ group: openstack.k-orc.cloud
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Resource ID
+ jsonPath: .status.id
+ name: ID
+ type: string
+ - description: Availability status of resource
+ jsonPath: .status.conditions[?(@.type=='Available')].status
+ name: Available
+ type: string
+ - description: Message describing current availability status
+ jsonPath: .status.conditions[?(@.type=='Available')].message
+ name: Message
+ type: string
+ - description: Time duration since creation
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Image is the Schema for an ORC resource.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ImageSpec defines the desired state of an ORC object.
+ properties:
+ cloudCredentialsRef:
+ description: CloudCredentialsRef points to a secret containing OpenStack
+ credentials
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry in the
+ clouds.yaml file to use.
+ maxLength: 256
+ minLength: 1
+ type: string
+ secretName:
+ description: |-
+ SecretName is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - cloudName
+ - secretName
+ type: object
+ import:
+ description: |-
+ Import refers to an existing OpenStack resource which will be imported instead of
+ creating a new one.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter contains a resource query which is expected to return a single
+ result. The controller will continue to retry if filter returns no
+ results. If filter returns multiple results the controller will set an
+ error state and will not continue to retry.
+ minProperties: 1
+ properties:
+ name:
+ description: Name specifies the name of a Glance image
+ maxLength: 1000
+ minLength: 1
+ type: string
+ type: object
+ id:
+ description: |-
+ ID contains the unique identifier of an existing OpenStack resource. Note
+ that when specifying an import by ID, the resource MUST already exist.
+ The ORC object will enter an error state if the resource does not exist.
+ format: uuid
+ type: string
+ type: object
+ managedOptions:
+ description: ManagedOptions specifies options which may be applied
+ to managed objects.
+ properties:
+ onDelete:
+ default: delete
+ description: |-
+ OnDelete specifies the behaviour of the controller when the ORC
+ object is deleted. Options are `delete` - delete the OpenStack resource;
+ `detach` - do not delete the OpenStack resource. If not specified, the
+ default is `delete`.
+ enum:
+ - delete
+ - detach
+ type: string
+ type: object
+ managementPolicy:
+ default: managed
+ description: |-
+ ManagementPolicy defines how ORC will treat the object. Valid values are
+ `managed`: ORC will create, update, and delete the resource; `unmanaged`:
+ ORC will import an existing resource, and will not apply updates to it or
+ delete it.
+ enum:
+ - managed
+ - unmanaged
+ type: string
+ x-kubernetes-validations:
+ - message: managementPolicy is immutable
+ rule: self == oldSelf
+ resource:
+ description: |-
+ Resource specifies the desired state of the resource.
+
+ Resource may not be specified if the management policy is `unmanaged`.
+
+ Resource must be specified if the management policy is `managed`.
+ properties:
+ content:
+ description: Content specifies how to obtain the image content.
+ properties:
+ containerFormat:
+ default: bare
+ description: |-
+ ContainerFormat is the format of the image container.
+ qcow2 and raw images do not usually have a container. This is specified as "bare", which is also the default.
+ Permitted values are ami, ari, aki, bare, ovf, ova, and docker.
+ enum:
+ - ami
+ - ari
+ - aki
+ - bare
+ - ovf
+ - ova
+ - docker
+ type: string
+ diskFormat:
+ description: |-
+ DiskFormat is the format of the disk image.
+ Normal values are "qcow2", or "raw". Glance may be configured to support others.
+ enum:
+ - ami
+ - ari
+ - aki
+ - vhd
+ - vhdx
+ - vmdk
+ - raw
+ - qcow2
+ - vdi
+ - ploop
+ - iso
+ type: string
+ download:
+ description: |-
+ Download describes how to obtain image data by downloading it from a URL.
+ Must be set when creating a managed image.
+ properties:
+ decompress:
+ description: |-
+ Decompress specifies that the source data must be decompressed with the
+ given compression algorithm before being stored. Specifying Decompress
+ will disable the use of Glance's web-download, as web-download cannot
+ currently deterministically decompress downloaded content.
+ enum:
+ - xz
+ - gz
+ - bz2
+ type: string
+ hash:
+ description: |-
+ Hash is a hash which will be used to verify downloaded data, i.e.
+ before any decompression. If not specified, no hash verification will be
+ performed. Specifying a Hash will disable the use of Glance's
+ web-download, as web-download cannot currently deterministically verify
+ the hash of downloaded content.
+ properties:
+ algorithm:
+ description: Algorithm is the hash algorithm used
+ to generate value.
+ enum:
+ - md5
+ - sha1
+ - sha256
+ - sha512
+ type: string
+ value:
+ description: Value is the hash of the image data using
+ Algorithm. It must be hex encoded using lowercase
+ letters.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[0-9a-f]+$
+ type: string
+ required:
+ - algorithm
+ - value
+ type: object
+ x-kubernetes-validations:
+ - message: hash is immutable
+ rule: self == oldSelf
+ url:
+ description: URL containing image data
+ format: uri
+ type: string
+ required:
+ - url
+ type: object
+ required:
+ - diskFormat
+ - download
+ type: object
+ x-kubernetes-validations:
+ - message: content is immutable
+ rule: self == oldSelf
+ name:
+ description: |-
+ Name will be the name of the created Glance image. If not specified, the
+ name of the Image object will be used.
+ maxLength: 1024
+ minLength: 1
+ type: string
+ properties:
+ description: Properties is metadata available to consumers of
+ the image
+ properties:
+ hardware:
+ description: |-
+ Hardware is a set of properties which control the virtual hardware
+ created by Nova.
+ properties:
+ cdromBus:
+ description: CDROMBus specifies the type of disk controller
+ to attach CD-ROM devices to.
+ enum:
+ - scsi
+ - virtio
+ - uml
+ - xen
+ - ide
+ - usb
+ - lxc
+ type: string
+ cpuCores:
+ description: CPUCores is the preferred number of cores
+ to expose to the guest
+ type: integer
+ cpuPolicy:
+ description: |-
+ CPUPolicy is used to pin the virtual CPUs (vCPUs) of instances to the
+ host's physical CPU cores (pCPUs). Host aggregates should be used to
+ separate these pinned instances from unpinned instances as the latter
+ will not respect the resourcing requirements of the former.
+
+ Permitted values are shared (the default), and dedicated.
+
+ shared: The guest vCPUs will be allowed to freely float across host
+ pCPUs, albeit potentially constrained by NUMA policy.
+
+ dedicated: The guest vCPUs will be strictly pinned to a set of host
+ pCPUs. In the absence of an explicit vCPU topology request, the
+ drivers typically expose all vCPUs as sockets with one core and one
+ thread. When strict CPU pinning is in effect the guest CPU topology
+ will be setup to match the topology of the CPUs to which it is
+ pinned. This option implies an overcommit ratio of 1.0. For example,
+ if a two vCPU guest is pinned to a single host core with two threads,
+ then the guest will get a topology of one socket, one core, two
+ threads.
+ enum:
+ - shared
+ - dedicated
+ type: string
+ cpuSockets:
+ description: CPUSockets is the preferred number of sockets
+ to expose to the guest
+ type: integer
+ cpuThreadPolicy:
+ description: |-
+ CPUThreadPolicy further refines a CPUPolicy of 'dedicated' by stating
+ how hardware CPU threads in a simultaneous multithreading-based (SMT)
+ architecture be used. SMT-based architectures include Intel
+ processors with Hyper-Threading technology. In these architectures,
+ processor cores share a number of components with one or more other
+ cores. Cores in such architectures are commonly referred to as
+ hardware threads, while the cores that a given core share components
+ with are known as thread siblings.
+
+ Permitted values are prefer (the default), isolate, and require.
+
+ prefer: The host may or may not have an SMT architecture. Where an
+ SMT architecture is present, thread siblings are preferred.
+
+ isolate: The host must not have an SMT architecture or must emulate a
+ non-SMT architecture. If the host does not have an SMT architecture,
+ each vCPU is placed on a different core as expected. If the host does
+ have an SMT architecture - that is, one or more cores have thread
+ siblings - then each vCPU is placed on a different physical core. No
+ vCPUs from other guests are placed on the same core. All but one
+ thread sibling on each utilized core is therefore guaranteed to be
+ unusable.
+
+ require: The host must have an SMT architecture. Each vCPU is
+ allocated on thread siblings. If the host does not have an SMT
+ architecture, then it is not used. If the host has an SMT
+ architecture, but not enough cores with free thread siblings are
+ available, then scheduling fails.
+ enum:
+ - prefer
+ - isolate
+ - require
+ type: string
+ cpuThreads:
+ description: CPUThreads is the preferred number of threads
+ to expose to the guest
+ type: integer
+ diskBus:
+ description: DiskBus specifies the type of disk controller
+ to attach disk devices to.
+ enum:
+ - scsi
+ - virtio
+ - uml
+ - xen
+ - ide
+ - usb
+ - lxc
+ type: string
+ scsiModel:
+ description: |-
+ SCSIModel enables the use of VirtIO SCSI (virtio-scsi) to provide
+ block device access for compute instances; by default, instances use
+ VirtIO Block (virtio-blk). VirtIO SCSI is a para-virtualized SCSI
+ controller device that provides improved scalability and performance,
+ and supports advanced SCSI hardware.
+
+ The only permitted value is virtio-scsi.
+ enum:
+ - virtio-scsi
+ type: string
+ vifModel:
+ description: |-
+ VIFModel specifies the model of virtual network interface device to use.
+
+ Permitted values are e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio,
+ and vmxnet3.
+ enum:
+ - e1000
+ - e1000e
+ - ne2k_pci
+ - pcnet
+ - rtl8139
+ - virtio
+ - vmxnet3
+ type: string
+ type: object
+ minDiskGB:
+ description: MinDisk is the minimum amount of disk space in
+ GB that is required to boot the image
+ minimum: 1
+ type: integer
+ minMemoryMB:
+ description: MinMemoryMB is the minimum amount of RAM in MB
+ that is required to boot the image.
+ minimum: 1
+ type: integer
+ type: object
+ protected:
+ description: |-
+ Protected specifies that the image is protected from deletion.
+ If not specified, the default is false.
+ type: boolean
+ tags:
+ description: Tags is a list of tags which will be applied to the
+ image. A tag has a maximum length of 255 characters.
+ items:
+ maxLength: 255
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ visibility:
+ description: Visibility of the image
+ enum:
+ - public
+ - private
+ - shared
+ - community
+ type: string
+ x-kubernetes-validations:
+ - message: visibility is immutable
+ rule: self == oldSelf
+ type: object
+ x-kubernetes-validations:
+ - message: name is immutable
+ rule: 'has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)'
+ - message: name is immutable
+ rule: 'has(self.protected) ? self.protected == oldSelf.protected
+ : !has(oldSelf.protected)'
+ - message: tags is immutable
+ rule: 'has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)'
+ - message: visibility is immutable
+ rule: 'has(self.visibility) ? self.visibility == oldSelf.visibility
+ : !has(oldSelf.visibility)'
+ - message: properties is immutable
+ rule: 'has(self.properties) ? self.properties == oldSelf.properties
+ : !has(oldSelf.properties)'
+ required:
+ - cloudCredentialsRef
+ type: object
+ x-kubernetes-validations:
+ - message: resource must be specified when policy is managed
+ rule: 'self.managementPolicy == ''managed'' ? has(self.resource) : true'
+ - message: import may not be specified when policy is managed
+ rule: 'self.managementPolicy == ''managed'' ? !has(self.__import__)
+ : true'
+ - message: resource may not be specified when policy is unmanaged
+ rule: 'self.managementPolicy == ''unmanaged'' ? !has(self.resource)
+ : true'
+ - message: import must be specified when policy is unmanaged
+ rule: 'self.managementPolicy == ''unmanaged'' ? has(self.__import__)
+ : true'
+ - message: managedOptions may only be provided when policy is managed
+ rule: 'has(self.managedOptions) ? self.managementPolicy == ''managed''
+ : true'
+ - message: resource content must be specified when not importing
+ rule: '!has(self.__import__) ? has(self.resource.content) : true'
+ status:
+ description: ImageStatus defines the observed state of an ORC resource.
+ properties:
+ conditions:
+ description: |-
+ Conditions represents the observed status of the object.
+ Known .status.conditions.type are: "Available", "Progressing"
+
+ Available represents the availability of the OpenStack resource. If it is
+ true then the resource is ready for use.
+
+ Progressing indicates whether the controller is still attempting to
+ reconcile the current state of the OpenStack resource to the desired
+ state. Progressing will be False either because the desired state has
+ been achieved, or because some terminal error prevents it from ever being
+ achieved and the controller is no longer attempting to reconcile. If
+ Progressing is True, an observer waiting on the resource should continue
+ to wait.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ downloadAttempts:
+ description: DownloadAttempts is the number of times the controller
+ has attempted to download the image contents
+ type: integer
+ id:
+ description: ID is the unique identifier of the OpenStack resource.
+ type: string
+ resource:
+ description: Resource contains the observed state of the OpenStack
+ resource.
+ properties:
+ hash:
+ description: |-
+ Hash is the hash of the image data published by Glance. Note that this is
+ a hash of the data stored internally by Glance, which will have been
+ decompressed and potentially format converted depending on server-side
+ configuration which is not visible to clients. It is expected that this
+ hash will usually differ from the download hash.
+ properties:
+ algorithm:
+ description: Algorithm is the hash algorithm used to generate
+ value.
+ enum:
+ - md5
+ - sha1
+ - sha256
+ - sha512
+ type: string
+ value:
+ description: Value is the hash of the image data using Algorithm.
+ It must be hex encoded using lowercase letters.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[0-9a-f]+$
+ type: string
+ required:
+ - algorithm
+ - value
+ type: object
+ sizeB:
+ description: SizeB is the size of the image data, in bytes
+ format: int64
+ type: integer
+ status:
+ description: Status is the image status as reported by Glance
+ type: string
+ virtualSizeB:
+ description: VirtualSizeB is the size of the disk the image data
+ represents, in bytes
+ format: int64
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-controller-manager
+ namespace: orc-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-leader-election-role
+ namespace: orc-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-image-editor-role
+rules:
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-image-viewer-role
+rules:
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: orc-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: orc-metrics-auth-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: orc-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-leader-election-rolebinding
+ namespace: orc-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: orc-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: orc-controller-manager
+ namespace: orc-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ name: orc-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: orc-manager-role
+subjects:
+- kind: ServiceAccount
+ name: orc-controller-manager
+ namespace: orc-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: orc-metrics-auth-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: orc-metrics-auth-role
+subjects:
+- kind: ServiceAccount
+ name: orc-controller-manager
+ namespace: orc-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ control-plane: controller-manager
+ name: orc-controller-manager-metrics-service
+ namespace: orc-system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: 8443
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: orc
+ control-plane: controller-manager
+ name: orc-controller-manager
+ namespace: orc-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --metrics-bind-address=:8443
+ - --leader-elect
+ - --health-probe-bind-address=:8081
+ command:
+ - /manager
+ image: quay.io/orc/openstack-resource-controller:v1.0.1
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ terminationMessagePolicy: FallbackToLogsOnError
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: orc-controller-manager
+ terminationGracePeriodSeconds: 10
--- /dev/null
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ pod-security.kubernetes.io/audit: restricted
+ pod-security.kubernetes.io/enforce: restricted
+ pod-security.kubernetes.io/warn: restricted
+ name: capo-system
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-selfsigned-issuer
+ namespace: capo-system
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-serving-cert
+ namespace: capo-system
+spec:
+ dnsNames:
+ - capo-webhook-service.capo-system.svc
+ - capo-webhook-service.capo-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capo-selfsigned-issuer
+ secretName: capo-webhook-service-cert
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackclusters.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackCluster
+ listKind: OpenStackClusterList
+ plural: openstackclusters
+ shortNames:
+ - osc
+ singular: openstackcluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion address for breakglass access
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion IP
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: The v1alpha7 version of OpenStackCluster has been deprecated
+ and will be removed in a future release.
+ name: v1alpha7
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenStackCluster is the Schema for the openstackclusters API.
+
+ Deprecated: v1alpha7.OpenStackCluster has been replaced by v1beta1.OpenStackCluster.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: |-
+ AllowAllInClusterTraffic is only used when managed security groups are in use.
+ If set to true, the rules for the managed security groups are configured so that all
+ ingress and egress between cluster nodes is permitted, allowing CNIs other than
+ Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: |-
+ APIServerFixedIP is the fixed IP which will be associated with the API server.
+ In the case where the API server has a floating IP but not a managed load balancer,
+ this field is not used.
+ If a managed load balancer is used and this field is not specified, a fixed IP will
+ be dynamically allocated for the load balancer.
+ If a managed load balancer is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a pre-allocated port that
+ holds the fixed IP to be used as a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: |-
+ APIServerFloatingIP is the floatingIP which will be associated with the API server.
+ The floatingIP will be created if it does not already exist.
+ If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: |-
+ APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
+ It must be activated by setting `enabled: true`.
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports to the
+ load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server listeners
+ to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should be
+ created.
+ type: boolean
+ provider:
+ description: Octavia Provider Used to create load balancer
+ type: string
+ type: object
+ apiServerPort:
+ description: |-
+ APIServerPort is the port on which the listener on the APIServer
+ will be created
+ type: integer
+ bastion:
+ description: |-
+ Bastion is the OpenStack instance to login the nodes
+
+ As a rolling update is not ideal during a bastion host session, we
+ prevent changes to a running bastion configuration. Set `enabled: false` to
+ make changes.
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to
+ attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device
+ in gibibytes (GiB).
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage
+ options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume in.
+ If omitted, the availability zone of the server will be used.
+ The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
+ to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
+ further information.
+ type: string
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIP:
+ description: |-
+ The floatingIP which will be associated to the machine, only used for master.
+ The floatingIP should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a identity to be used when reconciling this cluster.
+ If not specified, the identity ref of the cluster will be used instead.
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: |-
+ The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: |-
+ The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding details.
+ We intentionally don't expose this as a map[string]string because we only want to enable
+ the users to set the values of the keys that are known to work in OpenStack Networking API.
+ See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ properties:
+ ovsHWOffload:
+ description: OVSHWOffload enables or disables the
+ OVS hardware offload feature.
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables
+ the propagate uplink status on the port.
+ type: boolean
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value
+ pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Machine tags
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy control
+ plane to
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: |-
+ Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
+ to make a decision on which az to use based on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: |-
+ DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
+ IP to the API server. This allows for the creation of clusters when attaching a floating
+ IP to the API server (and hence, in many cases, exposing the API server to the internet)
+ is not possible or desirable, e.g. if using a shared VLAN for communication between
+ management and workload clusters or when the management cluster is inside the
+ project network.
+ This option requires that the API server use a VIP on the cluster network so that the
+ underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines, which falls outside of
+ the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: |-
+ DNSNameservers is the list of nameservers for OpenStack Subnet being created.
+ Set this value when you need create a new network/subnet while the access
+ through DNS is required.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ externalNetworkId:
+ description: |-
+ ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
+ to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: |-
+ ExternalRouterIPs is an array of externalIPs on the respective subnets.
+ This is necessary if the router needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: |-
+ ManagedSecurityGroups determines whether OpenStack security groups for the cluster
+ will be managed by the OpenStack provider or whether pre-existing security groups will
+ be specified as part of the configuration.
+ By default, the managed security groups have rules that allow the Kubelet, etcd, the
+ Kubernetes API server and the Calico CNI plugin to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ networkMtu:
+ description: |-
+ NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If leaved empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ nodeCidr:
+ description: |-
+ NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
+ network, a subnet with NodeCIDR, and a router connected to this subnet.
+ If you leave this empty, no network will be created.
+ type: string
+ router:
+ description: |-
+ If NodeCIDR is set this option can be used to detect an existing router.
+ If specified, no new router will be created.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ apiServerLoadBalancer:
+ description: APIServerLoadBalancer describes the api server load balancer
+ if one exists
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ bastion:
+ properties:
+ floatingIP:
+ type: string
+ id:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: |-
+ SecurityGroup represents the basic information of the associated
+ OpenStack Neutron Security Group.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: |-
+ SecurityGroupRule represent the basic information of the associated OpenStack
+ Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ controlPlaneSecurityGroup:
+ description: |-
+ ControlPlaneSecurityGroups contains all the information about the OpenStack
+ Security Group that needs to be applied to control plane nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: |-
+ SecurityGroupRule represent the basic information of the associated OpenStack
+ Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ externalNetwork:
+ description: externalNetwork contains information about the external
+ network used for default ingress and egress traffic.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: |-
+ FailureDomainSpec is the Schema for Cluster API failure domains.
+ It allows controllers to understand how many failure domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: controlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ failureMessage:
+ description: |-
+ FailureMessage will be set in the event that there is a terminal problem
+ reconciling the OpenStackCluster and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the OpenStackCluster's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of
+ OpenStackClusters can be added as events to the OpenStackCluster object
+ and/or logged in the controller's output.
+ type: string
+ failureReason:
+ description: |-
+ FailureReason will be set in the event that there is a terminal problem
+ reconciling the OpenStackCluster and will contain a succinct value suitable
+ for machine interpretation.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the OpenStackCluster's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of
+ OpenStackClusters can be added as events to the OpenStackCluster object
+ and/or logged in the controller's output.
+ type: string
+ network:
+ description: Network contains information about the created OpenStack
+ Network.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ subnets:
+ description: Subnets is a list of subnets associated with the
+ default cluster network. Machines which use the default cluster
+ network will get an address from all of these subnets.
+ items:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ type: array
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ type: boolean
+ router:
+ description: Router describes the default cluster router
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ workerSecurityGroup:
+ description: |-
+ WorkerSecurityGroup contains all the information about the OpenStack Security
+ Group that needs to be applied to worker nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: |-
+ SecurityGroupRule represent the basic information of the associated OpenStack
+ Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion address for breakglass access
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion IP
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackCluster is the Schema for the openstackclusters API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ apiServerFixedIP:
+ description: |-
+ APIServerFixedIP is the fixed IP which will be associated with the API server.
+ In the case where the API server has a floating IP but not a managed load balancer,
+ this field is not used.
+ If a managed load balancer is used and this field is not specified, a fixed IP will
+ be dynamically allocated for the load balancer.
+ If a managed load balancer is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a pre-allocated port that
+ holds the fixed IP to be used as a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: |-
+ APIServerFloatingIP is the floatingIP which will be associated with the API server.
+ The floatingIP will be created if it does not already exist.
+ If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: |-
+ APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
+ If not specified, no load balancer will be created for the API server.
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports to the
+ load balancer.
+ items:
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ allowedCIDRs:
+ description: AllowedCIDRs restrict access to all API-Server listeners
+ to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ availabilityZone:
+ description: AvailabilityZone is the failure domain that will
+ be used to create the APIServerLoadBalancer Spec.
+ type: string
+ enabled:
+ default: true
+ description: |-
+ Enabled defines whether a load balancer should be created. This value
+ defaults to true if an APIServerLoadBalancer is given.
+
+ There is no reason to set this to false. To disable creation of the
+ API server loadbalancer, omit the APIServerLoadBalancer field in the
+ cluster spec instead.
+ type: boolean
+ flavor:
+ description: Flavor is the flavor name that will be used to create
+ the APIServerLoadBalancer Spec.
+ type: string
+ network:
+ description: Network defines which network should the load balancer
+ be allocated on.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is
+ provided, the other filters cannot be provided. Must be
+ in UUID format.
+ format: uuid
+ type: string
+ type: object
+ provider:
+ description: |-
+ Provider specifies name of a specific Octavia provider to use for the
+ API load balancer. The Octavia default will be used if it is not
+ specified.
+ type: string
+ subnets:
+ description: |-
+ Subnets define which subnets should the load balancer be allocated on.
+ It is expected that subnets are located on the network specified in this resource.
+ Only the first element is taken into account.
+ kubebuilder:validation:MaxLength:=2
+ items:
+ description: SubnetParam specifies an OpenStack subnet to use.
+ It may be specified by either ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the subnet.
+ It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will not be
+ validated.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - enabled
+ type: object
+ apiServerPort:
+ description: |-
+ APIServerPort is the port on which the listener on the APIServer
+ will be created. If specified, it must be an integer between 0 and 65535.
+ maximum: 65535
+ minimum: 0
+ type: integer
+ bastion:
+ description: |-
+ Bastion is the OpenStack instance to login the nodes
+
+ As a rolling update is not ideal during a bastion host session, we
+ prevent changes to a running bastion configuration. To make changes, it's required
+ to first set `enabled: false` which will remove the bastion and then changes can be made.
+ properties:
+ availabilityZone:
+ description: AvailabilityZone is the failure domain that will
+ be used to create the Bastion Spec.
+ type: string
+ enabled:
+ default: true
+ description: |-
+ Enabled means that bastion is enabled. The bastion is enabled by
+ default if this field is not specified. Set this field to false to disable the
+ bastion.
+
+ It is not currently possible to remove the bastion from the cluster
+ spec without first disabling it by setting this field to false and
+ waiting until the bastion has been deleted.
+ type: boolean
+ floatingIP:
+ description: |-
+ FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
+ The floating IP should already exist and should not be associated with a port. If FIP of this address does not
+ exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
+ format: ipv4
+ type: string
+ spec:
+ description: Spec for the bastion itself
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to
+ attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ Name cannot be 'root', which is reserved for the root volume.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device
+ in gibibytes (GiB).
+ minimum: 1
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage
+ options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name'
+ or default
+ rule: '!has(self.from) || self.from == ''Name''
+ ? has(self.name) : !has(self.name)'
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIPPoolRef:
+ description: |-
+ floatingIPPoolRef is a reference to a IPPool that will be assigned
+ to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
+ will be assigned to the OpenStackMachine.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this machine. If not specified, the
+ credentials specified in the cluster will be used.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry
+ in the clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ image:
+ description: |-
+ The image to use for your server instance.
+ If the rootVolume is specified, this will be used when creating the root volume.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter describes a query for an image. If specified, the combination
+ of name and tags must return a single matching image or an error will
+ be raised.
+ minProperties: 1
+ properties:
+ name:
+ description: The name of the desired image. If specified,
+ the combination of name and tags must return a single
+ matching image or an error will be raised.
+ type: string
+ tags:
+ description: The tags associated with the desired
+ image. If specified, the combination of name and
+ tags must return a single matching image or an error
+ will be raised.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the image. ID will not
+ be validated before use.
+ format: uuid
+ type: string
+ imageRef:
+ description: |-
+ ImageRef is a reference to an ORC Image in the same namespace as the
+ referring object.
+ properties:
+ name:
+ description: Name is the name of the referenced resource
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port
+ should be created in the up (true) or down (false)
+ state. The default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description
+ for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or
+ IP address to assign to the port. If specified, these
+ must be subnets of the port's network.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If Subnet
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to
+ select the subnet. It must match exactly
+ one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet.
+ It will not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where
+ the port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of
+ the port. If not specified, the MAC address will be
+ generated.
+ type: string
+ nameSuffix:
+ description: NameSuffix will be appended to the name
+ of the port if specified. If unspecified, instead
+ the 0-based index of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select
+ an OpenStack network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use.
+ If ID is provided, the other filters cannot be
+ provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables
+ the propagate uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of the names,
+ uuids, filters or any combination these of the security
+ groups to assign to the instance.
+ items:
+ description: SecurityGroupParam specifies an OpenStack
+ security group. It may be specified by ID or filter,
+ but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select
+ an OpenStack security group. If provided, cannot
+ be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group
+ to use. If ID is provided, the other filters
+ cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: |-
+ Trunk specifies whether trunking is enabled at the port level. If not
+ provided the value is inherited from the machine, or false for a
+ bastion host.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value
+ pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ sizeGiB:
+ description: SizeGiB is the size of the block device in
+ gibibytes (GiB).
+ minimum: 1
+ type: integer
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ required:
+ - sizeGiB
+ type: object
+ schedulerHintAdditionalProperties:
+ description: |-
+ SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
+ to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
+ such as specifying certain host aggregates or availability zones.
+ items:
+ description: |-
+ SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
+ It includes a Name to identify the property and a Value that can be of various types.
+ properties:
+ name:
+ description: |-
+ Name is the name of the scheduler hint property.
+ It is a unique identifier for the property.
+ minLength: 1
+ type: string
+ value:
+ description: |-
+ Value is the value of the scheduler hint property, which can be of various types
+ (e.g., bool, string, int). The type is indicated by the Value.Type field.
+ properties:
+ bool:
+ description: |-
+ Bool is the boolean value of the scheduler hint, used when Type is "Bool".
+ This field is required if type is 'Bool', and must not be set otherwise.
+ type: boolean
+ number:
+ description: |-
+ Number is the integer value of the scheduler hint, used when Type is "Number".
+ This field is required if type is 'Number', and must not be set otherwise.
+ type: integer
+ string:
+ description: |-
+ String is the string value of the scheduler hint, used when Type is "String".
+ This field is required if type is 'String', and must not be set otherwise.
+ maxLength: 255
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ Type represents the type of the value.
+ Valid values are Bool, String, and Number.
+ enum:
+ - Bool
+ - String
+ - Number
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: bool is required when type is Bool, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
+ : !has(self.bool)'
+ - message: number is required when type is Number, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Number'' ?
+ has(self.number) : !has(self.number)'
+ - message: string is required when type is String, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''String'' ?
+ has(self.string) : !has(self.string)'
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use.
+ If ID is provided, the other filters cannot be provided.
+ Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ serverGroup:
+ description: The server group to assign the machine to.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ server group. If provided, it cannot be empty.
+ minProperties: 1
+ properties:
+ name:
+ description: Name is the name of a server group to
+ look for.
+ type: string
+ type: object
+ id:
+ description: ID is the ID of the server group to use.
+ format: uuid
+ type: string
+ type: object
+ serverMetadata:
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ items:
+ properties:
+ key:
+ description: Key is the server metadata key
+ maxLength: 255
+ type: string
+ value:
+ description: Value is the server metadata value
+ maxLength: 255
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Tags which will be added to the machine and all dependent resources
+ which support them. These are in addition to Tags defined on the
+ cluster.
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - image
+ type: object
+ x-kubernetes-validations:
+ - message: at least one of flavor or flavorID must be set
+ rule: (has(self.flavor) || has(self.flavorID))
+ type: object
+ x-kubernetes-validations:
+ - message: spec is required if bastion is enabled
+ rule: '!self.enabled || has(self.spec)'
+ controlPlaneAvailabilityZones:
+ description: |-
+ ControlPlaneAvailabilityZones is the set of availability zones which
+ control plane machines may be deployed to.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: |-
+ ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+ It is normally populated automatically by the OpenStackCluster
+ controller during cluster provisioning. If it is set on creation the
+ control plane endpoint will use the values set here in preference to
+ values set elsewhere.
+ ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: |-
+ ControlPlaneOmitAvailabilityZone causes availability zone to be
+ omitted when creating control plane nodes, allowing the Nova
+ scheduler to make a decision on which availability zone to use based
+ on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: |-
+ DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
+ IP to the API server. This allows for the creation of clusters when attaching a floating
+ IP to the API server (and hence, in many cases, exposing the API server to the internet)
+ is not possible or desirable, e.g. if using a shared VLAN for communication between
+ management and workload clusters or when the management cluster is inside the
+ project network.
+ This option requires that the API server use a VIP on the cluster network so that the
+ underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines, which falls outside of
+ the scope of this controller.
+ type: boolean
+ disableExternalNetwork:
+ description: |-
+ DisableExternalNetwork specifies whether or not to attempt to connect the cluster
+ to an external network. This allows for the creation of clusters when connecting
+ to an external network is not possible or desirable, e.g. if using a provider network.
+ type: boolean
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ externalNetwork:
+ description: |-
+ ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
+ This option is ignored if DisableExternalNetwork is set to true.
+
+ If ExternalNetwork is defined it must refer to exactly one external network.
+
+ If ExternalNetwork is not defined or is empty the controller will use any
+ existing external network as long as there is only one. It is an
+ error if ExternalNetwork is not defined and there are multiple
+ external networks unless DisableExternalNetwork is also set.
+
+ If ExternalNetwork is not defined and there are no external networks
+ the controller will proceed as though DisableExternalNetwork was set.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is provided,
+ the other filters cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ externalRouterIPs:
+ description: |-
+ ExternalRouterIPs is an array of externalIPs on the respective subnets.
+ This is necessary if the router needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the subnet.
+ It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will not be
+ validated.
+ format: uuid
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this cluster. It is also to reconcile
+ machines unless overridden in the machine spec.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry in the
+ clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ managedSecurityGroups:
+ description: |-
+ ManagedSecurityGroups determines whether OpenStack security groups for the cluster
+ will be managed by the OpenStack provider or whether pre-existing security groups will
+ be specified as part of the configuration.
+ By default, the managed security groups have rules that allow the Kubelet, etcd, and the
+ Kubernetes API server to function correctly.
+ It's possible to add additional rules to the managed security groups.
+ When defined to an empty struct, the managed security groups will be created with the default rules.
+ properties:
+ allNodesSecurityGroupRules:
+ description: allNodesSecurityGroupRules defines the rules that
+ should be applied to all nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched by
+ the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ allowAllInClusterTraffic:
+ default: false
+ description: AllowAllInClusterTraffic allows all ingress and egress
+ traffic between cluster nodes when set to true.
+ type: boolean
+ controlPlaneNodesSecurityGroupRules:
+ description: controlPlaneNodesSecurityGroupRules defines the rules
+ that should be applied to control plane nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched by
+ the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ workerNodesSecurityGroupRules:
+ description: workerNodesSecurityGroupRules defines the rules that
+ should be applied to worker nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched by
+ the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - allowAllInClusterTraffic
+ type: object
+ managedSubnets:
+ description: |-
+ ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
+ subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
+ subnet is supported. If you leave this empty, no network will be created.
+ items:
+ properties:
+ allocationPools:
+ description: |-
+ AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
+ If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
+ outside of these ranges manually.
+ items:
+ properties:
+ end:
+ description: End represents the end of the AlloctionPool,
+ that is the highest IP of the pool.
+ type: string
+ start:
+ description: Start represents the start of the AllocationPool,
+ that is the lowest IP of the pool.
+ type: string
+ required:
+ - end
+ - start
+ type: object
+ type: array
+ cidr:
+ description: |-
+ CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
+ This field is required when defining a subnet.
+ type: string
+ dnsNameservers:
+ description: |-
+ DNSNameservers holds a list of DNS server addresses that will be provided when creating
+ the subnet. These addresses need to have the same IP version as CIDR.
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ type: object
+ maxItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ Network specifies an existing network to use if no ManagedSubnets
+ are specified.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is provided,
+ the other filters cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ networkMTU:
+ description: |-
+ NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If left empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ router:
+ description: |-
+ Router specifies an existing router to be used if ManagedSubnets are
+ specified. If specified, no new router will be created.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ router. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the router to use. If ID is provided,
+ the other filters cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ subnets:
+ description: |-
+ Subnets specifies existing subnets to use if not ManagedSubnets are
+ specified. All subnets must be in the network specified by Network.
+ There can be zero, one, or two subnets. If no subnets are specified,
+ all subnets in Network will be used. If 2 subnets are specified, one
+ must be IPv4 and the other IPv6.
+ items:
+ description: SubnetParam specifies an OpenStack subnet to use. It
+ may be specified by either ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the subnet.
+ It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will not be validated.
+ format: uuid
+ type: string
+ type: object
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: Tags to set on all resources in cluster which support
+ tags
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - identityRef
+ type: object
+ x-kubernetes-validations:
+ - message: bastion floating IP cannot be set when disableExternalNetwork
+ is true
+ rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
+ ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
+ - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
+ is true
+ rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
+ ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
+ : true'
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ apiServerLoadBalancer:
+ description: APIServerLoadBalancer describes the api server load balancer
+ if one exists
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ loadBalancerNetwork:
+ description: |-
+ LoadBalancerNetwork contains information about network and/or subnets which the
+ loadbalancer is allocated on.
+ If subnets are specified within the LoadBalancerNetwork currently only the first
+ subnet in the list is taken into account.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ subnets:
+ description: Subnets is a list of subnets associated with
+ the default cluster network. Machines which use the default
+ cluster network will get an address from all of these subnets.
+ items:
+ description: Subnet represents basic information about the
+ associated OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ type: array
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ bastion:
+ description: Bastion contains the information about the deployed bastion
+ host
+ properties:
+ floatingIP:
+ type: string
+ id:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ resolved:
+ description: |-
+ Resolved contains parts of the bastion's machine spec with all
+ external references fully resolved.
+ properties:
+ flavorID:
+ description: FlavorID is the ID of the flavor to use.
+ type: string
+ imageID:
+ description: ImageID is the ID of the image to use for the
+ machine and is calculated based on ImageFilter.
+ type: string
+ ports:
+ description: Ports is the fully resolved list of ports to
+ create for the machine.
+ items:
+ description: ResolvedPortSpec is a PortOpts with all contained
+ references fully resolved.
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port
+ should be created in the up (true) or down (false)
+ state. The default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description
+ for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or
+ IP address to assign to the port. If specified, these
+ must be subnets of the port's network.
+ items:
+ description: ResolvedFixedIP is a FixedIP with the
+ Subnet resolved to an ID.
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If SubnetID
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: SubnetID is the id of a subnet to
+ create the fixed IP of a port in.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where
+ the port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of
+ the port. If not specified, the MAC address will be
+ generated.
+ type: string
+ name:
+ description: Name is the name of the port.
+ type: string
+ networkID:
+ description: NetworkID is the ID of the network the
+ port will be created in.
+ type: string
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables
+ the propagate uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of security group
+ IDs to assign to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.)
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Trunk specifies whether trunking is enabled
+ at the port level.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value
+ pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ required:
+ - description
+ - name
+ - networkID
+ type: object
+ type: array
+ serverGroupID:
+ description: ServerGroupID is the ID of the server group the
+ machine should be added to and is calculated based on ServerGroupFilter.
+ type: string
+ type: object
+ resources:
+ description: Resources contains references to OpenStack resources
+ created for the bastion.
+ properties:
+ ports:
+ description: Ports is the status of the ports created for
+ the machine.
+ items:
+ properties:
+ id:
+ description: ID is the unique identifier of the port.
+ type: string
+ required:
+ - id
+ type: object
+ type: array
+ type: object
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: |-
+ BastionSecurityGroup contains the information about the OpenStack
+ Security Group that needs to be applied to worker nodes.
+ properties:
+ id:
+ description: id of the security group
+ type: string
+ name:
+ description: name of the security group
+ type: string
+ required:
+ - id
+ - name
+ type: object
+ controlPlaneSecurityGroup:
+ description: |-
+ ControlPlaneSecurityGroup contains the information about the
+ OpenStack Security Group that needs to be applied to control plane
+ nodes.
+ properties:
+ id:
+ description: id of the security group
+ type: string
+ name:
+ description: name of the security group
+ type: string
+ required:
+ - id
+ - name
+ type: object
+ externalNetwork:
+ description: ExternalNetwork contains information about the external
+ network used for default ingress and egress traffic.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: |-
+ FailureDomainSpec is the Schema for Cluster API failure domains.
+ It allows controllers to understand how many failure domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: controlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ failureMessage:
+ description: |-
+ FailureMessage will be set in the event that there is a terminal problem
+ reconciling the OpenStackCluster and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the OpenStackCluster's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of
+ OpenStackClusters can be added as events to the OpenStackCluster object
+ and/or logged in the controller's output.
+ type: string
+ failureReason:
+ description: |-
+ FailureReason will be set in the event that there is a terminal problem
+ reconciling the OpenStackCluster and will contain a succinct value suitable
+ for machine interpretation.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the OpenStackCluster's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of
+ OpenStackClusters can be added as events to the OpenStackCluster object
+ and/or logged in the controller's output.
+ type: string
+ network:
+ description: Network contains information about the created OpenStack
+ Network.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ subnets:
+ description: Subnets is a list of subnets associated with the
+ default cluster network. Machines which use the default cluster
+ network will get an address from all of these subnets.
+ items:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ type: array
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ default: false
+ description: Ready is true when the cluster infrastructure is ready.
+ type: boolean
+ router:
+ description: Router describes the default cluster router
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ workerSecurityGroup:
+ description: |-
+ WorkerSecurityGroup contains the information about the OpenStack
+ Security Group that needs to be applied to worker nodes.
+ properties:
+ id:
+ description: id of the security group
+ type: string
+ name:
+ description: name of the security group
+ type: string
+ required:
+ - id
+ - name
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackclustertemplates.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackClusterTemplate
+ listKind: OpenStackClusterTemplateList
+ plural: openstackclustertemplates
+ shortNames:
+ - osct
+ singular: openstackclustertemplate
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ deprecationWarning: The v1alpha7 version of OpenStackClusterTemplate has been
+ deprecated and will be removed in a future release.
+ name: v1alpha7
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenStackClusterTemplate is the Schema for the openstackclustertemplates API.
+
+ Deprecated: v1alpha7.OpenStackClusterTemplate has been replaced by v1beta1.OpenStackClusterTemplate.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterTemplateSpec defines the desired state of
+ OpenStackClusterTemplate.
+ properties:
+ template:
+ description: OpenStackClusterTemplateResource describes the data needed
+ to create a OpenStackCluster from a template.
+ properties:
+ spec:
+ description: OpenStackClusterSpec defines the desired state of
+ OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: |-
+ AllowAllInClusterTraffic is only used when managed security groups are in use.
+ If set to true, the rules for the managed security groups are configured so that all
+ ingress and egress between cluster nodes is permitted, allowing CNIs other than
+ Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: |-
+ APIServerFixedIP is the fixed IP which will be associated with the API server.
+ In the case where the API server has a floating IP but not a managed load balancer,
+ this field is not used.
+ If a managed load balancer is used and this field is not specified, a fixed IP will
+ be dynamically allocated for the load balancer.
+ If a managed load balancer is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a pre-allocated port that
+ holds the fixed IP to be used as a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: |-
+ APIServerFloatingIP is the floatingIP which will be associated with the API server.
+ The floatingIP will be created if it does not already exist.
+ If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: |-
+ APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
+ It must be activated by setting `enabled: true`.
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports
+ to the load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server
+ listeners to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should
+ be created.
+ type: boolean
+ provider:
+ description: Octavia Provider Used to create load balancer
+ type: string
+ type: object
+ apiServerPort:
+ description: |-
+ APIServerPort is the port on which the listener on the APIServer
+ will be created
+ type: integer
+ bastion:
+ description: |-
+ Bastion is the OpenStack instance to login the nodes
+
+ As a rolling update is not ideal during a bastion host session, we
+ prevent changes to a running bastion configuration. Set `enabled: false` to
+ make changes.
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server
+ instance
+ items:
+ description: AdditionalBlockDevice is a block device
+ to attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block
+ device in gibibytes (GiB).
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional
+ storage options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume in.
+ If omitted, the availability zone of the server will be used.
+ The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
+ to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
+ further information.
+ type: string
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ cloudName:
+ description: The name of the cloud to use from the
+ clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for
+ your server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIP:
+ description: |-
+ The floatingIP which will be associated to the machine, only used for master.
+ The floatingIP should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a identity to be used when reconciling this cluster.
+ If not specified, the identity ref of the cluster will be used instead.
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: |-
+ The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: |-
+ The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance
+ ID for this machine.
+ type: string
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or
+ IP address. These should be subnets of the
+ network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port
+ is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port
+ unique. If unspecified, instead the 0-based
+ index of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding details.
+ We intentionally don't expose this as a map[string]string because we only want to enable
+ the users to set the values of the keys that are known to work in OpenStack Networking API.
+ See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ properties:
+ ovsHWOffload:
+ description: OVSHWOffload enables or disables
+ the OVS hardware offload feature.
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables
+ the “trusted mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or
+ disables the propagate uplink status on the
+ port.
+ type: boolean
+ securityGroupFilters:
+ description: The names, uuids, filters or any
+ combination these of the security groups to
+ assign to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Enables and disables trunk at port
+ level. If not provided, openStackMachine.Spec.Trunk
+ is inherited.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single
+ value_spec key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value
+ pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the
+ key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: The virtual network interface card
+ (vNIC) type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as
+ specified by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign
+ to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine
+ to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create
+ a map of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Machine tags
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created
+ on a trunk port or not.
+ type: boolean
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy
+ control plane to
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint
+ used to communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: |-
+ Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler
+ to make a decision on which az to use based on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: |-
+ DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
+ IP to the API server. This allows for the creation of clusters when attaching a floating
+ IP to the API server (and hence, in many cases, exposing the API server to the internet)
+ is not possible or desirable, e.g. if using a shared VLAN for communication between
+ management and workload clusters or when the management cluster is inside the
+ project network.
+ This option requires that the API server use a VIP on the cluster network so that the
+ underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines, which falls outside of
+ the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: |-
+ DNSNameservers is the list of nameservers for OpenStack Subnet being created.
+ Set this value when you need create a new network/subnet while the access
+ through DNS is required.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ externalNetworkId:
+ description: |-
+ ExternalNetworkID is the ID of an external OpenStack Network. This is necessary
+ to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: |-
+ ExternalRouterIPs is an array of externalIPs on the respective subnets.
+ This is necessary if the router needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used
+ for the Gateway of this router
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: |-
+ ManagedSecurityGroups determines whether OpenStack security groups for the cluster
+ will be managed by the OpenStack provider or whether pre-existing security groups will
+ be specified as part of the configuration.
+ By default, the managed security groups have rules that allow the Kubelet, etcd, the
+ Kubernetes API server and the Calico CNI plugin to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ networkMtu:
+ description: |-
+ NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If leaved empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ nodeCidr:
+ description: |-
+ NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a
+ network, a subnet with NodeCIDR, and a router connected to this subnet.
+ If you leave this empty, no network will be created.
+ type: string
+ router:
+ description: |-
+ If NodeCIDR is set this option can be used to detect an existing router.
+ If specified, no new router will be created.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: false
+ storage: false
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterTemplateSpec defines the desired state of
+ OpenStackClusterTemplate.
+ properties:
+ template:
+ description: OpenStackClusterTemplateResource describes the data needed
+ to create a OpenStackCluster from a template.
+ properties:
+ spec:
+ description: OpenStackClusterSpec defines the desired state of
+ OpenStackCluster.
+ properties:
+ apiServerFixedIP:
+ description: |-
+ APIServerFixedIP is the fixed IP which will be associated with the API server.
+ In the case where the API server has a floating IP but not a managed load balancer,
+ this field is not used.
+ If a managed load balancer is used and this field is not specified, a fixed IP will
+ be dynamically allocated for the load balancer.
+ If a managed load balancer is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a pre-allocated port that
+ holds the fixed IP to be used as a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: |-
+ APIServerFloatingIP is the floatingIP which will be associated with the API server.
+ The floatingIP will be created if it does not already exist.
+ If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: |-
+ APIServerLoadBalancer configures the optional LoadBalancer for the APIServer.
+ If not specified, no load balancer will be created for the API server.
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports
+ to the load balancer.
+ items:
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ allowedCIDRs:
+ description: AllowedCIDRs restrict access to all API-Server
+ listeners to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ availabilityZone:
+ description: AvailabilityZone is the failure domain that
+ will be used to create the APIServerLoadBalancer Spec.
+ type: string
+ enabled:
+ default: true
+ description: |-
+ Enabled defines whether a load balancer should be created. This value
+ defaults to true if an APIServerLoadBalancer is given.
+
+ There is no reason to set this to false. To disable creation of the
+ API server loadbalancer, omit the APIServerLoadBalancer field in the
+ cluster spec instead.
+ type: boolean
+ flavor:
+ description: Flavor is the flavor name that will be used
+ to create the APIServerLoadBalancer Spec.
+ type: string
+ network:
+ description: Network defines which network should the
+ load balancer be allocated on.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an
+ OpenStack network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If
+ ID is provided, the other filters cannot be provided.
+ Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ provider:
+ description: |-
+ Provider specifies name of a specific Octavia provider to use for the
+ API load balancer. The Octavia default will be used if it is not
+ specified.
+ type: string
+ subnets:
+ description: |-
+ Subnets define which subnets should the load balancer be allocated on.
+ It is expected that subnets are located on the network specified in this resource.
+ Only the first element is taken into account.
+ kubebuilder:validation:MaxLength:=2
+ items:
+ description: SubnetParam specifies an OpenStack subnet
+ to use. It may be specified by either ID or filter,
+ but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select
+ the subnet. It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will
+ not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - enabled
+ type: object
+ apiServerPort:
+ description: |-
+ APIServerPort is the port on which the listener on the APIServer
+ will be created. If specified, it must be an integer between 0 and 65535.
+ maximum: 65535
+ minimum: 0
+ type: integer
+ bastion:
+ description: |-
+ Bastion is the OpenStack instance to login the nodes
+
+ As a rolling update is not ideal during a bastion host session, we
+ prevent changes to a running bastion configuration. To make changes, it's required
+ to first set `enabled: false` which will remove the bastion and then changes can be made.
+ properties:
+ availabilityZone:
+ description: AvailabilityZone is the failure domain that
+ will be used to create the Bastion Spec.
+ type: string
+ enabled:
+ default: true
+ description: |-
+ Enabled means that bastion is enabled. The bastion is enabled by
+ default if this field is not specified. Set this field to false to disable the
+ bastion.
+
+ It is not currently possible to remove the bastion from the cluster
+ spec without first disabling it by setting this field to false and
+ waiting until the bastion has been deleted.
+ type: boolean
+ floatingIP:
+ description: |-
+ FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID.
+ The floating IP should already exist and should not be associated with a port. If FIP of this address does not
+ exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so.
+ format: ipv4
+ type: string
+ spec:
+ description: Spec for the bastion itself
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server
+ instance
+ items:
+ description: AdditionalBlockDevice is a block device
+ to attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ Name cannot be 'root', which is reserved for the root volume.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block
+ device in gibibytes (GiB).
+ minimum: 1
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional
+ storage options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from
+ is 'Name' or default
+ rule: '!has(self.from) || self.from
+ == ''Name'' ? has(self.name) : !has(self.name)'
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for
+ your server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIPPoolRef:
+ description: |-
+ floatingIPPoolRef is a reference to a IPPool that will be assigned
+ to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
+ will be assigned to the OpenStackMachine.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this machine. If not specified, the
+ credentials specified in the cluster will be used.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the
+ entry in the clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region))
+ || self.region == oldSelf.region
+ image:
+ description: |-
+ The image to use for your server instance.
+ If the rootVolume is specified, this will be used when creating the root volume.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter describes a query for an image. If specified, the combination
+ of name and tags must return a single matching image or an error will
+ be raised.
+ minProperties: 1
+ properties:
+ name:
+ description: The name of the desired image.
+ If specified, the combination of name and
+ tags must return a single matching image
+ or an error will be raised.
+ type: string
+ tags:
+ description: The tags associated with the
+ desired image. If specified, the combination
+ of name and tags must return a single matching
+ image or an error will be raised.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the image. ID will
+ not be validated before use.
+ format: uuid
+ type: string
+ imageRef:
+ description: |-
+ ImageRef is a reference to an ORC Image in the same namespace as the
+ referring object.
+ properties:
+ name:
+ description: Name is the name of the referenced
+ resource
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether
+ the port should be created in the up (true)
+ or down (false) state. The default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable
+ description for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of
+ subnet and/or IP address to assign to the
+ port. If specified, these must be subnets
+ of the port's network.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If Subnet
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter
+ to select the subnet. It must match
+ exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the
+ subnet. It will not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the
+ host where the port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address
+ of the port. If not specified, the MAC address
+ will be generated.
+ type: string
+ nameSuffix:
+ description: NameSuffix will be appended to
+ the name of the port if specified. If unspecified,
+ instead the 0-based index of the port in the
+ list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to
+ select an OpenStack network. If provided,
+ cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network
+ to use. If ID is provided, the other filters
+ cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables
+ the “trusted mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or
+ disables the propagate uplink status on the
+ port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of the
+ names, uuids, filters or any combination these
+ of the security groups to assign to the instance.
+ items:
+ description: SecurityGroupParam specifies
+ an OpenStack security group. It may be specified
+ by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query
+ to select an OpenStack security group.
+ If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security
+ group to use. If ID is provided, the
+ other filters cannot be provided. Must
+ be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: |-
+ Trunk specifies whether trunking is enabled at the port level. If not
+ provided the value is inherited from the machine, or false for a
+ bastion host.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single
+ value_spec key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value
+ pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the
+ key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as
+ specified by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name'
+ or default
+ rule: '!has(self.from) || self.from == ''Name''
+ ? has(self.name) : !has(self.name)'
+ sizeGiB:
+ description: SizeGiB is the size of the block
+ device in gibibytes (GiB).
+ minimum: 1
+ type: integer
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ required:
+ - sizeGiB
+ type: object
+ schedulerHintAdditionalProperties:
+ description: |-
+ SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
+ to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
+ such as specifying certain host aggregates or availability zones.
+ items:
+ description: |-
+ SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
+ It includes a Name to identify the property and a Value that can be of various types.
+ properties:
+ name:
+ description: |-
+ Name is the name of the scheduler hint property.
+ It is a unique identifier for the property.
+ minLength: 1
+ type: string
+ value:
+ description: |-
+ Value is the value of the scheduler hint property, which can be of various types
+ (e.g., bool, string, int). The type is indicated by the Value.Type field.
+ properties:
+ bool:
+ description: |-
+ Bool is the boolean value of the scheduler hint, used when Type is "Bool".
+ This field is required if type is 'Bool', and must not be set otherwise.
+ type: boolean
+ number:
+ description: |-
+ Number is the integer value of the scheduler hint, used when Type is "Number".
+ This field is required if type is 'Number', and must not be set otherwise.
+ type: integer
+ string:
+ description: |-
+ String is the string value of the scheduler hint, used when Type is "String".
+ This field is required if type is 'String', and must not be set otherwise.
+ maxLength: 255
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ Type represents the type of the value.
+ Valid values are Bool, String, and Number.
+ enum:
+ - Bool
+ - String
+ - Number
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: bool is required when type is Bool,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Bool''
+ ? has(self.bool) : !has(self.bool)'
+ - message: number is required when type is Number,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Number''
+ ? has(self.number) : !has(self.number)'
+ - message: string is required when type is String,
+ and forbidden otherwise
+ rule: 'has(self.type) && self.type == ''String''
+ ? has(self.string) : !has(self.string)'
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityGroups:
+ description: The names of the security groups to assign
+ to the instance
+ items:
+ description: SecurityGroupParam specifies an OpenStack
+ security group. It may be specified by ID or filter,
+ but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select
+ an OpenStack security group. If provided,
+ cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group
+ to use. If ID is provided, the other filters
+ cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ serverGroup:
+ description: The server group to assign the machine
+ to.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select
+ an OpenStack server group. If provided, it cannot
+ be empty.
+ minProperties: 1
+ properties:
+ name:
+ description: Name is the name of a server
+ group to look for.
+ type: string
+ type: object
+ id:
+ description: ID is the ID of the server group
+ to use.
+ format: uuid
+ type: string
+ type: object
+ serverMetadata:
+ description: Metadata mapping. Allows you to create
+ a map of key value pairs to add to the server instance.
+ items:
+ properties:
+ key:
+ description: Key is the server metadata key
+ maxLength: 255
+ type: string
+ value:
+ description: Value is the server metadata value
+ maxLength: 255
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Tags which will be added to the machine and all dependent resources
+ which support them. These are in addition to Tags defined on the
+ cluster.
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created
+ on a trunk port or not.
+ type: boolean
+ required:
+ - image
+ type: object
+ x-kubernetes-validations:
+ - message: at least one of flavor or flavorID must be
+ set
+ rule: (has(self.flavor) || has(self.flavorID))
+ type: object
+ x-kubernetes-validations:
+ - message: spec is required if bastion is enabled
+ rule: '!self.enabled || has(self.spec)'
+ controlPlaneAvailabilityZones:
+ description: |-
+ ControlPlaneAvailabilityZones is the set of availability zones which
+ control plane machines may be deployed to.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: |-
+ ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
+ It is normally populated automatically by the OpenStackCluster
+ controller during cluster provisioning. If it is set on creation the
+ control plane endpoint will use the values set here in preference to
+ values set elsewhere.
+ ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: |-
+ ControlPlaneOmitAvailabilityZone causes availability zone to be
+ omitted when creating control plane nodes, allowing the Nova
+ scheduler to make a decision on which availability zone to use based
+ on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: |-
+ DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating
+ IP to the API server. This allows for the creation of clusters when attaching a floating
+ IP to the API server (and hence, in many cases, exposing the API server to the internet)
+ is not possible or desirable, e.g. if using a shared VLAN for communication between
+ management and workload clusters or when the management cluster is inside the
+ project network.
+ This option requires that the API server use a VIP on the cluster network so that the
+ underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines, which falls outside of
+ the scope of this controller.
+ type: boolean
+ disableExternalNetwork:
+ description: |-
+ DisableExternalNetwork specifies whether or not to attempt to connect the cluster
+ to an external network. This allows for the creation of clusters when connecting
+ to an external network is not possible or desirable, e.g. if using a provider network.
+ type: boolean
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ externalNetwork:
+ description: |-
+ ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
+ This option is ignored if DisableExternalNetwork is set to true.
+
+ If ExternalNetwork is defined it must refer to exactly one external network.
+
+ If ExternalNetwork is not defined or is empty the controller will use any
+ existing external network as long as there is only one. It is an
+ error if ExternalNetwork is not defined and there are multiple
+ external networks unless DisableExternalNetwork is also set.
+
+ If ExternalNetwork is not defined and there are no external networks
+ the controller will proceed as though DisableExternalNetwork was set.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID
+ is provided, the other filters cannot be provided. Must
+ be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ externalRouterIPs:
+ description: |-
+ ExternalRouterIPs is an array of externalIPs on the respective subnets.
+ This is necessary if the router needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used
+ for the Gateway of this router
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select
+ the subnet. It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will
+ not be validated.
+ format: uuid
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this cluster. It is also to reconcile
+ machines unless overridden in the machine spec.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry
+ in the clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ managedSecurityGroups:
+ description: |-
+ ManagedSecurityGroups determines whether OpenStack security groups for the cluster
+ will be managed by the OpenStack provider or whether pre-existing security groups will
+ be specified as part of the configuration.
+ By default, the managed security groups have rules that allow the Kubelet, etcd, and the
+ Kubernetes API server to function correctly.
+ It's possible to add additional rules to the managed security groups.
+ When defined to an empty struct, the managed security groups will be created with the default rules.
+ properties:
+ allNodesSecurityGroupRules:
+ description: allNodesSecurityGroupRules defines the rules
+ that should be applied to all nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched
+ by the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ allowAllInClusterTraffic:
+ default: false
+ description: AllowAllInClusterTraffic allows all ingress
+ and egress traffic between cluster nodes when set to
+ true.
+ type: boolean
+ controlPlaneNodesSecurityGroupRules:
+ description: controlPlaneNodesSecurityGroupRules defines
+ the rules that should be applied to control plane nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched
+ by the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ workerNodesSecurityGroupRules:
+ description: workerNodesSecurityGroupRules defines the
+ rules that should be applied to worker nodes.
+ items:
+ description: |-
+ SecurityGroupRuleSpec represent the basic information of the associated OpenStack
+ Security Group Role.
+ For now this is only used for the allNodesSecurityGroupRules but when we add
+ other security groups, we'll need to add a validation because
+ Remote* fields are mutually exclusive.
+ properties:
+ description:
+ description: description of the security group rule.
+ type: string
+ direction:
+ description: |-
+ direction in which the security group rule is applied. The only values
+ allowed are "ingress" or "egress". For a compute instance, an ingress
+ security group rule is applied to incoming (ingress) traffic for that
+ instance. An egress rule is applied to traffic leaving the instance.
+ type: string
+ etherType:
+ description: |-
+ etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the
+ ingress or egress rules.
+ type: string
+ name:
+ description: |-
+ name of the security group rule.
+ It's used to identify the rule so it can be patched and will not be sent to the OpenStack API.
+ type: string
+ portRangeMax:
+ description: |-
+ portRangeMax is a number in the range that is matched by the security group
+ rule. The portRangeMin attribute constrains the portRangeMax attribute.
+ type: integer
+ portRangeMin:
+ description: |-
+ portRangeMin is a number in the range that is matched by the security group
+ rule. If the protocol is TCP or UDP, this value must be less than or equal
+ to the value of the portRangeMax attribute.
+ type: integer
+ protocol:
+ description: protocol is the protocol that is matched
+ by the security group rule.
+ type: string
+ remoteGroupID:
+ description: |-
+ remoteGroupID is the remote group ID to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteIPPrefix:
+ description: |-
+ remoteIPPrefix is the remote IP prefix to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ type: string
+ remoteManagedGroups:
+ description: |-
+ remoteManagedGroups is the remote managed groups to be associated with this security group rule.
+ You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups.
+ items:
+ enum:
+ - bastion
+ - controlplane
+ - worker
+ type: string
+ type: array
+ required:
+ - direction
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - allowAllInClusterTraffic
+ type: object
+ managedSubnets:
+ description: |-
+ ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
+ subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
+ subnet is supported. If you leave this empty, no network will be created.
+ items:
+ properties:
+ allocationPools:
+ description: |-
+ AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created.
+ If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from
+ outside of these ranges manually.
+ items:
+ properties:
+ end:
+ description: End represents the end of the AlloctionPool,
+ that is the highest IP of the pool.
+ type: string
+ start:
+ description: Start represents the start of the
+ AllocationPool, that is the lowest IP of the
+ pool.
+ type: string
+ required:
+ - end
+ - start
+ type: object
+ type: array
+ cidr:
+ description: |-
+ CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24.
+ This field is required when defining a subnet.
+ type: string
+ dnsNameservers:
+ description: |-
+ DNSNameservers holds a list of DNS server addresses that will be provided when creating
+ the subnet. These addresses need to have the same IP version as CIDR.
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ type: object
+ maxItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ network:
+ description: |-
+ Network specifies an existing network to use if no ManagedSubnets
+ are specified.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID
+ is provided, the other filters cannot be provided. Must
+ be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ networkMTU:
+ description: |-
+ NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If left empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ router:
+ description: |-
+ Router specifies an existing router to be used if ManagedSubnets are
+ specified. If specified, no new router will be created.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ router. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the router to use. If ID
+ is provided, the other filters cannot be provided. Must
+ be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ subnets:
+ description: |-
+ Subnets specifies existing subnets to use if not ManagedSubnets are
+ specified. All subnets must be in the network specified by Network.
+ There can be zero, one, or two subnets. If no subnets are specified,
+ all subnets in Network will be used. If 2 subnets are specified, one
+ must be IPv4 and the other IPv6.
+ items:
+ description: SubnetParam specifies an OpenStack subnet to
+ use. It may be specified by either ID or filter, but not
+ both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the
+ subnet. It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will not
+ be validated.
+ format: uuid
+ type: string
+ type: object
+ maxItems: 2
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: Tags to set on all resources in cluster which
+ support tags
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - identityRef
+ type: object
+ x-kubernetes-validations:
+ - message: bastion floating IP cannot be set when disableExternalNetwork
+ is true
+ rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
+ ? !has(self.bastion) || !has(self.bastion.floatingIP) : true'
+ - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork
+ is true
+ rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork
+ ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP
+ : true'
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackfloatingippools.infrastructure.cluster.x-k8s.io
+spec:
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ kind: OpenStackFloatingIPPool
+ listKind: OpenStackFloatingIPPoolList
+ plural: openstackfloatingippools
+ singular: openstackfloatingippool
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackFloatingIPPool is the Schema for the openstackfloatingippools
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackFloatingIPPoolSpec defines the desired state of
+ OpenStackFloatingIPPool.
+ properties:
+ floatingIPNetwork:
+ description: FloatingIPNetwork is the external network to use for
+ floating ips, if there's only one external network it will be used
+ by default
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is provided,
+ the other filters cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this pool.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry in the
+ clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ maxIPs:
+ description: |-
+ MaxIPs is the maximum number of floating ips that can be allocated from this pool, if nil there is no limit.
+ If set, the pool will stop allocating floating ips when it reaches this number of ClaimedIPs.
+ type: integer
+ preAllocatedFloatingIPs:
+ description: |-
+ PreAllocatedFloatingIPs is a list of floating IPs precreated in OpenStack that should be used by this pool.
+ These are used before allocating new ones and are not deleted from OpenStack when the pool is deleted.
+ items:
+ type: string
+ type: array
+ reclaimPolicy:
+ description: The stratergy to use for reclaiming floating ips when
+ they are released from a machine
+ enum:
+ - Retain
+ - Delete
+ type: string
+ required:
+ - identityRef
+ - reclaimPolicy
+ type: object
+ status:
+ description: OpenStackFloatingIPPoolStatus defines the observed state
+ of OpenStackFloatingIPPool.
+ properties:
+ availableIPs:
+ default: []
+ items:
+ type: string
+ type: array
+ claimedIPs:
+ default: []
+ items:
+ type: string
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failedIPs:
+ description: FailedIPs contains a list of floating ips that failed
+ to be allocated
+ items:
+ type: string
+ type: array
+ floatingIPNetwork:
+ description: floatingIPNetwork contains information about the network
+ used for floating ips
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackmachines.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackMachine
+ listKind: OpenStackMachineList
+ plural: openstackmachines
+ shortNames:
+ - osm
+ singular: openstackmachine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ deprecated: true
+ deprecationWarning: The v1alpha7 version of OpenStackMachine has been deprecated
+ and will be removed in a future release.
+ name: v1alpha7
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenStackMachine is the Schema for the openstackmachines API.
+
+ Deprecated: v1alpha7.OpenStackMachine has been replaced by v1beta1.OpenStackMachine.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications for
+ additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to attach to
+ the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device in gibibytes
+ (GiB).
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage options
+ for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume in.
+ If omitted, the availability zone of the server will be used.
+ The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
+ to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
+ further information.
+ type: string
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIP:
+ description: |-
+ The floatingIP which will be associated to the machine, only used for master.
+ The floatingIP should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a identity to be used when reconciling this cluster.
+ If not specified, the identity ref of the cluster will be used instead.
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: |-
+ The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: |-
+ The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If unspecified,
+ instead the 0-based index of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding details.
+ We intentionally don't expose this as a map[string]string because we only want to enable
+ the users to set the values of the keys that are known to work in OpenStack Networking API.
+ See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ properties:
+ ovsHWOffload:
+ description: OVSHWOffload enables or disables the OVS hardware
+ offload feature.
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables the propagate
+ uplink status on the port.
+ type: boolean
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination these
+ of the security groups to assign to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Enables and disables trunk at port level. If not
+ provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec key-value
+ pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Machine tags
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ type: object
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ FailureMessage will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ failureReason:
+ description: DeprecatedCAPIMachineStatusError defines errors states
+ for Machine objects.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the OpenStack instance
+ for this machine.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ type: object
+ type: object
+ served: false
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachine is the Schema for the openstackmachines API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications for
+ additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to attach to
+ the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ Name cannot be 'root', which is reserved for the root volume.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device in gibibytes
+ (GiB).
+ minimum: 1
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage options
+ for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ?
+ has(self.name) : !has(self.name)'
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIPPoolRef:
+ description: |-
+ floatingIPPoolRef is a reference to a IPPool that will be assigned
+ to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
+ will be assigned to the OpenStackMachine.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this machine. If not specified, the
+ credentials specified in the cluster will be used.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry in the
+ clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ image:
+ description: |-
+ The image to use for your server instance.
+ If the rootVolume is specified, this will be used when creating the root volume.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter describes a query for an image. If specified, the combination
+ of name and tags must return a single matching image or an error will
+ be raised.
+ minProperties: 1
+ properties:
+ name:
+ description: The name of the desired image. If specified,
+ the combination of name and tags must return a single matching
+ image or an error will be raised.
+ type: string
+ tags:
+ description: The tags associated with the desired image. If
+ specified, the combination of name and tags must return
+ a single matching image or an error will be raised.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the image. ID will not be validated
+ before use.
+ format: uuid
+ type: string
+ imageRef:
+ description: |-
+ ImageRef is a reference to an ORC Image in the same namespace as the
+ referring object.
+ properties:
+ name:
+ description: Name is the name of the referenced resource
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port should
+ be created in the up (true) or down (false) state. The default
+ is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description for
+ the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or IP
+ address to assign to the port. If specified, these must be
+ subnets of the port's network.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If Subnet
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the
+ subnet. It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will
+ not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where the port
+ resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of the port.
+ If not specified, the MAC address will be generated.
+ type: string
+ nameSuffix:
+ description: NameSuffix will be appended to the name of the
+ port if specified. If unspecified, instead the 0-based index
+ of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is
+ provided, the other filters cannot be provided. Must be
+ in UUID format.
+ format: uuid
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables the propagate
+ uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of the names, uuids, filters
+ or any combination these of the security groups to assign
+ to the instance.
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use.
+ If ID is provided, the other filters cannot be provided.
+ Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: |-
+ Trunk specifies whether trunking is enabled at the port level. If not
+ provided the value is inherited from the machine, or false for a
+ bastion host.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec key-value
+ pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ sizeGiB:
+ description: SizeGiB is the size of the block device in gibibytes
+ (GiB).
+ minimum: 1
+ type: integer
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ required:
+ - sizeGiB
+ type: object
+ schedulerHintAdditionalProperties:
+ description: |-
+ SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
+ to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
+ such as specifying certain host aggregates or availability zones.
+ items:
+ description: |-
+ SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
+ It includes a Name to identify the property and a Value that can be of various types.
+ properties:
+ name:
+ description: |-
+ Name is the name of the scheduler hint property.
+ It is a unique identifier for the property.
+ minLength: 1
+ type: string
+ value:
+ description: |-
+ Value is the value of the scheduler hint property, which can be of various types
+ (e.g., bool, string, int). The type is indicated by the Value.Type field.
+ properties:
+ bool:
+ description: |-
+ Bool is the boolean value of the scheduler hint, used when Type is "Bool".
+ This field is required if type is 'Bool', and must not be set otherwise.
+ type: boolean
+ number:
+ description: |-
+ Number is the integer value of the scheduler hint, used when Type is "Number".
+ This field is required if type is 'Number', and must not be set otherwise.
+ type: integer
+ string:
+ description: |-
+ String is the string value of the scheduler hint, used when Type is "String".
+ This field is required if type is 'String', and must not be set otherwise.
+ maxLength: 255
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ Type represents the type of the value.
+ Valid values are Bool, String, and Number.
+ enum:
+ - Bool
+ - String
+ - Number
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: bool is required when type is Bool, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
+ : !has(self.bool)'
+ - message: number is required when type is Number, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
+ : !has(self.number)'
+ - message: string is required when type is String, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
+ : !has(self.string)'
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use. If ID
+ is provided, the other filters cannot be provided. Must be
+ in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ serverGroup:
+ description: The server group to assign the machine to.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack server
+ group. If provided, it cannot be empty.
+ minProperties: 1
+ properties:
+ name:
+ description: Name is the name of a server group to look for.
+ type: string
+ type: object
+ id:
+ description: ID is the ID of the server group to use.
+ format: uuid
+ type: string
+ type: object
+ serverMetadata:
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ items:
+ properties:
+ key:
+ description: Key is the server metadata key
+ maxLength: 255
+ type: string
+ value:
+ description: Value is the server metadata value
+ maxLength: 255
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Tags which will be added to the machine and all dependent resources
+ which support them. These are in addition to Tags defined on the
+ cluster.
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ required:
+ - image
+ type: object
+ x-kubernetes-validations:
+ - message: at least one of flavor or flavorID must be set
+ rule: (has(self.flavor) || has(self.flavorID))
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: |-
+ FailureMessage will be set in the event that there is a terminal problem
+ reconciling the Machine and will contain a more verbose string suitable
+ for logging and human consumption.
+
+ This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over
+ time (like service outages), but instead indicate that something is
+ fundamentally wrong with the Machine's spec or the configuration of
+ the controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the
+ responsible controller itself being critically misconfigured.
+
+ Any transient errors that occur during the reconciliation of Machines
+ can be added as events to the Machine object and/or logged in the
+ controller's output.
+ type: string
+ failureReason:
+ description: DeprecatedCAPIMachineStatusError defines errors states
+ for Machine objects.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ instanceState:
+ description: |-
+ InstanceState is the state of the OpenStack instance for this machine.
+ This field is not set anymore by the OpenStackMachine controller.
+ Instead, it's set by the OpenStackServer controller.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ resolved:
+ description: |-
+ Resolved contains parts of the machine spec with all external
+ references fully resolved.
+ properties:
+ flavorID:
+ description: FlavorID is the ID of the flavor to use.
+ type: string
+ imageID:
+ description: ImageID is the ID of the image to use for the machine
+ and is calculated based on ImageFilter.
+ type: string
+ ports:
+ description: Ports is the fully resolved list of ports to create
+ for the machine.
+ items:
+ description: ResolvedPortSpec is a PortOpts with all contained
+ references fully resolved.
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port should
+ be created in the up (true) or down (false) state. The
+ default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description
+ for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or
+ IP address to assign to the port. If specified, these
+ must be subnets of the port's network.
+ items:
+ description: ResolvedFixedIP is a FixedIP with the Subnet
+ resolved to an ID.
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If SubnetID
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: SubnetID is the id of a subnet to create
+ the fixed IP of a port in.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where the
+ port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of the
+ port. If not specified, the MAC address will be generated.
+ type: string
+ name:
+ description: Name is the name of the port.
+ type: string
+ networkID:
+ description: NetworkID is the ID of the network the port
+ will be created in.
+ type: string
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables the
+ propagate uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of security group
+ IDs to assign to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.)
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Trunk specifies whether trunking is enabled
+ at the port level.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ required:
+ - description
+ - name
+ - networkID
+ type: object
+ type: array
+ serverGroupID:
+ description: ServerGroupID is the ID of the server group the machine
+ should be added to and is calculated based on ServerGroupFilter.
+ type: string
+ type: object
+ resources:
+ description: Resources contains references to OpenStack resources
+ created for the machine.
+ properties:
+ ports:
+ description: Ports is the status of the ports created for the
+ machine.
+ items:
+ properties:
+ id:
+ description: ID is the unique identifier of the port.
+ type: string
+ required:
+ - id
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackMachineTemplate
+ listKind: OpenStackMachineTemplateList
+ plural: openstackmachinetemplates
+ shortNames:
+ - osmt
+ singular: openstackmachinetemplate
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ deprecationWarning: The v1alpha7 version of OpenStackMachineTemplate has been
+ deprecated and will be removed in a future release.
+ name: v1alpha7
+ schema:
+ openAPIV3Schema:
+ description: |-
+ OpenStackMachineTemplate is the Schema for the openstackmachinetemplates API.
+
+ Deprecated: v1alpha7.OpenStackMachineTemplate has been replaced by v1beta1.OpenStackMachineTemplate.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to
+ attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device
+ in gibibytes (GiB).
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage
+ options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume in.
+ If omitted, the availability zone of the server will be used.
+ The availability zone must NOT contain spaces otherwise it will lead to volume that belongs
+ to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for
+ further information.
+ type: string
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIP:
+ description: |-
+ The floatingIP which will be associated to the machine, only used for master.
+ The floatingIP should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a identity to be used when reconciling this cluster.
+ If not specified, the identity ref of the cluster will be used instead.
+ properties:
+ kind:
+ description: |-
+ Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: |-
+ Name of the infrastructure identity to be used.
+ Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: |-
+ The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: |-
+ The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding details.
+ We intentionally don't expose this as a map[string]string because we only want to enable
+ the users to set the values of the keys that are known to work in OpenStack Networking API.
+ See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ properties:
+ ovsHWOffload:
+ description: OVSHWOffload enables or disables the
+ OVS hardware offload feature.
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables
+ the propagate uplink status on the port.
+ type: boolean
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value
+ pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Machine tags
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: false
+ storage: false
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications
+ for additional block devices to attach to the server instance
+ items:
+ description: AdditionalBlockDevice is a block device to
+ attach to the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ Name cannot be 'root', which is reserved for the root volume.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device
+ in gibibytes (GiB).
+ minimum: 1
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage
+ options for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name'
+ or default
+ rule: '!has(self.from) || self.from == ''Name''
+ ? has(self.name) : !has(self.name)'
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIPPoolRef:
+ description: |-
+ floatingIPPoolRef is a reference to a IPPool that will be assigned
+ to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP
+ will be assigned to the OpenStackMachine.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ identityRef:
+ description: |-
+ IdentityRef is a reference to a secret holding OpenStack credentials
+ to be used when reconciling this machine. If not specified, the
+ credentials specified in the cluster will be used.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry
+ in the clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ image:
+ description: |-
+ The image to use for your server instance.
+ If the rootVolume is specified, this will be used when creating the root volume.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter describes a query for an image. If specified, the combination
+ of name and tags must return a single matching image or an error will
+ be raised.
+ minProperties: 1
+ properties:
+ name:
+ description: The name of the desired image. If specified,
+ the combination of name and tags must return a single
+ matching image or an error will be raised.
+ type: string
+ tags:
+ description: The tags associated with the desired
+ image. If specified, the combination of name and
+ tags must return a single matching image or an error
+ will be raised.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the image. ID will not
+ be validated before use.
+ format: uuid
+ type: string
+ imageRef:
+ description: |-
+ ImageRef is a reference to an ORC Image in the same namespace as the
+ referring object.
+ properties:
+ name:
+ description: Name is the name of the referenced resource
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ ports:
+ description: |-
+ Ports to be attached to the server instance. They are created if a port with the given name does not already exist.
+ If not specified a default port will be added for the default cluster network.
+ items:
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port
+ should be created in the up (true) or down (false)
+ state. The default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description
+ for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or
+ IP address to assign to the port. If specified, these
+ must be subnets of the port's network.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If Subnet
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to
+ select the subnet. It must match exactly
+ one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet.
+ It will not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where
+ the port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of
+ the port. If not specified, the MAC address will be
+ generated.
+ type: string
+ nameSuffix:
+ description: NameSuffix will be appended to the name
+ of the port if specified. If unspecified, instead
+ the 0-based index of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select
+ an OpenStack network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use.
+ If ID is provided, the other filters cannot be
+ provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables
+ the propagate uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of the names,
+ uuids, filters or any combination these of the security
+ groups to assign to the instance.
+ items:
+ description: SecurityGroupParam specifies an OpenStack
+ security group. It may be specified by ID or filter,
+ but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select
+ an OpenStack security group. If provided, cannot
+ be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group
+ to use. If ID is provided, the other filters
+ cannot be provided. Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: |-
+ Trunk specifies whether trunking is enabled at the port level. If not
+ provided the value is inherited from the machine, or false for a
+ bastion host.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value
+ pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ sizeGiB:
+ description: SizeGiB is the size of the block device in
+ gibibytes (GiB).
+ minimum: 1
+ type: integer
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ required:
+ - sizeGiB
+ type: object
+ schedulerHintAdditionalProperties:
+ description: |-
+ SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
+ to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
+ such as specifying certain host aggregates or availability zones.
+ items:
+ description: |-
+ SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
+ It includes a Name to identify the property and a Value that can be of various types.
+ properties:
+ name:
+ description: |-
+ Name is the name of the scheduler hint property.
+ It is a unique identifier for the property.
+ minLength: 1
+ type: string
+ value:
+ description: |-
+ Value is the value of the scheduler hint property, which can be of various types
+ (e.g., bool, string, int). The type is indicated by the Value.Type field.
+ properties:
+ bool:
+ description: |-
+ Bool is the boolean value of the scheduler hint, used when Type is "Bool".
+ This field is required if type is 'Bool', and must not be set otherwise.
+ type: boolean
+ number:
+ description: |-
+ Number is the integer value of the scheduler hint, used when Type is "Number".
+ This field is required if type is 'Number', and must not be set otherwise.
+ type: integer
+ string:
+ description: |-
+ String is the string value of the scheduler hint, used when Type is "String".
+ This field is required if type is 'String', and must not be set otherwise.
+ maxLength: 255
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ Type represents the type of the value.
+ Valid values are Bool, String, and Number.
+ enum:
+ - Bool
+ - String
+ - Number
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: bool is required when type is Bool, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
+ : !has(self.bool)'
+ - message: number is required when type is Number, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''Number'' ?
+ has(self.number) : !has(self.number)'
+ - message: string is required when type is String, and
+ forbidden otherwise
+ rule: 'has(self.type) && self.type == ''String'' ?
+ has(self.string) : !has(self.string)'
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use.
+ If ID is provided, the other filters cannot be provided.
+ Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ serverGroup:
+ description: The server group to assign the machine to.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ server group. If provided, it cannot be empty.
+ minProperties: 1
+ properties:
+ name:
+ description: Name is the name of a server group to
+ look for.
+ type: string
+ type: object
+ id:
+ description: ID is the ID of the server group to use.
+ format: uuid
+ type: string
+ type: object
+ serverMetadata:
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ items:
+ properties:
+ key:
+ description: Key is the server metadata key
+ maxLength: 255
+ type: string
+ value:
+ description: Value is the server metadata value
+ maxLength: 255
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ tags:
+ description: |-
+ Tags which will be added to the machine and all dependent resources
+ which support them. These are in addition to Tags defined on the
+ cluster.
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - image
+ type: object
+ x-kubernetes-validations:
+ - message: at least one of flavor or flavorID must be set
+ rule: (has(self.flavor) || has(self.flavorID))
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.5
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: openstackservers.infrastructure.cluster.x-k8s.io
+spec:
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackServer
+ listKind: OpenStackServerList
+ plural: openstackservers
+ shortNames:
+ - oss
+ singular: openstackserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: OpenStack instance ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .status.instanceID
+ name: InstanceID
+ type: string
+ - description: Time duration since creation of OpenStack instance
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OpenStackServer is the Schema for the openstackservers API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackServerSpec defines the desired state of OpenStackServer.
+ properties:
+ additionalBlockDevices:
+ description: AdditionalBlockDevices is a list of specifications for
+ additional block devices to attach to the server instance.
+ items:
+ description: AdditionalBlockDevice is a block device to attach to
+ the server.
+ properties:
+ name:
+ description: |-
+ Name of the block device in the context of a machine.
+ If the block device is a volume, the Cinder volume will be named
+ as a combination of the machine name and this name.
+ Also, this name will be used for tagging the block device.
+ Information about the block device tag can be obtained from the OpenStack
+ metadata API or the config drive.
+ Name cannot be 'root', which is reserved for the root volume.
+ type: string
+ sizeGiB:
+ description: SizeGiB is the size of the block device in gibibytes
+ (GiB).
+ minimum: 1
+ type: integer
+ storage:
+ description: |-
+ Storage specifies the storage type of the block device and
+ additional storage options.
+ properties:
+ type:
+ description: |-
+ Type is the type of block device to create.
+ This can be either "Volume" or "Local".
+ type: string
+ volume:
+ description: Volume contains additional storage options
+ for a volume block device.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ?
+ has(self.name) : !has(self.name)'
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ type: object
+ required:
+ - type
+ type: object
+ required:
+ - name
+ - sizeGiB
+ - storage
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ availabilityZone:
+ description: AvailabilityZone is the availability zone in which to
+ create the server instance.
+ type: string
+ configDrive:
+ description: ConfigDrive is a flag to enable config drive for the
+ server instance.
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for the server instance.
+ minLength: 1
+ type: string
+ flavorID:
+ description: |-
+ FlavorID allows flavors to be specified by ID. This field takes precedence
+ over Flavor.
+ minLength: 1
+ type: string
+ floatingIPPoolRef:
+ description: FloatingIPPoolRef is a reference to a FloatingIPPool
+ to allocate a floating IP from.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ identityRef:
+ description: IdentityRef is a reference to a secret holding OpenStack
+ credentials.
+ properties:
+ cloudName:
+ description: CloudName specifies the name of the entry in the
+ clouds.yaml file to use.
+ type: string
+ name:
+ description: |-
+ Name is the name of a secret in the same namespace as the resource being provisioned.
+ The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file.
+ The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate.
+ type: string
+ region:
+ description: |-
+ Region specifies an OpenStack region to use. If specified, it overrides
+ any value in clouds.yaml. If specified for an OpenStackMachine, its
+ value will be included in providerID.
+ type: string
+ required:
+ - cloudName
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: region is immutable
+ rule: (!has(self.region) && !has(oldSelf.region)) || self.region
+ == oldSelf.region
+ image:
+ description: The image to use for the server instance.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: |-
+ Filter describes a query for an image. If specified, the combination
+ of name and tags must return a single matching image or an error will
+ be raised.
+ minProperties: 1
+ properties:
+ name:
+ description: The name of the desired image. If specified,
+ the combination of name and tags must return a single matching
+ image or an error will be raised.
+ type: string
+ tags:
+ description: The tags associated with the desired image. If
+ specified, the combination of name and tags must return
+ a single matching image or an error will be raised.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the image. ID will not be validated
+ before use.
+ format: uuid
+ type: string
+ imageRef:
+ description: |-
+ ImageRef is a reference to an ORC Image in the same namespace as the
+ referring object.
+ properties:
+ name:
+ description: Name is the name of the referenced resource
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ ports:
+ description: Ports to be attached to the server instance.
+ items:
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port should
+ be created in the up (true) or down (false) state. The default
+ is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description for
+ the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or IP
+ address to assign to the port. If specified, these must be
+ subnets of the port's network.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If Subnet
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: |-
+ Subnet is an openstack subnet query that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not return more than one subnet.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select the
+ subnet. It must match exactly one subnet.
+ minProperties: 1
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gatewayIP:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RAMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the uuid of the subnet. It will
+ not be validated.
+ format: uuid
+ type: string
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where the port
+ resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of the port.
+ If not specified, the MAC address will be generated.
+ type: string
+ nameSuffix:
+ description: NameSuffix will be appended to the name of the
+ port if specified. If unspecified, instead the 0-based index
+ of the port in the list is used.
+ type: string
+ network:
+ description: |-
+ Network is a query for an openstack network that the port will be created or discovered on.
+ This will fail if the query returns more than one network.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a filter to select an OpenStack
+ network. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the network to use. If ID is
+ provided, the other filters cannot be provided. Must be
+ in UUID format.
+ format: uuid
+ type: string
+ type: object
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables the propagate
+ uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of the names, uuids, filters
+ or any combination these of the security groups to assign
+ to the instance.
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use.
+ If ID is provided, the other filters cannot be provided.
+ Must be in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: |-
+ Tags applied to the port (and corresponding trunk, if a trunk is configured.)
+ These tags are applied in addition to the instance's tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: |-
+ Trunk specifies whether trunking is enabled at the port level. If not
+ provided the value is inherited from the machine, or false for a
+ bastion host.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec key-value
+ pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ type: object
+ type: array
+ rootVolume:
+ description: RootVolume is the specification for the root volume of
+ the server instance.
+ properties:
+ availabilityZone:
+ description: |-
+ AvailabilityZone is the volume availability zone to create the volume
+ in. If not specified, the volume will be created without an explicit
+ availability zone.
+ properties:
+ from:
+ default: Name
+ description: |-
+ From specifies where we will obtain the availability zone for the
+ volume. The options are "Name" and "Machine". If "Name" is specified
+ then the Name field must also be specified. If "Machine" is specified
+ the volume will use the value of FailureDomain, if any, from the
+ associated Machine.
+ enum:
+ - Name
+ - Machine
+ type: string
+ name:
+ description: |-
+ Name is the name of a volume availability zone to use. It is required
+ if From is "Name". The volume availability zone name may not contain
+ spaces.
+ minLength: 1
+ pattern: ^[^ ]+$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: name is required when from is 'Name' or default
+ rule: '!has(self.from) || self.from == ''Name'' ? has(self.name)
+ : !has(self.name)'
+ sizeGiB:
+ description: SizeGiB is the size of the block device in gibibytes
+ (GiB).
+ minimum: 1
+ type: integer
+ type:
+ description: |-
+ Type is the Cinder volume type of the volume.
+ If omitted, the default Cinder volume type that is configured in the OpenStack cloud
+ will be used.
+ type: string
+ required:
+ - sizeGiB
+ type: object
+ schedulerHintAdditionalProperties:
+ description: |-
+ SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints
+ to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure,
+ such as specifying certain host aggregates or availability zones.
+ items:
+ description: |-
+ SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint.
+ It includes a Name to identify the property and a Value that can be of various types.
+ properties:
+ name:
+ description: |-
+ Name is the name of the scheduler hint property.
+ It is a unique identifier for the property.
+ minLength: 1
+ type: string
+ value:
+ description: |-
+ Value is the value of the scheduler hint property, which can be of various types
+ (e.g., bool, string, int). The type is indicated by the Value.Type field.
+ properties:
+ bool:
+ description: |-
+ Bool is the boolean value of the scheduler hint, used when Type is "Bool".
+ This field is required if type is 'Bool', and must not be set otherwise.
+ type: boolean
+ number:
+ description: |-
+ Number is the integer value of the scheduler hint, used when Type is "Number".
+ This field is required if type is 'Number', and must not be set otherwise.
+ type: integer
+ string:
+ description: |-
+ String is the string value of the scheduler hint, used when Type is "String".
+ This field is required if type is 'String', and must not be set otherwise.
+ maxLength: 255
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ Type represents the type of the value.
+ Valid values are Bool, String, and Number.
+ enum:
+ - Bool
+ - String
+ - Number
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: bool is required when type is Bool, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool)
+ : !has(self.bool)'
+ - message: number is required when type is Number, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''Number'' ? has(self.number)
+ : !has(self.number)'
+ - message: string is required when type is String, and forbidden
+ otherwise
+ rule: 'has(self.type) && self.type == ''String'' ? has(self.string)
+ : !has(self.string)'
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityGroups:
+ description: SecurityGroups is a list of security groups names to
+ assign to the instance.
+ items:
+ description: SecurityGroupParam specifies an OpenStack security
+ group. It may be specified by ID or filter, but not both.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack
+ security group. If provided, cannot be empty.
+ minProperties: 1
+ properties:
+ description:
+ type: string
+ name:
+ type: string
+ notTags:
+ description: |-
+ NotTags is a list of tags to filter by. If specified, resources which
+ contain all of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ notTagsAny:
+ description: |-
+ NotTagsAny is a list of tags to filter by. If specified, resources
+ which contain any of the given tags will be excluded from the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ projectID:
+ type: string
+ tags:
+ description: |-
+ Tags is a list of tags to filter by. If specified, the resource must
+ have all of the tags specified to be included in the result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tagsAny:
+ description: |-
+ TagsAny is a list of tags to filter by. If specified, the resource
+ must have at least one of the tags specified to be included in the
+ result.
+ items:
+ description: |-
+ NeutronTag represents a tag on a Neutron resource.
+ It may not be empty and may not contain commas.
+ minLength: 1
+ pattern: ^[^,]+$
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ id:
+ description: ID is the ID of the security group to use. If ID
+ is provided, the other filters cannot be provided. Must be
+ in UUID format.
+ format: uuid
+ type: string
+ type: object
+ type: array
+ serverGroup:
+ description: ServerGroup is the server group to which the server instance
+ belongs.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ filter:
+ description: Filter specifies a query to select an OpenStack server
+ group. If provided, it cannot be empty.
+ minProperties: 1
+ properties:
+ name:
+ description: Name is the name of a server group to look for.
+ type: string
+ type: object
+ id:
+ description: ID is the ID of the server group to use.
+ format: uuid
+ type: string
+ type: object
+ serverMetadata:
+ description: ServerMetadata is a map of key value pairs to add to
+ the server instance.
+ items:
+ properties:
+ key:
+ description: Key is the server metadata key
+ maxLength: 255
+ type: string
+ value:
+ description: Value is the server metadata value
+ maxLength: 255
+ type: string
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - key
+ x-kubernetes-list-type: map
+ sshKeyName:
+ description: SSHKeyName is the name of the SSH key to inject in the
+ instance.
+ type: string
+ tags:
+ description: |-
+ Tags which will be added to the machine and all dependent resources
+ which support them. These are in addition to Tags defined on the
+ cluster.
+ Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Trunk is a flag to indicate if the server instance is
+ created on a trunk port or not.
+ type: boolean
+ userDataRef:
+ description: |-
+ UserDataRef is a reference to a secret containing the user data to
+ be injected into the server instance.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - identityRef
+ - image
+ - ports
+ - sshKeyName
+ type: object
+ x-kubernetes-validations:
+ - message: at least one of flavor or flavorID must be set
+ rule: (has(self.flavor) || has(self.flavorID))
+ status:
+ description: OpenStackServerStatus defines the observed state of OpenStackServer.
+ properties:
+ addresses:
+ description: Addresses is the list of addresses of the server instance.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions defines current service state of the OpenStackServer.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ Last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ A human readable message indicating details about the transition.
+ This field may be empty.
+ type: string
+ reason:
+ description: |-
+ The reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ instanceID:
+ description: InstanceID is the ID of the server instance.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the server instance.
+ type: string
+ ready:
+ default: false
+ description: Ready is true when the OpenStack server is ready.
+ type: boolean
+ resolved:
+ description: |-
+ Resolved contains parts of the machine spec with all external
+ references fully resolved.
+ properties:
+ flavorID:
+ description: FlavorID is the ID of the flavor to use.
+ type: string
+ imageID:
+ description: ImageID is the ID of the image to use for the server
+ and is calculated based on ImageFilter.
+ type: string
+ ports:
+ description: Ports is the fully resolved list of ports to create
+ for the server.
+ items:
+ description: ResolvedPortSpec is a PortOpts with all contained
+ references fully resolved.
+ properties:
+ adminStateUp:
+ description: AdminStateUp specifies whether the port should
+ be created in the up (true) or down (false) state. The
+ default is up.
+ type: boolean
+ allowedAddressPairs:
+ description: |-
+ AllowedAddressPairs is a list of address pairs which Neutron will
+ allow the port to send traffic from in addition to the port's
+ addresses. If not specified, the MAC Address will be the MAC Address
+ of the port. Depending on the configuration of Neutron, it may be
+ supported to specify a CIDR instead of a specific IP address.
+ items:
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is the IP address of the allowed address pair. Depending on
+ the configuration of Neutron, it may be supported to specify a CIDR
+ instead of a specific IP address.
+ type: string
+ macAddress:
+ description: |-
+ MACAddress is the MAC address of the allowed address pair. If not
+ specified, the MAC address will be the MAC address of the port.
+ type: string
+ required:
+ - ipAddress
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description
+ for the port.
+ type: string
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity enables or disables the port security when set.
+ When not set, it takes the value of the corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: FixedIPs is a list of pairs of subnet and/or
+ IP address to assign to the port. If specified, these
+ must be subnets of the port's network.
+ items:
+ description: ResolvedFixedIP is a FixedIP with the Subnet
+ resolved to an ID.
+ properties:
+ ipAddress:
+ description: |-
+ IPAddress is a specific IP address to assign to the port. If SubnetID
+ is also specified, IPAddress must be a valid IP address in the
+ subnet. If Subnet is not specified, IPAddress must be a valid IP
+ address in any subnet of the port's network.
+ type: string
+ subnet:
+ description: SubnetID is the id of a subnet to create
+ the fixed IP of a port in.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ hostID:
+ description: HostID specifies the ID of the host where the
+ port resides.
+ type: string
+ macAddress:
+ description: MACAddress specifies the MAC address of the
+ port. If not specified, the MAC address will be generated.
+ type: string
+ name:
+ description: Name is the name of the port.
+ type: string
+ networkID:
+ description: NetworkID is the ID of the network the port
+ will be created in.
+ type: string
+ profile:
+ description: |-
+ Profile is a set of key-value pairs that are used for binding
+ details. We intentionally don't expose this as a map[string]string
+ because we only want to enable the users to set the values of the
+ keys that are known to work in OpenStack Networking API. See
+ https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port
+ To set profiles, your tenant needs permissions rule:create_port, and
+ rule:create_port:binding:profile
+ properties:
+ ovsHWOffload:
+ description: |-
+ OVSHWOffload enables or disables the OVS hardware offload feature.
+ This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached.
+ See: https://bugs.launchpad.net/nova/+bug/2020813
+ type: boolean
+ trustedVF:
+ description: TrustedVF enables or disables the “trusted
+ mode” for the VF.
+ type: boolean
+ type: object
+ propagateUplinkStatus:
+ description: PropageteUplinkStatus enables or disables the
+ propagate uplink status on the port.
+ type: boolean
+ securityGroups:
+ description: SecurityGroups is a list of security group
+ IDs to assign to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.)
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Trunk specifies whether trunking is enabled
+ at the port level.
+ type: boolean
+ valueSpecs:
+ description: |-
+ Value specs are extra parameters to include in the API request with OpenStack.
+ This is an extension point for the API, so what they do and if they are supported,
+ depends on the specific OpenStack implementation.
+ items:
+ description: ValueSpec represents a single value_spec
+ key-value pair.
+ properties:
+ key:
+ description: Key is the key in the key-value pair.
+ type: string
+ name:
+ description: |-
+ Name is the name of the key-value pair.
+ This is just for identifying the pair and will not be sent to the OpenStack API.
+ type: string
+ value:
+ description: Value is the value in the key-value pair.
+ type: string
+ required:
+ - key
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ vnicType:
+ description: |-
+ VNICType specifies the type of vNIC which this port should be
+ attached to. This is used to determine which mechanism driver(s) to
+ be used to bind the port. The valid values are normal, macvtap,
+ direct, baremetal, direct-physical, virtio-forwarder, smart-nic and
+ remote-managed, although these values will not be validated in this
+ API to ensure compatibility with future neutron changes or custom
+ implementations. What type of vNIC is actually available depends on
+ deployments. If not specified, the Neutron default value is used.
+ type: string
+ required:
+ - description
+ - name
+ - networkID
+ type: object
+ type: array
+ serverGroupID:
+ description: ServerGroupID is the ID of the server group the server
+ should be added to and is calculated based on ServerGroupFilter.
+ type: string
+ type: object
+ resources:
+ description: Resources contains references to OpenStack resources
+ created for the machine.
+ properties:
+ ports:
+ description: Ports is the status of the ports created for the
+ server.
+ items:
+ properties:
+ id:
+ description: ID is the unique identifier of the port.
+ type: string
+ required:
+ - id
+ type: object
+ type: array
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-leader-election-role
+ namespace: capo-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machines
+ - machines/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackclusters
+ - openstackfloatingippools
+ - openstackmachines
+ - openstackservers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackclusters/status
+ - openstackfloatingippools/status
+ - openstackmachines/status
+ - openstackservers/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddressclaims
+ - ipaddressclaims/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddresses
+ - ipaddresses/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - openstack.k-orc.cloud
+ resources:
+ - images
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-leader-election-rolebinding
+ namespace: capo-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capo-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capo-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-webhook-service
+ namespace: capo-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: capo-controller-manager
+ name: capo-controller-manager
+ namespace: capo-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ control-plane: capo-controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ control-plane: capo-controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --v=2
+ - --diagnostics-address=127.0.0.1:8080
+ - --insecure-diagnostics=true
+ command:
+ - /manager
+ image: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.12.1
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsGroup: 65532
+ runAsUser: 65532
+ terminationMessagePolicy: FallbackToLogsOnError
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: capo-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: capo-webhook-service-cert
+status: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ clusterctl.cluster.x-k8s.io: ""
+ name: capo-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackcluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackcluster.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackclustertemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclustertemplates
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackmachine.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackmachines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachinetemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackmachinetemplates
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-openstackserver
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackserver.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackservers
+ sideEffects: None
projects / osm / devops.git / commitdiff