From 369cc81966c423531e9ee0f6bd12e31d84d92b9c Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Tue, 22 Jul 2025 15:34:09 +0200 Subject: [PATCH] Revert "Feature 11049: Addition of CAPI manifests from upstream projects" This reverts commit f686de59d46aa3ebae48edc07830a0371ffb3c03. Change-Id: If39d951de02917c6db0fa4d421e2e145fac1b306 Signed-off-by: garciadeblas --- .../capi/cni/calico/manifests/calico.yaml | 5143 ------ ...loud-controller-manager-role-bindings.yaml | 28 - .../cloud-controller-manager-roles.yaml | 122 - ...openstack-cloud-controller-manager-ds.yaml | 81 - .../capi/manifests/core-controller/core.yaml | 14850 ---------------- .../bootstrap/kubeadm/bootstrap.yaml | 7998 --------- .../control-plane/kubeadm/control-plane.yaml | 8280 --------- .../openstack-resource-controller.yaml | 888 - .../infrastructure/openstack/openstack.yaml | 11668 ------------ 9 files changed, 49058 deletions(-) delete mode 100644 installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml delete mode 100644 installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml delete mode 100644 installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml delete mode 100644 installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml delete mode 100644 installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml delete mode 100644 installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml delete mode 100644 installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml delete mode 100644 installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml delete mode 100644 installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml deleted file mode 100644 index 066b20be..00000000 --- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/cni/calico/manifests/calico.yaml +++ /dev/null @@ -1,5143 +0,0 @@ ---- -# Source: calico/templates/calico-kube-controllers.yaml -# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers ---- -# Source: calico/templates/calico-kube-controllers.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system ---- -# Source: calico/templates/calico-node.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system ---- -# Source: calico/templates/calico-node.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-cni-plugin - namespace: kube-system ---- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # Typha is disabled. - typha_service_name: "none" - # Configure the backend to use. - calico_backend: "bird" - - # Configure the MTU to use for workload interfaces and tunnels. - # By default, MTU is auto-detected, and explicitly setting this field should not be required. - # You can override auto-detection by providing a non-zero value. - veth_mtu: "0" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "log_file_path": "/var/log/calico/cni/cni.log", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "calico-ipam" - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - }, - { - "type": "bandwidth", - "capabilities": {"bandwidth": true} - } - ] - } ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPConfiguration - listKind: BGPConfigurationList - plural: bgpconfigurations - singular: bgpconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: BGPConfiguration contains the configuration for any BGP routing. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPConfigurationSpec contains the values of the BGP configuration. - properties: - asNumber: - description: 'ASNumber is the default AS number used by a node. [Default: - 64512]' - format: int32 - type: integer - bindMode: - description: BindMode indicates whether to listen for BGP connections - on all addresses (None) or only on the node's canonical IP address - Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen - for BGP connections on all addresses. - type: string - communities: - description: Communities is a list of BGP community values and their - arbitrary names for tagging routes. - items: - description: Community contains standard or large community value - and its name. - properties: - name: - description: Name given to community value. - type: string - value: - description: Value must be of format `aa:nn` or `aa:nn:mm`. - For standard community use `aa:nn` format, where `aa` and - `nn` are 16 bit number. For large community use `aa:nn:mm` - format, where `aa`, `nn` and `mm` are 32 bit number. Where, - `aa` is an AS Number, `nn` and `mm` are per-AS identifier. - pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ - type: string - type: object - type: array - ignoredInterfaces: - description: IgnoredInterfaces indicates the network interfaces that - needs to be excluded when reading device routes. - items: - type: string - type: array - listenPort: - description: ListenPort is the port where BGP protocol should listen. - Defaults to 179 - maximum: 65535 - minimum: 1 - type: integer - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: INFO]' - type: string - nodeMeshMaxRestartTime: - description: Time to allow for software restart for node-to-mesh peerings. When - specified, this is configured as the graceful restart timeout. When - not specified, the BIRD default of 120s is used. This field can - only be set on the default BGPConfiguration instance and requires - that NodeMesh is enabled - type: string - nodeMeshPassword: - description: Optional BGP password for full node-to-mesh peerings. - This field can only be set on the default BGPConfiguration instance - and requires that NodeMesh is enabled - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - nodeToNodeMeshEnabled: - description: 'NodeToNodeMeshEnabled sets whether full node to node - BGP mesh is enabled. [Default: true]' - type: boolean - prefixAdvertisements: - description: PrefixAdvertisements contains per-prefix advertisement - configuration. - items: - description: PrefixAdvertisement configures advertisement properties - for the specified CIDR. - properties: - cidr: - description: CIDR for which properties should be advertised. - type: string - communities: - description: Communities can be list of either community names - already defined in `Specs.Communities` or community value - of format `aa:nn` or `aa:nn:mm`. For standard community use - `aa:nn` format, where `aa` and `nn` are 16 bit number. For - large community use `aa:nn:mm` format, where `aa`, `nn` and - `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and - `mm` are per-AS identifier. - items: - type: string - type: array - type: object - type: array - serviceClusterIPs: - description: ServiceClusterIPs are the CIDR blocks from which service - cluster IPs are allocated. If specified, Calico will advertise these - blocks, as well as any cluster IPs within them. - items: - description: ServiceClusterIPBlock represents a single allowed ClusterIP - CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceExternalIPs: - description: ServiceExternalIPs are the CIDR blocks for Kubernetes - Service External IPs. Kubernetes Service ExternalIPs will only be - advertised if they are within one of these blocks. - items: - description: ServiceExternalIPBlock represents a single allowed - External IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceLoadBalancerIPs: - description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes - Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress - IPs will only be advertised if they are within one of these blocks. - items: - description: ServiceLoadBalancerIPBlock represents a single allowed - LoadBalancer IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: bgpfilters.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPFilter - listKind: BGPFilterList - plural: bgpfilters - singular: bgpfilter - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of - the BGP Filter. - properties: - exportV4: - description: The ordered set of IPv4 BGPFilter rules acting on exporting - routes to a peer. - items: - description: BGPFilterRuleV4 defines a BGP filter rule consisting - a single IPv4 CIDR block and a filter action for this CIDR. - properties: - action: - type: string - cidr: - type: string - interface: - type: string - matchOperator: - type: string - source: - type: string - required: - - action - type: object - type: array - exportV6: - description: The ordered set of IPv6 BGPFilter rules acting on exporting - routes to a peer. - items: - description: BGPFilterRuleV6 defines a BGP filter rule consisting - a single IPv6 CIDR block and a filter action for this CIDR. - properties: - action: - type: string - cidr: - type: string - interface: - type: string - matchOperator: - type: string - source: - type: string - required: - - action - type: object - type: array - importV4: - description: The ordered set of IPv4 BGPFilter rules acting on importing - routes from a peer. - items: - description: BGPFilterRuleV4 defines a BGP filter rule consisting - a single IPv4 CIDR block and a filter action for this CIDR. - properties: - action: - type: string - cidr: - type: string - interface: - type: string - matchOperator: - type: string - source: - type: string - required: - - action - type: object - type: array - importV6: - description: The ordered set of IPv6 BGPFilter rules acting on importing - routes from a peer. - items: - description: BGPFilterRuleV6 defines a BGP filter rule consisting - a single IPv6 CIDR block and a filter action for this CIDR. - properties: - action: - type: string - cidr: - type: string - interface: - type: string - matchOperator: - type: string - source: - type: string - required: - - action - type: object - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec contains the specification for a BGPPeer resource. - properties: - asNumber: - description: The AS Number of the peer. - format: int32 - type: integer - filters: - description: The ordered set of BGPFilters applied on this BGP peer. - items: - type: string - type: array - keepOriginalNextHop: - description: Option to keep the original nexthop field when routes - are sent to a BGP Peer. Setting "true" configures the selected BGP - Peers node to use the "next hop keep;" instead of "next hop self;"(default) - in the specific branch of the Node on "bird.cfg". - type: boolean - maxRestartTime: - description: Time to allow for software restart. When specified, - this is configured as the graceful restart timeout. When not specified, - the BIRD default of 120s is used. - type: string - node: - description: The node name identifying the Calico node instance that - is targeted by this peer. If this is not set, and no nodeSelector - is specified, then this BGP peer selects all nodes in the cluster. - type: string - nodeSelector: - description: Selector for the nodes that should have this peering. When - this is set, the Node field must be empty. - type: string - numAllowedLocalASNumbers: - description: Maximum number of local AS numbers that are allowed in - the AS path for received routes. This removes BGP loop prevention - and should only be used if absolutely necessary. - format: int32 - type: integer - password: - description: Optional BGP password for the peerings generated by this - BGPPeer resource. - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - peerIP: - description: The IP address of the peer followed by an optional port - number to peer with. If port number is given, format should be `[]:port` - or `:` for IPv4. If optional port number is not set, - and this peer IP and ASNumber belongs to a calico/node with ListenPort - set in BGPConfiguration, then we use that port to peer. - type: string - peerSelector: - description: Selector for the remote nodes to peer with. When this - is set, the PeerIP and ASNumber fields must be empty. For each - peering between the local node and selected remote nodes, we configure - an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, - and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The - remote AS number comes from the remote node's NodeBGPSpec.ASNumber, - or the global default if that is not set. - type: string - reachableBy: - description: Add an exact, i.e. /32, static route toward peer IP in - order to prevent route flapping. ReachableBy contains the address - of the gateway which peer can be reached by. - type: string - sourceAddress: - description: Specifies whether and how to configure a source address - for the peerings generated by this BGPPeer resource. Default value - "UseNodeIP" means to configure the node IP as the source address. "None" - means not to configure a source address. - type: string - ttlSecurity: - description: TTLSecurity enables the generalized TTL security mechanism - (GTSM) which protects against spoofed packets by ignoring received - packets with a smaller than expected TTL value. The provided value - is the number of hops (edges) between the peers. - type: integer - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BlockAffinity - listKind: BlockAffinityList - plural: blockaffinities - singular: blockaffinity - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BlockAffinitySpec contains the specification for a BlockAffinity - resource. - properties: - cidr: - type: string - deleted: - description: Deleted indicates that this block affinity is being deleted. - This field is a string for compatibility with older releases that - mistakenly treat this field as a string. - type: string - node: - type: string - state: - type: string - required: - - cidr - - deleted - - node - - state - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: caliconodestatuses.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: CalicoNodeStatus - listKind: CalicoNodeStatusList - plural: caliconodestatuses - singular: caliconodestatus - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus - resource. - properties: - classes: - description: Classes declares the types of information to monitor - for this calico/node, and allows for selective status reporting - about certain subsets of information. - items: - type: string - type: array - node: - description: The node name identifies the Calico node instance for - node status. - type: string - updatePeriodSeconds: - description: UpdatePeriodSeconds is the period at which CalicoNodeStatus - should be updated. Set to 0 to disable CalicoNodeStatus refresh. - Maximum update period is one day. - format: int32 - type: integer - type: object - status: - description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus. - No validation needed for status since it is updated by Calico. - properties: - agent: - description: Agent holds agent status on the node. - properties: - birdV4: - description: BIRDV4 represents the latest observed status of bird4. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - birdV6: - description: BIRDV6 represents the latest observed status of bird6. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - type: object - bgp: - description: BGP holds node BGP status. - properties: - numberEstablishedV4: - description: The total number of IPv4 established bgp sessions. - type: integer - numberEstablishedV6: - description: The total number of IPv6 established bgp sessions. - type: integer - numberNotEstablishedV4: - description: The total number of IPv4 non-established bgp sessions. - type: integer - numberNotEstablishedV6: - description: The total number of IPv6 non-established bgp sessions. - type: integer - peersV4: - description: PeersV4 represents IPv4 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - peersV6: - description: PeersV6 represents IPv6 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - required: - - numberEstablishedV4 - - numberEstablishedV6 - - numberNotEstablishedV4 - - numberNotEstablishedV6 - type: object - lastUpdated: - description: LastUpdated is a timestamp representing the server time - when CalicoNodeStatus object last updated. It is represented in - RFC3339 form and is in UTC. - format: date-time - nullable: true - type: string - routes: - description: Routes reports routes known to the Calico BGP daemon - on the node. - properties: - routesV4: - description: RoutesV4 represents IPv4 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - routesV6: - description: RoutesV6 represents IPv6 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ClusterInformation - listKind: ClusterInformationList - plural: clusterinformations - singular: clusterinformation - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterInformation contains the cluster specific information. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterInformationSpec contains the values of describing - the cluster. - properties: - calicoVersion: - description: CalicoVersion is the version of Calico that the cluster - is running - type: string - clusterGUID: - description: ClusterGUID is the GUID of the cluster - type: string - clusterType: - description: ClusterType describes the type of the cluster - type: string - datastoreReady: - description: DatastoreReady is used during significant datastore migrations - to signal to components such as Felix that it should wait before - accessing the datastore. - type: boolean - variant: - description: Variant declares which variant of Calico should be active. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: FelixConfiguration - listKind: FelixConfigurationList - plural: felixconfigurations - singular: felixconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Felix Configuration contains the configuration for Felix. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FelixConfigurationSpec contains the values of the Felix configuration. - properties: - allowIPIPPacketsFromWorkloads: - description: 'AllowIPIPPacketsFromWorkloads controls whether Felix - will add a rule to drop IPIP encapsulated traffic from workloads - [Default: false]' - type: boolean - allowVXLANPacketsFromWorkloads: - description: 'AllowVXLANPacketsFromWorkloads controls whether Felix - will add a rule to drop VXLAN encapsulated traffic from workloads - [Default: false]' - type: boolean - awsSrcDstCheck: - description: 'Set source-destination-check on AWS EC2 instances. Accepted - value must be one of "DoNothing", "Enable" or "Disable". [Default: - DoNothing]' - enum: - - DoNothing - - Enable - - Disable - type: string - bpfCTLBLogFilter: - description: 'BPFCTLBLogFilter specifies, what is logged by connect - time load balancer when BPFLogLevel is debug. Currently has to be - specified as ''all'' when BPFLogFilters is set to see CTLB logs. - [Default: unset - means logs are emitted when BPFLogLevel id debug - and BPFLogFilters not set.]' - type: string - bpfConnectTimeLoadBalancing: - description: 'BPFConnectTimeLoadBalancing when in BPF mode, controls - whether Felix installs the connect-time load balancer. The connect-time - load balancer is required for the host to be able to reach Kubernetes - services and it improves the performance of pod-to-service connections.When - set to TCP, connect time load balancing is available only for services - with TCP ports. [Default: TCP]' - enum: - - TCP - - Enabled - - Disabled - type: string - bpfConnectTimeLoadBalancingEnabled: - description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, - controls whether Felix installs the connection-time load balancer. The - connect-time load balancer is required for the host to be able to - reach Kubernetes services and it improves the performance of pod-to-service - connections. The only reason to disable it is for debugging purposes. - This will be deprecated. Use BPFConnectTimeLoadBalancing [Default: - true]' - type: boolean - bpfDSROptoutCIDRs: - description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded - from DSR. That is, clients in those CIDRs will accesses nodeports - as if BPFExternalServiceMode was set to Tunnel. - items: - type: string - type: array - bpfDataIfacePattern: - description: BPFDataIfacePattern is a regular expression that controls - which interfaces Felix should attach BPF programs to in order to - catch traffic to/from the network. This needs to match the interfaces - that Calico workload traffic flows over as well as any interfaces - that handle incoming traffic to nodeports and services from outside - the cluster. It should not match the workload interfaces (usually - named cali...). - type: string - bpfDisableGROForIfaces: - description: BPFDisableGROForIfaces is a regular expression that controls - which interfaces Felix should disable the Generic Receive Offload - [GRO] option. It should not match the workload interfaces (usually - named cali...). - type: string - bpfDisableUnprivileged: - description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled - sysctl to disable unprivileged use of BPF. This ensures that unprivileged - users cannot access Calico''s BPF maps and cannot insert their own - BPF programs to interfere with Calico''s. [Default: true]' - type: boolean - bpfEnabled: - description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. - [Default: false]' - type: boolean - bpfEnforceRPF: - description: 'BPFEnforceRPF enforce strict RPF on all host interfaces - with BPF programs regardless of what is the per-interfaces or global - setting. Possible values are Disabled, Strict or Loose. [Default: - Loose]' - pattern: ^(?i)(Disabled|Strict|Loose)?$ - type: string - bpfExcludeCIDRsFromNAT: - description: BPFExcludeCIDRsFromNAT is a list of CIDRs that are to - be excluded from NAT resolution so that host can handle them. A - typical usecase is node local DNS cache. - items: - type: string - type: array - bpfExtToServiceConnmark: - description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit - mark that is set on connections from an external client to a local - service. This mark allows us to control how packets of that connection - are routed within the host and how is routing interpreted by RPF - check. [Default: 0]' - type: integer - bpfExternalServiceMode: - description: 'BPFExternalServiceMode in BPF mode, controls how connections - from outside the cluster to services (node ports and cluster IPs) - are forwarded to remote workloads. If set to "Tunnel" then both - request and response traffic is tunneled to the remote node. If - set to "DSR", the request traffic is tunneled but the response traffic - is sent directly from the remote node. In "DSR" mode, the remote - node appears to use the IP of the ingress node; this requires a - permissive L2 network. [Default: Tunnel]' - pattern: ^(?i)(Tunnel|DSR)?$ - type: string - bpfForceTrackPacketsFromIfaces: - description: 'BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic - from these interfaces to skip Calico''s iptables NOTRACK rule, allowing - traffic from those interfaces to be tracked by Linux conntrack. Should - only be used for interfaces that are not used for the Calico fabric. For - example, a docker bridge device for non-Calico-networked containers. - [Default: docker+]' - items: - type: string - type: array - bpfHostConntrackBypass: - description: 'BPFHostConntrackBypass Controls whether to bypass Linux - conntrack in BPF mode for workloads and services. [Default: true - - bypass Linux conntrack]' - type: boolean - bpfHostNetworkedNATWithoutCTLB: - description: 'BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls - whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing - determines the CTLB behavior. [Default: Enabled]' - enum: - - Enabled - - Disabled - type: string - bpfKubeProxyEndpointSlicesEnabled: - description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has - no effect. BPF kube-proxy always accepts endpoint slices. This option - will be removed in the next release. - type: boolean - bpfKubeProxyIptablesCleanupEnabled: - description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF - mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s - iptables chains. Should only be enabled if kube-proxy is not running. [Default: - true]' - type: boolean - bpfKubeProxyMinSyncPeriod: - description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the - minimum time between updates to the dataplane for Felix''s embedded - kube-proxy. Lower values give reduced set-up latency. Higher values - reduce Felix CPU usage by batching up more work. [Default: 1s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - bpfL3IfacePattern: - description: BPFL3IfacePattern is a regular expression that allows - to list tunnel devices like wireguard or vxlan (i.e., L3 devices) - in addition to BPFDataIfacePattern. That is, tunnel interfaces not - created by Calico, that Calico workload traffic flows over as well - as any interfaces that handle incoming traffic to nodeports and - services from outside the cluster. - type: string - bpfLogFilters: - additionalProperties: - type: string - description: "BPFLogFilters is a map of key=values where the value - is a pcap filter expression and the key is an interface name with - 'all' denoting all interfaces, 'weps' all workload endpoints and - 'heps' all host endpoints. \n When specified as an env var, it accepts - a comma-separated list of key=values. [Default: unset - means all - debug logs are emitted]" - type: object - bpfLogLevel: - description: 'BPFLogLevel controls the log level of the BPF programs - when in BPF dataplane mode. One of "Off", "Info", or "Debug". The - logs are emitted to the BPF trace pipe, accessible with the command - `tc exec bpf debug`. [Default: Off].' - pattern: ^(?i)(Off|Info|Debug)?$ - type: string - bpfMapSizeConntrack: - description: 'BPFMapSizeConntrack sets the size for the conntrack - map. This map must be large enough to hold an entry for each active - connection. Warning: changing the size of the conntrack map can - cause disruption.' - type: integer - bpfMapSizeIPSets: - description: BPFMapSizeIPSets sets the size for ipsets map. The IP - sets map must be large enough to hold an entry for each endpoint - matched by every selector in the source/destination matches in network - policy. Selectors such as "all()" can result in large numbers of - entries (one entry per endpoint in that case). - type: integer - bpfMapSizeIfState: - description: BPFMapSizeIfState sets the size for ifstate map. The - ifstate map must be large enough to hold an entry for each device - (host + workloads) on a host. - type: integer - bpfMapSizeNATAffinity: - type: integer - bpfMapSizeNATBackend: - description: BPFMapSizeNATBackend sets the size for nat back end map. - This is the total number of endpoints. This is mostly more than - the size of the number of services. - type: integer - bpfMapSizeNATFrontend: - description: BPFMapSizeNATFrontend sets the size for nat front end - map. FrontendMap should be large enough to hold an entry for each - nodeport, external IP and each port in each service. - type: integer - bpfMapSizeRoute: - description: BPFMapSizeRoute sets the size for the routes map. The - routes map should be large enough to hold one entry per workload - and a handful of entries per host (enough to cover its own IPs and - tunnel IPs). - type: integer - bpfPSNATPorts: - anyOf: - - type: integer - - type: string - description: 'BPFPSNATPorts sets the range from which we randomly - pick a port if there is a source port collision. This should be - within the ephemeral range as defined by RFC 6056 (1024–65535) and - preferably outside the ephemeral ranges used by common operating - systems. Linux uses 32768–60999, while others mostly use the IANA - defined range 49152–65535. It is not necessarily a problem if this - range overlaps with the operating systems. Both ends of the range - are inclusive. [Default: 20000:29999]' - pattern: ^.* - x-kubernetes-int-or-string: true - bpfPolicyDebugEnabled: - description: BPFPolicyDebugEnabled when true, Felix records detailed - information about the BPF policy programs, which can be examined - with the calico-bpf command-line tool. - type: boolean - chainInsertMode: - description: 'ChainInsertMode controls whether Felix hooks the kernel''s - top-level iptables chains by inserting a rule at the top of the - chain or by appending a rule at the bottom. insert is the safe default - since it prevents Calico''s rules from being bypassed. If you switch - to append mode, be sure that the other rules in the chains signal - acceptance by falling through to the Calico rules, otherwise the - Calico policy will be bypassed. [Default: insert]' - pattern: ^(?i)(insert|append)?$ - type: string - dataplaneDriver: - description: DataplaneDriver filename of the external dataplane driver - to use. Only used if UseInternalDataplaneDriver is set to false. - type: string - dataplaneWatchdogTimeout: - description: "DataplaneWatchdogTimeout is the readiness/liveness timeout - used for Felix's (internal) dataplane driver. Increase this value - if you experience spurious non-ready or non-live events when Felix - is under heavy load. Decrease the value to get felix to report non-live - or non-ready more quickly. [Default: 90s] \n Deprecated: replaced - by the generic HealthTimeoutOverrides." - type: string - debugDisableLogDropping: - type: boolean - debugHost: - description: DebugHost is the host IP or hostname to bind the debug - port to. Only used if DebugPort is set. [Default:localhost] - type: string - debugMemoryProfilePath: - type: string - debugPort: - description: DebugPort if set, enables Felix's debug HTTP port, which - allows memory and CPU profiles to be retrieved. The debug port - is not secure, it should not be exposed to the internet. - type: integer - debugSimulateCalcGraphHangAfter: - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - debugSimulateDataplaneApplyDelay: - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - debugSimulateDataplaneHangAfter: - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction controls what happens to - traffic that goes from a workload endpoint to the host itself (after - the traffic hits the endpoint egress policy). By default Calico - blocks traffic from workload endpoints to the host itself with an - iptables "DROP" action. If you want to allow some or all traffic - from endpoint to host, set this parameter to RETURN or ACCEPT. Use - RETURN if you have your own rules in the iptables "INPUT" chain; - Calico will insert its rules at the top of that chain, then "RETURN" - packets to the "INPUT" chain once it has completed processing workload - endpoint egress policy. Use ACCEPT to unconditionally accept packets - from workloads after processing workload endpoint egress policy. - [Default: Drop]' - pattern: ^(?i)(Drop|Accept|Return)?$ - type: string - deviceRouteProtocol: - description: This defines the route protocol added to programmed device - routes, by default this will be RTPROT_BOOT when left blank. - type: integer - deviceRouteSourceAddress: - description: This is the IPv4 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - deviceRouteSourceAddressIPv6: - description: This is the IPv6 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - disableConntrackInvalidCheck: - type: boolean - endpointReportingDelay: - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - endpointReportingEnabled: - type: boolean - endpointStatusPathPrefix: - description: "EndpointStatusPathPrefix is the path to the directory - where endpoint status will be written. Endpoint status file reporting - is disabled if field is left empty. \n Chosen directory should match - the directory used by the CNI for PodStartupDelay. [Default: \"\"]" - type: string - externalNodesList: - description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes - which may source tunnel traffic and have the tunneled traffic be - accepted at calico nodes. - items: - type: string - type: array - failsafeInboundHostPorts: - description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow incoming traffic to host endpoints - on irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all inbound host ports, use the value - none. The default value allows ssh access and DHCP. [Default: tcp:22, - udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - failsafeOutboundHostPorts: - description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow outgoing traffic from host endpoints - to irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all outbound host ports, use the value - none. The default value opens etcd''s standard ports to ensure that - Felix does not get cut off from etcd as well as allowing DHCP and - DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, - tcp:6667, udp:53, udp:67]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - featureDetectOverride: - description: FeatureDetectOverride is used to override feature detection - based on auto-detected platform capabilities. Values are specified - in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true" - or "false" will force the feature, empty or omitted values are auto-detected. - pattern: ^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$ - type: string - featureGates: - description: FeatureGates is used to enable or disable tech-preview - Calico features. Values are specified in a comma separated list - with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". - This is used to enable features that are not fully production ready. - pattern: ^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$ - type: string - floatingIPs: - description: FloatingIPs configures whether or not Felix will program - non-OpenStack floating IP addresses. (OpenStack-derived floating - IPs are always programmed, regardless of this setting.) - enum: - - Enabled - - Disabled - type: string - genericXDPEnabled: - description: 'GenericXDPEnabled enables Generic XDP so network cards - that don''t support XDP offload or driver modes can use XDP. This - is not recommended since it doesn''t provide better performance - than iptables. [Default: false]' - type: boolean - healthEnabled: - type: boolean - healthHost: - type: string - healthPort: - type: integer - healthTimeoutOverrides: - description: HealthTimeoutOverrides allows the internal watchdog timeouts - of individual subcomponents to be overridden. This is useful for - working around "false positive" liveness timeouts that can occur - in particularly stressful workloads or if CPU is constrained. For - a list of active subcomponents, see Felix's logs. - items: - properties: - name: - type: string - timeout: - type: string - required: - - name - - timeout - type: object - type: array - interfaceExclude: - description: 'InterfaceExclude is a comma-separated list of interfaces - that Felix should exclude when monitoring for host endpoints. The - default value ensures that Felix ignores Kubernetes'' IPVS dummy - interface, which is used internally by kube-proxy. If you want to - exclude multiple interface names using a single value, the list - supports regular expressions. For regular expressions you must wrap - the value with ''/''. For example having values ''/^kube/,veth1'' - will exclude all interfaces that begin with ''kube'' and also the - interface ''veth1''. [Default: kube-ipvs0]' - type: string - interfacePrefix: - description: 'InterfacePrefix is the interface name prefix that identifies - workload endpoints and so distinguishes them from host endpoint - interfaces. Note: in environments other than bare metal, the orchestrators - configure this appropriately. For example our Kubernetes and Docker - integrations set the ''cali'' value, and our OpenStack integration - sets the ''tap'' value. [Default: cali]' - type: string - interfaceRefreshInterval: - description: InterfaceRefreshInterval is the period at which Felix - rescans local interfaces to verify their state. The rescan can be - disabled by setting the interval to 0. - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - ipipEnabled: - description: 'IPIPEnabled overrides whether Felix should configure - an IPIP interface on the host. Optional as Felix determines this - based on the existing IP pools. [Default: nil (unset)]' - type: boolean - ipipMTU: - description: 'IPIPMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' - type: integer - ipsetsRefreshInterval: - description: 'IpsetsRefreshInterval is the period at which Felix re-checks - all iptables state to ensure that no other process has accidentally - broken Calico''s rules. Set to 0 to disable iptables refresh. [Default: - 90s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesBackend: - description: IptablesBackend specifies which backend of iptables will - be used. The default is Auto. - pattern: ^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$ - type: string - iptablesFilterAllowAction: - pattern: ^(?i)(Accept|Return)?$ - type: string - iptablesFilterDenyAction: - description: IptablesFilterDenyAction controls what happens to traffic - that is denied by network policy. By default Calico blocks traffic - with an iptables "DROP" action. If you want to use "REJECT" action - instead you can configure it in here. - pattern: ^(?i)(Drop|Reject)?$ - type: string - iptablesLockFilePath: - description: 'IptablesLockFilePath is the location of the iptables - lock file. You may need to change this if the lock file is not in - its standard location (for example if you have mapped it into Felix''s - container at a different path). [Default: /run/xtables.lock]' - type: string - iptablesLockProbeInterval: - description: 'IptablesLockProbeInterval is the time that Felix will - wait between attempts to acquire the iptables lock if it is not - available. Lower values make Felix more responsive when the lock - is contended, but use more CPU. [Default: 50ms]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesLockTimeout: - description: 'IptablesLockTimeout is the time that Felix will wait - for the iptables lock, or 0, to disable. To use this feature, Felix - must share the iptables lock file with all other processes that - also take the lock. When running Felix inside a container, this - requires the /run directory of the host to be mounted into the calico/node - or calico/felix container. [Default: 0s disabled]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesMangleAllowAction: - pattern: ^(?i)(Accept|Return)?$ - type: string - iptablesMarkMask: - description: 'IptablesMarkMask is the mask that Felix selects its - IPTables Mark bits from. Should be a 32 bit hexadecimal number with - at least 8 bits set, none of which clash with any other mark bits - in use on the system. [Default: 0xff000000]' - format: int32 - type: integer - iptablesNATOutgoingInterfaceFilter: - type: string - iptablesPostWriteCheckInterval: - description: 'IptablesPostWriteCheckInterval is the period after Felix - has done a write to the dataplane that it schedules an extra read - back in order to check the write was not clobbered by another process. - This should only occur if another application on the system doesn''t - respect the iptables lock. [Default: 1s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - iptablesRefreshInterval: - description: 'IptablesRefreshInterval is the period at which Felix - re-checks the IP sets in the dataplane to ensure that no other process - has accidentally broken Calico''s rules. Set to 0 to disable IP - sets refresh. Note: the default for this value is lower than the - other refresh intervals as a workaround for a Linux kernel bug that - was fixed in kernel version 4.11. If you are using v4.11 or greater - you may want to set this to, a higher value to reduce Felix CPU - usage. [Default: 10s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - ipv6Support: - description: IPv6Support controls whether Felix enables support for - IPv6 (if supported by the in-use dataplane). - type: boolean - kubeNodePortRanges: - description: 'KubeNodePortRanges holds list of port ranges used for - service node ports. Only used if felix detects kube-proxy running - in ipvs mode. Felix uses these ranges to separate host and workload - traffic. [Default: 30000:32767].' - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - logDebugFilenameRegex: - description: LogDebugFilenameRegex controls which source code files - have their Debug log output included in the logs. Only logs from - files with names that match the given regular expression are included. The - filter only applies to Debug level logs. - type: string - logFilePath: - description: 'LogFilePath is the full path to the Felix log. Set to - none to disable file logging. [Default: /var/log/calico/felix.log]' - type: string - logPrefix: - description: 'LogPrefix is the log prefix that Felix uses when rendering - LOG rules. [Default: calico-packet]' - type: string - logSeverityFile: - description: 'LogSeverityFile is the log severity above which logs - are sent to the log file. [Default: Info]' - pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$ - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$ - type: string - logSeveritySys: - description: 'LogSeveritySys is the log severity above which logs - are sent to the syslog. Set to None for no logging to syslog. [Default: - Info]' - pattern: ^(?i)(Debug|Info|Warning|Error|Fatal)?$ - type: string - maxIpsetSize: - type: integer - metadataAddr: - description: 'MetadataAddr is the IP address or domain name of the - server that can answer VM queries for cloud-init metadata. In OpenStack, - this corresponds to the machine running nova-api (or in Ubuntu, - nova-api-metadata). A value of none (case-insensitive) means that - Felix should not set up any NAT rule for the metadata path. [Default: - 127.0.0.1]' - type: string - metadataPort: - description: 'MetadataPort is the port of the metadata server. This, - combined with global.MetadataAddr (if not ''None''), is used to - set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. - In most cases this should not need to be changed [Default: 8775].' - type: integer - mtuIfacePattern: - description: MTUIfacePattern is a regular expression that controls - which interfaces Felix should scan in order to calculate the host's - MTU. This should not match workload interfaces (usually named cali...). - type: string - natOutgoingAddress: - description: NATOutgoingAddress specifies an address to use when performing - source NAT for traffic in a natOutgoing pool that is leaving the - network. By default the address used is an address on the interface - the traffic is leaving on (ie it uses the iptables MASQUERADE target) - type: string - natPortRange: - anyOf: - - type: integer - - type: string - description: NATPortRange specifies the range of ports that is used - for port mapping when doing outgoing NAT. When unset the default - behavior of the network stack is used. - pattern: ^.* - x-kubernetes-int-or-string: true - netlinkTimeout: - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - openstackRegion: - description: 'OpenstackRegion is the name of the region that a particular - Felix belongs to. In a multi-region Calico/OpenStack deployment, - this must be configured somehow for each Felix (here in the datamodel, - or in felix.cfg or the environment on each compute node), and must - match the [calico] openstack_region value configured in neutron.conf - on each node. [Default: Empty]' - type: string - policySyncPathPrefix: - description: 'PolicySyncPathPrefix is used to by Felix to communicate - policy changes to external services, like Application layer policy. - [Default: Empty]' - type: string - prometheusGoMetricsEnabled: - description: 'PrometheusGoMetricsEnabled disables Go runtime metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled enables the Prometheus metrics - server in Felix if set to true. [Default: false]' - type: boolean - prometheusMetricsHost: - description: 'PrometheusMetricsHost is the host that the Prometheus - metrics server should bind to. [Default: empty]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. [Default: 9091]' - type: integer - prometheusProcessMetricsEnabled: - description: 'PrometheusProcessMetricsEnabled disables process metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusWireGuardMetricsEnabled: - description: 'PrometheusWireGuardMetricsEnabled disables wireguard - metrics collection, which the Prometheus client does by default, - when set to false. This reduces the number of metrics reported, - reducing Prometheus load. [Default: true]' - type: boolean - removeExternalRoutes: - description: Whether or not to remove device routes that have not - been programmed by Felix. Disabling this will allow external applications - to also add device routes. This is enabled by default which means - we will remove externally added routes. - type: boolean - reportingInterval: - description: 'ReportingInterval is the interval at which Felix reports - its status into the datastore or 0 to disable. Must be non-zero - in OpenStack deployments. [Default: 30s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - reportingTTL: - description: 'ReportingTTL is the time-to-live setting for process-wide - status reports. [Default: 90s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - routeRefreshInterval: - description: 'RouteRefreshInterval is the period at which Felix re-checks - the routes in the dataplane to ensure that no other process has - accidentally broken Calico''s rules. Set to 0 to disable route refresh. - [Default: 90s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - routeSource: - description: 'RouteSource configures where Felix gets its routing - information. - WorkloadIPs: use workload endpoints to construct - routes. - CalicoIPAM: the default - use IPAM data to construct routes.' - pattern: ^(?i)(WorkloadIPs|CalicoIPAM)?$ - type: string - routeSyncDisabled: - description: RouteSyncDisabled will disable all operations performed - on the route table. Set to true to run in network-policy mode only. - type: boolean - routeTableRange: - description: Deprecated in favor of RouteTableRanges. Calico programs - additional Linux route tables for various purposes. RouteTableRange - specifies the indices of the route tables that Calico should use. - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - routeTableRanges: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRanges specifies a set of table index ranges - that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`. - items: - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - type: array - serviceLoopPrevention: - description: 'When service IP advertisement is enabled, prevent routing - loops to service IPs that are not in use, by dropping or rejecting - packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled", - in which case such routing loops continue to be allowed. [Default: - Drop]' - pattern: ^(?i)(Drop|Reject|Disabled)?$ - type: string - sidecarAccelerationEnabled: - description: 'SidecarAccelerationEnabled enables experimental sidecar - acceleration [Default: false]' - type: boolean - usageReportingEnabled: - description: 'UsageReportingEnabled reports anonymous Calico version - number and cluster size to projectcalico.org. Logs warnings returned - by the usage server. For example, if a significant security vulnerability - has been discovered in the version of Calico being used. [Default: - true]' - type: boolean - usageReportingInitialDelay: - description: 'UsageReportingInitialDelay controls the minimum delay - before Felix makes a report. [Default: 300s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - usageReportingInterval: - description: 'UsageReportingInterval controls the interval at which - Felix makes reports. [Default: 86400s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - useInternalDataplaneDriver: - description: UseInternalDataplaneDriver, if true, Felix will use its - internal dataplane programming logic. If false, it will launch - an external dataplane driver and communicate with it over protobuf. - type: boolean - vxlanEnabled: - description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix - determines this based on the existing IP pools. [Default: nil (unset)]' - type: boolean - vxlanMTU: - description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel - device. See Configuring MTU [Default: 1410]' - type: integer - vxlanMTUV6: - description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel - device. See Configuring MTU [Default: 1390]' - type: integer - vxlanPort: - type: integer - vxlanVNI: - type: integer - windowsManageFirewallRules: - description: 'WindowsManageFirewallRules configures whether or not - Felix will program Windows Firewall rules. (to allow inbound access - to its own metrics ports) [Default: Disabled]' - enum: - - Enabled - - Disabled - type: string - wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled - for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). - [Default: false]' - type: boolean - wireguardEnabledV6: - description: 'WireguardEnabledV6 controls whether Wireguard is enabled - for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). - [Default: false]' - type: boolean - wireguardHostEncryptionEnabled: - description: 'WireguardHostEncryptionEnabled controls whether Wireguard - host-to-host encryption is enabled. [Default: false]' - type: boolean - wireguardInterfaceName: - description: 'WireguardInterfaceName specifies the name to use for - the IPv4 Wireguard interface. [Default: wireguard.cali]' - type: string - wireguardInterfaceNameV6: - description: 'WireguardInterfaceNameV6 specifies the name to use for - the IPv6 Wireguard interface. [Default: wg-v6.cali]' - type: string - wireguardKeepAlive: - description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive - option. Set 0 to disable. [Default: 0]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - wireguardListeningPort: - description: 'WireguardListeningPort controls the listening port used - by IPv4 Wireguard. [Default: 51820]' - type: integer - wireguardListeningPortV6: - description: 'WireguardListeningPortV6 controls the listening port - used by IPv6 Wireguard. [Default: 51821]' - type: integer - wireguardMTU: - description: 'WireguardMTU controls the MTU on the IPv4 Wireguard - interface. See Configuring MTU [Default: 1440]' - type: integer - wireguardMTUV6: - description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard - interface. See Configuring MTU [Default: 1420]' - type: integer - wireguardRoutingRulePriority: - description: 'WireguardRoutingRulePriority controls the priority value - to use for the Wireguard routing rule. [Default: 99]' - type: integer - wireguardThreadingEnabled: - description: 'WireguardThreadingEnabled controls whether Wireguard - has NAPI threading enabled. [Default: false]' - type: boolean - workloadSourceSpoofing: - description: WorkloadSourceSpoofing controls whether pods can use - the allowedSourcePrefixes annotation to send traffic with a source - IP address that is not theirs. This is disabled by default. When - set to "Any", pods can request any prefix. - pattern: ^(?i)(Disabled|Any)?$ - type: string - xdpEnabled: - description: 'XDPEnabled enables XDP acceleration for suitable untracked - incoming deny rules. [Default: true]' - type: boolean - xdpRefreshInterval: - description: 'XDPRefreshInterval is the period at which Felix re-checks - all XDP state to ensure that no other process has accidentally broken - Calico''s BPF maps or attached programs. Set to 0 to disable XDP - refresh. [Default: 90s]' - pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkPolicy - listKind: GlobalNetworkPolicyList - plural: globalnetworkpolicies - singular: globalnetworkpolicy - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - description: ApplyOnForward indicates to apply the rules in this policy - on forward traffic. - type: boolean - doNotTrack: - description: DoNotTrack indicates whether packets matched by the rules - in this policy should go through the data plane's connection tracking, - such as Linux conntrack. If True, the rules in this policy are - applied before any data plane connection tracking, and packets allowed - by this policy are marked as not to be tracked. - type: boolean - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - description: NamespaceSelector is an optional field for an expression - used to select a pod based on namespaces. - type: string - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - performanceHints: - description: "PerformanceHints contains a list of hints to Calico's - policy engine to help process the policy more efficiently. Hints - never change the enforcement behaviour of the policy. \n Currently, - the only available hint is \"AssumeNeededOnEveryNode\". When that - hint is set on a policy, Felix will act as if the policy matches - a local endpoint even if it does not. This is useful for \"preloading\" - any large static policies that are known to be used on every node. - If the policy is _not_ used on a particular node then the work done - to preload the policy (and to maintain it) is wasted." - items: - type: string - type: array - preDNAT: - description: PreDNAT indicates to apply the rules in this policy before - any DNAT. - type: boolean - selector: - description: "The selector is an expression used to pick out the endpoints - that the policy should be applied to. \n Selector expressions follow - this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g. - my_label == \"foo bar\" \tlabel != \"string_literal\" -> not - equal; also matches if label is not present \tlabel in { \"a\", - \"b\", \"c\", ... } -> true if the value of label X is one of - \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } - \ -> true if the value of label X is not one of \"a\", \"b\", \"c\" - \thas(label_name) -> True if that label is present \t! expr -> - negation of expr \texpr && expr -> Short-circuit and \texpr || - expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress rules are present in the policy. The - default is: \n - [ PolicyTypeIngress ], if there are no Egress rules - (including the case where there are also no Ingress rules) \n - - [ PolicyTypeEgress ], if there are Egress rules but no Ingress - rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are - both Ingress and Egress rules. \n When the policy is read back again, - Types will always be one of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkSet - listKind: GlobalNetworkSetList - plural: globalnetworksets - singular: globalnetworkset - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs - that share labels to allow rules to refer to them via selectors. The labels - of GlobalNetworkSet are not namespaced. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GlobalNetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: HostEndpoint - listKind: HostEndpointList - plural: hostendpoints - singular: hostendpoint - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostEndpointSpec contains the specification for a HostEndpoint - resource. - properties: - expectedIPs: - description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. - If \"InterfaceName\" is not present, Calico will look for an interface - matching any of the IPs in the list and apply policy to that. Note: - \tWhen using the selector match criteria in an ingress or egress - security Policy \tor Profile, Calico converts the selector into - a set of IP addresses. For host \tendpoints, the ExpectedIPs field - is used for that purpose. (If only the interface \tname is specified, - Calico does not learn the IPs of the interface for use in match - \tcriteria.)" - items: - type: string - type: array - interfaceName: - description: "Either \"*\", or the name of a specific Linux interface - to apply policy to; or empty. \"*\" indicates that this HostEndpoint - governs all traffic to, from or through the default network namespace - of the host named by the \"Node\" field; entering and leaving that - namespace via any interface, including those from/to non-host-networked - local workloads. \n If InterfaceName is not \"*\", this HostEndpoint - only governs traffic that enters or leaves the host through the - specific interface named by InterfaceName, or - when InterfaceName - is empty - through the specific interface that has one of the IPs - in ExpectedIPs. Therefore, when InterfaceName is empty, at least - one expected IP must be specified. Only external interfaces (such - as \"eth0\") are supported here; it isn't possible for a HostEndpoint - to protect traffic through a specific local workload interface. - \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; - initially just pre-DNAT policy. Please check Calico documentation - for the latest position." - type: string - node: - description: The node name identifying the Calico node instance. - type: string - ports: - description: Ports contains the endpoint's named ports, which may - be referenced in security policy rules. - items: - properties: - name: - type: string - port: - type: integer - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - required: - - name - - port - - protocol - type: object - type: array - profiles: - description: A list of identifiers of security Profile objects that - apply to this endpoint. Each profile is applied in the order that - they appear in this list. Profile rules are applied after the selector-based - security policy. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMBlock - listKind: IPAMBlockList - plural: ipamblocks - singular: ipamblock - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMBlockSpec contains the specification for an IPAMBlock - resource. - properties: - affinity: - description: Affinity of the block, if this block has one. If set, - it will be of the form "host:". If not set, this block - is not affine to a host. - type: string - allocations: - description: Array of allocations in-use within this block. nil entries - mean the allocation is free. For non-nil entries at index i, the - index is the ordinal of the allocation within this block and the - value is the index of the associated attributes in the Attributes - array. - items: - type: integer - # TODO: This nullable is manually added in. We should update controller-gen - # to handle []*int properly itself. - nullable: true - type: array - attributes: - description: Attributes is an array of arbitrary metadata associated - with allocations in the block. To find attributes for a given allocation, - use the value of the allocation's entry in the Allocations array - as the index of the element in this array. - items: - properties: - handle_id: - type: string - secondary: - additionalProperties: - type: string - type: object - type: object - type: array - cidr: - description: The block's CIDR. - type: string - deleted: - description: Deleted is an internal boolean used to workaround a limitation - in the Kubernetes API whereby deletion will not return a conflict - error if the block has been updated. It should not be set manually. - type: boolean - sequenceNumber: - default: 0 - description: We store a sequence number that is updated each time - the block is written. Each allocation will also store the sequence - number of the block at the time of its creation. When releasing - an IP, passing the sequence number associated with the allocation - allows us to protect against a race condition and ensure the IP - hasn't been released and re-allocated since the release request. - format: int64 - type: integer - sequenceNumberForAllocation: - additionalProperties: - format: int64 - type: integer - description: Map of allocated ordinal within the block to sequence - number of the block at the time of allocation. Kubernetes does not - allow numerical keys for maps, so the key is cast to a string. - type: object - strictAffinity: - description: StrictAffinity on the IPAMBlock is deprecated and no - longer used by the code. Use IPAMConfig StrictAffinity instead. - type: boolean - unallocated: - description: Unallocated is an ordered list of allocations which are - free in the block. - items: - type: integer - type: array - required: - - allocations - - attributes - - cidr - - strictAffinity - - unallocated - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMConfig - listKind: IPAMConfigList - plural: ipamconfigs - singular: ipamconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMConfigSpec contains the specification for an IPAMConfig - resource. - properties: - autoAllocateBlocks: - type: boolean - maxBlocksPerHost: - description: MaxBlocksPerHost, if non-zero, is the max number of blocks - that can be affine to each host. - maximum: 2147483647 - minimum: 0 - type: integer - strictAffinity: - type: boolean - required: - - autoAllocateBlocks - - strictAffinity - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMHandle - listKind: IPAMHandleList - plural: ipamhandles - singular: ipamhandle - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMHandleSpec contains the specification for an IPAMHandle - resource. - properties: - block: - additionalProperties: - type: integer - type: object - deleted: - type: boolean - handleID: - type: string - required: - - block - - handleID - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPPool - listKind: IPPoolList - plural: ippools - singular: ippool - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPPoolSpec contains the specification for an IPPool resource. - properties: - allowedUses: - description: AllowedUse controls what the IP pool will be used for. If - not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility - items: - type: string - type: array - blockSize: - description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 122 for IPv6. - type: integer - cidr: - description: The pool CIDR. - type: string - disableBGPExport: - description: 'Disable exporting routes from this IP Pool''s CIDR over - BGP. [Default: false]' - type: boolean - disabled: - description: When disabled is true, Calico IPAM will not assign addresses - from this pool. - type: boolean - ipip: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - properties: - enabled: - description: When enabled is true, ipip tunneling will be used - to deliver packets to destinations within this pool. - type: boolean - mode: - description: The IPIP mode. This can be one of "always" or "cross-subnet". A - mode of "always" will also use IPIP tunneling for routing to - destination IP addresses within this pool. A mode of "cross-subnet" - will only use IPIP tunneling when the destination node is on - a different subnet to the originating node. The default value - (if not specified) is "always". - type: string - type: object - ipipMode: - description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling - is disabled). - type: string - nat-outgoing: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - type: boolean - natOutgoing: - description: When natOutgoing is true, packets sent from Calico networked - containers in this pool to destinations outside of this pool will - be masqueraded. - type: boolean - nodeSelector: - description: Allows IPPool to allocate for a specific node by label - selector. - type: string - vxlanMode: - description: Contains configuration for VXLAN tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunneling is disabled). - type: string - required: - - cidr - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipreservations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPReservation - listKind: IPReservationList - plural: ipreservations - singular: ipreservation - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPReservationSpec contains the specification for an IPReservation - resource. - properties: - reservedCIDRs: - description: ReservedCIDRs is a list of CIDRs and/or IP addresses - that Calico IPAM will exclude from new allocations. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: KubeControllersConfiguration - listKind: KubeControllersConfigurationList - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeControllersConfigurationSpec contains the values of the - Kubernetes controllers configuration. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host endpoints. - Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation of - host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the controller - to determine if an IP address has been leaked. Set to 0 - to disable IP garbage collection. [Default: 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: 9094]' - type: integer - required: - - controllers - type: object - status: - description: KubeControllersConfigurationStatus represents the status - of the configuration. It's useful for admins to be able to see the actual - config that was applied, which can be modified by environment variables - on the kube-controllers process. - properties: - environmentVars: - additionalProperties: - type: string - description: EnvironmentVars contains the environment variables on - the kube-controllers that influenced the RunningConfig. - type: object - runningConfig: - description: RunningConfig contains the effective config that is running - in the kube-controllers pod, after merging the API resource with - any environment variables. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace - controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host - endpoints. Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation - of host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the - controller to determine if an IP address has been leaked. - Set to 0 to disable IP garbage collection. [Default: - 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which - logs are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: - 9094]' - type: integer - required: - - controllers - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkPolicy - listKind: NetworkPolicyList - plural: networkpolicies - singular: networkpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - performanceHints: - description: "PerformanceHints contains a list of hints to Calico's - policy engine to help process the policy more efficiently. Hints - never change the enforcement behaviour of the policy. \n Currently, - the only available hint is \"AssumeNeededOnEveryNode\". When that - hint is set on a policy, Felix will act as if the policy matches - a local endpoint even if it does not. This is useful for \"preloading\" - any large static policies that are known to be used on every node. - If the policy is _not_ used on a particular node then the work done - to preload the policy (and to maintain it) is wasted." - items: - type: string - type: array - selector: - description: "The selector is an expression used to pick out the endpoints - that the policy should be applied to. \n Selector expressions follow - this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g. - my_label == \"foo bar\" \tlabel != \"string_literal\" -> not - equal; also matches if label is not present \tlabel in { \"a\", - \"b\", \"c\", ... } -> true if the value of label X is one of - \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } - \ -> true if the value of label X is not one of \"a\", \"b\", \"c\" - \thas(label_name) -> True if that label is present \t! expr -> - negation of expr \texpr && expr -> Short-circuit and \texpr || - expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress are present in the policy. The default - is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including - the case where there are also no Ingress rules) \n - [ PolicyTypeEgress - ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, - PolicyTypeEgress ], if there are both Ingress and Egress rules. - \n When the policy is read back again, Types will always be one - of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/kdd-crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkSet - listKind: NetworkSetList - plural: networksets - singular: networkset - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: calico/templates/calico-kube-controllers-rbac.yaml -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are watched to check for existence as part of IPAM controller. - - apiGroups: [""] - resources: - - pods - verbs: - - get - - list - - watch - # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipreservations - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - watch - # Pools are watched to maintain a mapping of blocks to IP pools. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - watch - # kube-controllers manages hostendpoints. - - apiGroups: ["crd.projectcalico.org"] - resources: - - hostendpoints - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - list - - create - - update - - watch - # KubeControllersConfiguration is where it gets its config - - apiGroups: ["crd.projectcalico.org"] - resources: - - kubecontrollersconfigurations - verbs: - # read its own config - - get - - list - # create a default if none exists - - create - # update status - - update - # watch for changes - - watch ---- -# Source: calico/templates/calico-node-rbac.yaml -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node -rules: - # Used for creating service account tokens to be used by the CNI plugin - - apiGroups: [""] - resources: - - serviceaccounts/token - resourceNames: - - calico-cni-plugin - verbs: - - create - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - # EndpointSlices are used for Service-based network policy rule - # enforcement. - - apiGroups: ["discovery.k8s.io"] - resources: - - endpointslices - verbs: - - watch - - list - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - # Pod CIDR auto-detection on kubeadm needs access to config maps. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - bgpfilters - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipreservations - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - - blockaffinities - - caliconodestatuses - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico must update some CRDs. - - apiGroups: ["crd.projectcalico.org"] - resources: - - caliconodestatuses - verbs: - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only required for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # The CNI plugin and calico/node need to be able to create a default - # IPAMConfiguration - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - - create - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get ---- -# Source: calico/templates/calico-node-rbac.yaml -# CNI cluster role -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-cni-plugin -rules: - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - - clusterinformations - - ippools - - ipreservations - - ipamconfigs - verbs: - - get - - list - - create - - update - - delete ---- -# Source: calico/templates/calico-kube-controllers-rbac.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- -# Source: calico/templates/calico-node-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system ---- -# Source: calico/templates/calico-node-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-cni-plugin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-cni-plugin -subjects: -- kind: ServiceAccount - name: calico-cni-plugin - namespace: kube-system ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the calico-node container, as well -# as the CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: docker.io/calico/cni:v3.28.3 - imagePullPolicy: IfNotPresent - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - securityContext: - privileged: true - # This container installs the CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: docker.io/calico/cni:v3.28.3 - imagePullPolicy: IfNotPresent - command: ["/opt/cni/bin/install"] - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - securityContext: - privileged: true - # This init container mounts the necessary filesystems needed by the BPF data plane - # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed - # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - - name: "mount-bpffs" - image: docker.io/calico/node:v3.28.3 - imagePullPolicy: IfNotPresent - command: ["calico-node", "-init", "-best-effort"] - volumeMounts: - - mountPath: /sys/fs - name: sys-fs - # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - - mountPath: /var/run/calico - name: var-run-calico - # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary, - # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly. - - mountPath: /nodeproc - name: nodeproc - readOnly: true - securityContext: - privileged: true - containers: - # Runs calico-node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: docker.io/calico/node:v3.28.3 - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "autodetect" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # Enable or Disable VXLAN on the default IP pool. - - name: CALICO_IPV4POOL_VXLAN - value: "Never" - # Enable or Disable VXLAN on the default IPv6 IP pool. - - name: CALICO_IPV6POOL_VXLAN - value: "Never" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the VXLAN tunnel device. - - name: FELIX_VXLANMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the Wireguard tunnel device. - - name: FELIX_WIREGUARDMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - # - name: CALICO_IPV4POOL_CIDR - # value: "192.168.0.0/16" - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - - name: FELIX_HEALTHENABLED - value: "true" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - lifecycle: - preStop: - exec: - command: - - /bin/calico-node - - -shutdown - livenessProbe: - exec: - command: - - /bin/calico-node - - -felix-live - - -bird-live - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - - -bird-ready - periodSeconds: 10 - timeoutSeconds: 10 - volumeMounts: - # For maintaining CNI plugin API credentials. - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - readOnly: false - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the - # parent directory. - - name: bpffs - mountPath: /sys/fs/bpf - - name: cni-log-dir - mountPath: /var/log/calico/cni - readOnly: true - volumes: - # Used by calico-node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - type: DirectoryOrCreate - - name: var-lib-calico - hostPath: - path: /var/lib/calico - type: DirectoryOrCreate - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - - name: sys-fs - hostPath: - path: /sys/fs/ - type: DirectoryOrCreate - - name: bpffs - hostPath: - path: /sys/fs/bpf - type: Directory - # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs. - - name: nodeproc - hostPath: - path: /proc - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - type: DirectoryOrCreate - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Used to access CNI logs. - - name: cni-log-dir - hostPath: - path: /var/log/calico/cni - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks - # Used to create per-pod Unix Domain Sockets - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent ---- -# Source: calico/templates/calico-kube-controllers.yaml -# See https://github.com/projectcalico/kube-controllers -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - # The controllers can only have a single active instance. - replicas: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - nodeSelector: - kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - serviceAccountName: calico-kube-controllers - priorityClassName: system-cluster-critical - containers: - - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.28.3 - imagePullPolicy: IfNotPresent - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - livenessProbe: - exec: - command: - - /usr/bin/check-status - - -l - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - periodSeconds: 10 diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml deleted file mode 100644 index 19f3f953..00000000 --- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-role-bindings.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: system:cloud-node-controller - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-node-controller - subjects: - - kind: ServiceAccount - name: cloud-node-controller - namespace: kube-system -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: system:cloud-controller-manager - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager - subjects: - - kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system -kind: List -metadata: {} \ No newline at end of file diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml deleted file mode 100644 index 93a47b74..00000000 --- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/cloud-controller-manager-roles.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: system:cloud-controller-manager - rules: - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - '*' - - apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch - - apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get - - apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - '*' - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - get - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: system:cloud-node-controller - rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - '*' - - apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -kind: List -metadata: {} diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml deleted file mode 100644 index 6f54c7ec..00000000 --- a/installers/flux/templates/sw-catalogs/cloud-resources/capi/openstack-kubeadm/manifests/post-install/openstack-cloud-controller-manager-ds.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cloud-controller-manager - namespace: kube-system ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: openstack-cloud-controller-manager - namespace: kube-system - labels: - k8s-app: openstack-cloud-controller-manager -spec: - selector: - matchLabels: - k8s-app: openstack-cloud-controller-manager - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - k8s-app: openstack-cloud-controller-manager - spec: - nodeSelector: - node-role.kubernetes.io/control-plane: "" - securityContext: - runAsUser: 1001 - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - effect: NoSchedule - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - serviceAccountName: cloud-controller-manager - containers: - - name: openstack-cloud-controller-manager - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.31.2 - args: - - /bin/openstack-cloud-controller-manager - - --v=1 - - --cluster-name=$(CLUSTER_NAME) - - --cloud-config=$(CLOUD_CONFIG) - - --cloud-provider=openstack - - --use-service-account-credentials=false - - --bind-address=127.0.0.1 - volumeMounts: - - mountPath: /etc/kubernetes/pki - name: k8s-certs - readOnly: true - - mountPath: /etc/ssl/certs - name: ca-certs - readOnly: true - - mountPath: /etc/config - name: cloud-config-volume - readOnly: true - resources: - requests: - cpu: 200m - env: - - name: CLOUD_CONFIG - value: /etc/config/cloud.conf - - name: CLUSTER_NAME - value: kubernetes - dnsPolicy: ClusterFirst - hostNetwork: true - volumes: - - hostPath: - path: /etc/kubernetes/pki - type: DirectoryOrCreate - name: k8s-certs - - hostPath: - path: /etc/ssl/certs - type: DirectoryOrCreate - name: ca-certs - - name: cloud-config-volume - secret: - secretName: cloud-config diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml deleted file mode 100644 index 49ea5961..00000000 --- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/core-controller/core.yaml +++ /dev/null @@ -1,14850 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-system ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-selfsigned-issuer - namespace: capi-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-serving-cert - namespace: capi-system -spec: - dnsNames: - - capi-webhook-service.capi-system.svc - - capi-webhook-service.capi-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-selfsigned-issuer - secretName: capi-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: clusterclasses.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterClass - listKind: ClusterClassList - plural: clusterclasses - shortNames: - - cc - singular: clusterclass - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ClusterClass - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterClass is a template which can be used to create managed topologies. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. - properties: - controlPlane: - description: |- - controlPlane is a reference to a local struct that holds the details - for provisioning the Control Plane for the Cluster. - properties: - machineInfrastructure: - description: |- - MachineTemplate defines the metadata and infrastructure information - for control plane machines. - - This field is supported if and only if the control plane provider template - referenced above is Machine based and supports setting replicas. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - metadata is the metadata applied to the machines of the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the topology. - - This field is supported if and only if the control plane provider template - referenced is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - infrastructure is a reference to a provider-specific template that holds - the details for provisioning infrastructure specific cluster - for the underlying provider. - The underlying provider is responsible for the implementation - of the template to an infrastructure cluster. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - workers: - description: |- - workers describes the worker nodes for the cluster. - It is a collection of node types which can be used to create - the worker nodes of the cluster. - properties: - machineDeployments: - description: |- - machineDeployments is a list of machine deployment classes that can be used to create - a set of worker nodes. - items: - description: |- - MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster - provisioned using the `ClusterClass`. - properties: - class: - description: |- - class denotes a type of worker node present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachineDeployment. - type: string - template: - description: |- - template is a local struct containing a collection of templates for creation of - MachineDeployment objects representing a set of worker nodes. - properties: - bootstrap: - description: |- - bootstrap contains the bootstrap template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - infrastructure contains the infrastructure template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - metadata is the metadata applied to the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - type: object - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterClass - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterClass is a template which can be used to create managed - topologies. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. - properties: - controlPlane: - description: |- - controlPlane is a reference to a local struct that holds the details - for provisioning the Control Plane for the Cluster. - properties: - machineHealthCheck: - description: |- - machineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. - This field is supported if and only if the ControlPlane provider template - referenced above is Machine based and supports setting replicas. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - nodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - machineInfrastructure: - description: |- - machineInfrastructure defines the metadata and infrastructure information - for control plane machines. - - This field is supported if and only if the control plane provider template - referenced above is Machine based and supports setting replicas. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the - ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the topology. - - This field is supported if and only if the control plane provider template - referenced is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - namingStrategy: - description: namingStrategy allows changing the naming pattern - used when creating the control plane provider object. - properties: - template: - description: |- - template defines the template to use for generating the name of the ControlPlane object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - type: string - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - infrastructure is a reference to a provider-specific template that holds - the details for provisioning infrastructure specific cluster - for the underlying provider. - The underlying provider is responsible for the implementation - of the template to an infrastructure cluster. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - patches: - description: |- - patches defines the patches which are applied to customize - referenced templates of a ClusterClass. - Note: Patches will be applied in the order of the array. - items: - description: ClusterClassPatch defines a patch which is applied - to customize the referenced templates. - properties: - definitions: - description: |- - definitions define inline patches. - Note: Patches will be applied in the order of the array. - Note: Exactly one of Definitions or External must be set. - items: - description: PatchDefinition defines a patch which is applied - to customize the referenced templates. - properties: - jsonPatches: - description: |- - jsonPatches defines the patches which should be applied on the templates - matching the selector. - Note: Patches will be applied in the order of the array. - items: - description: JSONPatch defines a JSON patch. - properties: - op: - description: |- - op defines the operation of the patch. - Note: Only `add`, `replace` and `remove` are supported. - type: string - path: - description: |- - path defines the path of the patch. - Note: Only the spec of a template can be patched, thus the path has to start with /spec/. - Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: - * for op: `add`: only index 0 (prepend) and - (append) are allowed - * for op: `replace` or `remove`: no indexes are allowed - type: string - value: - description: |- - value defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - Note: We have to use apiextensionsv1.JSON instead of our JSON type, - because controller-tools has a hard-coded schema for apiextensionsv1.JSON - which cannot be produced by another type (unset type field). - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: |- - valueFrom defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - properties: - template: - description: |- - template is the Go template to be used to calculate the value. - A template can reference variables defined in .spec.variables and builtin variables. - Note: The template must evaluate to a valid YAML or JSON value. - type: string - variable: - description: |- - variable is the variable to be used as value. - Variable can be one of the variables defined in .spec.variables or a builtin variable. - type: string - type: object - required: - - op - - path - type: object - type: array - selector: - description: selector defines on which templates the patch - should be applied. - properties: - apiVersion: - description: apiVersion filters templates by apiVersion. - type: string - kind: - description: kind filters templates by kind. - type: string - matchResources: - description: matchResources selects templates based - on where they are referenced. - properties: - controlPlane: - description: |- - controlPlane selects templates referenced in .spec.ControlPlane. - Note: this will match the controlPlane and also the controlPlane - machineInfrastructure (depending on the kind and apiVersion). - type: boolean - infrastructureCluster: - description: infrastructureCluster selects templates - referenced in .spec.infrastructure. - type: boolean - machineDeploymentClass: - description: |- - machineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in - .spec.workers.machineDeployments. - properties: - names: - description: names selects templates by class - names. - items: - type: string - type: array - type: object - machinePoolClass: - description: |- - machinePoolClass selects templates referenced in specific MachinePoolClasses in - .spec.workers.machinePools. - properties: - names: - description: names selects templates by class - names. - items: - type: string - type: array - type: object - type: object - required: - - apiVersion - - kind - - matchResources - type: object - required: - - jsonPatches - - selector - type: object - type: array - description: - description: description is a human-readable description of - this patch. - type: string - enabledIf: - description: |- - enabledIf is a Go template to be used to calculate if a patch should be enabled. - It can reference variables defined in .spec.variables and builtin variables. - The patch will be enabled if the template evaluates to `true`, otherwise it will - be disabled. - If EnabledIf is not set, the patch will be enabled per default. - type: string - external: - description: |- - external defines an external patch. - Note: Exactly one of Definitions or External must be set. - properties: - discoverVariablesExtension: - description: discoverVariablesExtension references an extension - which is called to discover variables. - type: string - generateExtension: - description: generateExtension references an extension which - is called to generate patches. - type: string - settings: - additionalProperties: - type: string - description: |- - settings defines key value pairs to be passed to the extensions. - Values defined here take precedence over the values defined in the - corresponding ExtensionConfig. - type: object - validateExtension: - description: validateExtension references an extension which - is called to validate the topology. - type: string - type: object - name: - description: name of the patch. - type: string - required: - - name - type: object - type: array - variables: - description: |- - variables defines the variables which can be configured - in the Cluster topology and are then used in patches. - items: - description: |- - ClusterClassVariable defines a variable which can - be configured in the Cluster topology and used in patches. - properties: - metadata: - description: |- - metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please use XMetadata in JSONSchemaProps instead. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - name: - description: name of the variable. - type: string - required: - description: |- - required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - openAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - additionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - allOf: - description: |- - allOf specifies that the variable must validate against all of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - anyOf: - description: |- - anyOf specifies that the variable must validate against one or more of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: description is a human-readable description - of this variable. - type: string - enum: - description: |- - enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - exclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - exclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - maxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - maxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maxProperties: - description: |- - maxProperties is the maximum amount of entries in a map or properties in an object. - NOTE: Can only be set if type is object. - format: int64 - type: integer - maximum: - description: |- - maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - minItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - minLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minProperties: - description: |- - minProperties is the minimum amount of entries in a map or properties in an object. - NOTE: Can only be set if type is object. - format: int64 - type: integer - minimum: - description: |- - minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - not: - description: |- - not specifies that the variable must not validate against the subschema. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - oneOf: - description: |- - oneOf specifies that the variable must validate against exactly one of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - pattern: - description: |- - pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - uniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-int-or-string: - description: |- - x-kubernetes-int-or-string specifies that this value is - either an integer or a string. If this is true, an empty - type is allowed and type as child of anyOf is permitted - if following one of the following patterns: - - 1) anyOf: - - type: integer - - type: string - 2) allOf: - - anyOf: - - type: integer - - type: string - - ... zero or more - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - x-kubernetes-preserve-unknown-fields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - x-kubernetes-validations: - description: x-kubernetes-validations describes a list - of validation rules written in the CEL expression - language. - items: - description: ValidationRule describes a validation - rule written in the CEL expression language. - properties: - fieldPath: - description: |- - fieldPath represents the field path returned when the validation fails. - It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. - e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` - If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` - It does not support list numeric index. - It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. - Numeric index of array is not supported. - For field name which contains special characters, use `['specialName']` to refer the field name. - e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` - type: string - message: - description: |- - message represents the message displayed when validation fails. The message is required if the Rule contains - line breaks. The message must not contain line breaks. - If unset, the message is "failed rule: {Rule}". - e.g. "must be a URL with the host matching spec.host" - type: string - messageExpression: - description: |- - messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. - Since messageExpression is used as a failure message, it must evaluate to a string. - If both message and messageExpression are present on a rule, then messageExpression will be used if validation - fails. If messageExpression results in a runtime error, the validation failure message is produced - as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string - that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. - messageExpression has access to all the same variables as the rule; the only difference is the return type. - Example: - "x must be less than max ("+string(self.max)+")" - type: string - reason: - default: FieldValueInvalid - description: |- - reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. - The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". - If not set, default to use "FieldValueInvalid". - All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. - enum: - - FieldValueInvalid - - FieldValueForbidden - - FieldValueRequired - - FieldValueDuplicate - type: string - rule: - description: "rule represents the expression which - will be evaluated by CEL.\nref: https://github.com/google/cel-spec\nThe - Rule is scoped to the location of the x-kubernetes-validations - extension in the schema.\nThe `self` variable - in the CEL expression is bound to the scoped - value.\nIf the Rule is scoped to an object with - properties, the accessible properties of the - object are field selectable\nvia `self.field` - and field presence can be checked via `has(self.field)`.\nIf - the Rule is scoped to an object with additionalProperties - (i.e. a map) the value of the map\nare accessible - via `self[mapKey]`, map containment can be checked - via `mapKey in self` and all entries of the - map\nare accessible via CEL macros and functions - such as `self.all(...)`.\nIf the Rule is scoped - to an array, the elements of the array are accessible - via `self[i]` and also by macros and\nfunctions.\nIf - the Rule is scoped to a scalar, `self` is bound - to the scalar value.\nExamples:\n- Rule scoped - to a map of objects: {\"rule\": \"self.components['Widget'].priority - < 10\"}\n- Rule scoped to a list of integers: - {\"rule\": \"self.values.all(value, value >= - 0 && value < 100)\"}\n- Rule scoped to a string - value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown - data preserved in custom resources via x-kubernetes-preserve-unknown-fields - is not accessible in CEL\nexpressions. This - includes:\n- Unknown field values that are preserved - by object schemas with x-kubernetes-preserve-unknown-fields.\n- - Object properties where the property schema - is of an \"unknown type\". An \"unknown type\" - is recursively defined as:\n - A schema with - no type and x-kubernetes-preserve-unknown-fields - set to true\n - An array where the items schema - is of an \"unknown type\"\n - An object where - the additionalProperties schema is of an \"unknown - type\"\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` - are accessible.\nAccessible property names are - escaped according to the following rules when - accessed in the expression:\n- '__' escapes - to '__underscores__'\n- '.' escapes to '__dot__'\n- - '-' escapes to '__dash__'\n- '/' escapes to - '__slash__'\n- Property names that exactly match - a CEL RESERVED keyword escape to '__{keyword}__'. - The keywords are:\n\t \"true\", \"false\", - \"null\", \"in\", \"as\", \"break\", \"const\", - \"continue\", \"else\", \"for\", \"function\", - \"if\",\n\t \"import\", \"let\", \"loop\", - \"package\", \"namespace\", \"return\".\nExamples:\n - \ - Rule accessing a property named \"namespace\": - {\"rule\": \"self.__namespace__ > 0\"}\n - - Rule accessing a property named \"x-prop\": - {\"rule\": \"self.x__dash__prop > 0\"}\n - - Rule accessing a property named \"redact__d\": - {\"rule\": \"self.redact__underscores__d > 0\"}\n\nIf - `rule` makes use of the `oldSelf` variable it - is implicitly a\n`transition rule`.\n\nBy default, - the `oldSelf` variable is the same type as `self`.\n\nTransition - rules by default are applied only on UPDATE - requests and are\nskipped if an old value could - not be found." - type: string - required: - - rule - type: object - type: array - x-kubernetes-list-map-keys: - - rule - x-kubernetes-list-type: map - x-metadata: - description: |- - x-metadata is the metadata of a variable or a nested field within a variable. - It can be used to add additional data for higher level tools. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - type: object - required: - - openAPIV3Schema - type: object - required: - - name - - required - - schema - type: object - type: array - workers: - description: |- - workers describes the worker nodes for the cluster. - It is a collection of node types which can be used to create - the worker nodes of the cluster. - properties: - machineDeployments: - description: |- - machineDeployments is a list of machine deployment classes that can be used to create - a set of worker nodes. - items: - description: |- - MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster - provisioned using the `ClusterClass`. - properties: - class: - description: |- - class denotes a type of worker node present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachineDeployment. - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - machineHealthCheck: - description: machineHealthCheck defines a MachineHealthCheck - for this MachineDeploymentClass. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - nodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - format: int32 - type: integer - namingStrategy: - description: namingStrategy allows changing the naming pattern - used when creating the MachineDeployment. - properties: - template: - description: |- - template defines the template to use for generating the name of the MachineDeployment object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - properties: - remediation: - description: |- - remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - maxInFlight determines how many in flight remediations should happen at the same time. - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: |- - template is a local struct containing a collection of templates for creation of - MachineDeployment objects representing a set of worker nodes. - properties: - bootstrap: - description: |- - bootstrap contains the bootstrap template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - infrastructure contains the infrastructure template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - x-kubernetes-list-map-keys: - - class - x-kubernetes-list-type: map - machinePools: - description: |- - machinePools is a list of machine pool classes that can be used to create - a set of worker nodes. - items: - description: |- - MachinePoolClass serves as a template to define a pool of worker nodes of the cluster - provisioned using `ClusterClass`. - properties: - class: - description: |- - class denotes a type of machine pool present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachinePool. - type: string - failureDomains: - description: |- - failureDomains is the list of failure domains the MachinePool should be attached to. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - format: int32 - type: integer - namingStrategy: - description: namingStrategy allows changing the naming pattern - used when creating the MachinePool. - properties: - template: - description: |- - template defines the template to use for generating the name of the MachinePool object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - template: - description: |- - template is a local struct containing a collection of templates for creation of - MachinePools objects representing a pool of worker nodes. - properties: - bootstrap: - description: |- - bootstrap contains the bootstrap template reference to be used - for the creation of the Machines in the MachinePool. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - infrastructure contains the infrastructure template reference to be used - for the creation of the MachinePool. - properties: - ref: - description: |- - ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - x-kubernetes-list-map-keys: - - class - x-kubernetes-list-type: map - type: object - type: object - status: - description: ClusterClassStatus defines the observed state of the ClusterClass. - properties: - conditions: - description: conditions defines current observed state of the ClusterClass. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in ClusterClass's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a ClusterClass's current state. - Known condition types are VariablesReady, RefVersionsUpToDate, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - variables: - description: variables is a list of ClusterClassStatusVariable that - are defined for the ClusterClass. - items: - description: ClusterClassStatusVariable defines a variable which - appears in the status of a ClusterClass. - properties: - definitions: - description: definitions is a list of definitions for a variable. - items: - description: ClusterClassStatusVariableDefinition defines - a variable which appears in the status of a ClusterClass. - properties: - from: - description: |- - from specifies the origin of the variable definition. - This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass - for variables discovered from a DiscoverVariables runtime extensions. - type: string - metadata: - description: |- - metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - required: - description: |- - required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - openAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - additionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - allOf: - description: |- - allOf specifies that the variable must validate against all of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - anyOf: - description: |- - anyOf specifies that the variable must validate against one or more of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: description is a human-readable description - of this variable. - type: string - enum: - description: |- - enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - exclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - exclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - maxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - maxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maxProperties: - description: |- - maxProperties is the maximum amount of entries in a map or properties in an object. - NOTE: Can only be set if type is object. - format: int64 - type: integer - maximum: - description: |- - maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - minItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - minLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minProperties: - description: |- - minProperties is the minimum amount of entries in a map or properties in an object. - NOTE: Can only be set if type is object. - format: int64 - type: integer - minimum: - description: |- - minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - not: - description: |- - not specifies that the variable must not validate against the subschema. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - oneOf: - description: |- - oneOf specifies that the variable must validate against exactly one of the subschemas in the array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - pattern: - description: |- - pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - uniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-int-or-string: - description: |- - x-kubernetes-int-or-string specifies that this value is - either an integer or a string. If this is true, an empty - type is allowed and type as child of anyOf is permitted - if following one of the following patterns: - - 1) anyOf: - - type: integer - - type: string - 2) allOf: - - anyOf: - - type: integer - - type: string - - ... zero or more - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - x-kubernetes-preserve-unknown-fields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - x-kubernetes-validations: - description: x-kubernetes-validations describes - a list of validation rules written in the CEL - expression language. - items: - description: ValidationRule describes a validation - rule written in the CEL expression language. - properties: - fieldPath: - description: |- - fieldPath represents the field path returned when the validation fails. - It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. - e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` - If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` - It does not support list numeric index. - It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. - Numeric index of array is not supported. - For field name which contains special characters, use `['specialName']` to refer the field name. - e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` - type: string - message: - description: |- - message represents the message displayed when validation fails. The message is required if the Rule contains - line breaks. The message must not contain line breaks. - If unset, the message is "failed rule: {Rule}". - e.g. "must be a URL with the host matching spec.host" - type: string - messageExpression: - description: |- - messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. - Since messageExpression is used as a failure message, it must evaluate to a string. - If both message and messageExpression are present on a rule, then messageExpression will be used if validation - fails. If messageExpression results in a runtime error, the validation failure message is produced - as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string - that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset. - messageExpression has access to all the same variables as the rule; the only difference is the return type. - Example: - "x must be less than max ("+string(self.max)+")" - type: string - reason: - default: FieldValueInvalid - description: |- - reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. - The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". - If not set, default to use "FieldValueInvalid". - All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. - enum: - - FieldValueInvalid - - FieldValueForbidden - - FieldValueRequired - - FieldValueDuplicate - type: string - rule: - description: "rule represents the expression - which will be evaluated by CEL.\nref: - https://github.com/google/cel-spec\nThe - Rule is scoped to the location of the - x-kubernetes-validations extension in - the schema.\nThe `self` variable in the - CEL expression is bound to the scoped - value.\nIf the Rule is scoped to an object - with properties, the accessible properties - of the object are field selectable\nvia - `self.field` and field presence can be - checked via `has(self.field)`.\nIf the - Rule is scoped to an object with additionalProperties - (i.e. a map) the value of the map\nare - accessible via `self[mapKey]`, map containment - can be checked via `mapKey in self` and - all entries of the map\nare accessible - via CEL macros and functions such as `self.all(...)`.\nIf - the Rule is scoped to an array, the elements - of the array are accessible via `self[i]` - and also by macros and\nfunctions.\nIf - the Rule is scoped to a scalar, `self` - is bound to the scalar value.\nExamples:\n- - Rule scoped to a map of objects: {\"rule\": - \"self.components['Widget'].priority < - 10\"}\n- Rule scoped to a list of integers: - {\"rule\": \"self.values.all(value, value - >= 0 && value < 100)\"}\n- Rule scoped - to a string value: {\"rule\": \"self.startsWith('kube')\"}\n\nUnknown - data preserved in custom resources via - x-kubernetes-preserve-unknown-fields is - not accessible in CEL\nexpressions. This - includes:\n- Unknown field values that - are preserved by object schemas with x-kubernetes-preserve-unknown-fields.\n- - Object properties where the property schema - is of an \"unknown type\". An \"unknown - type\" is recursively defined as:\n - - A schema with no type and x-kubernetes-preserve-unknown-fields - set to true\n - An array where the items - schema is of an \"unknown type\"\n - - An object where the additionalProperties - schema is of an \"unknown type\"\n\nOnly - property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` - are accessible.\nAccessible property names - are escaped according to the following - rules when accessed in the expression:\n- - '__' escapes to '__underscores__'\n- '.' - escapes to '__dot__'\n- '-' escapes to - '__dash__'\n- '/' escapes to '__slash__'\n- - Property names that exactly match a CEL - RESERVED keyword escape to '__{keyword}__'. - The keywords are:\n\t \"true\", \"false\", - \"null\", \"in\", \"as\", \"break\", \"const\", - \"continue\", \"else\", \"for\", \"function\", - \"if\",\n\t \"import\", \"let\", \"loop\", - \"package\", \"namespace\", \"return\".\nExamples:\n - \ - Rule accessing a property named \"namespace\": - {\"rule\": \"self.__namespace__ > 0\"}\n - \ - Rule accessing a property named \"x-prop\": - {\"rule\": \"self.x__dash__prop > 0\"}\n - \ - Rule accessing a property named \"redact__d\": - {\"rule\": \"self.redact__underscores__d - > 0\"}\n\nIf `rule` makes use of the `oldSelf` - variable it is implicitly a\n`transition - rule`.\n\nBy default, the `oldSelf` variable - is the same type as `self`.\n\nTransition - rules by default are applied only on UPDATE - requests and are\nskipped if an old value - could not be found." - type: string - required: - - rule - type: object - type: array - x-kubernetes-list-map-keys: - - rule - x-kubernetes-list-type: map - x-metadata: - description: |- - x-metadata is the metadata of a variable or a nested field within a variable. - It can be used to add additional data for higher level tools. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - type: object - required: - - openAPIV3Schema - type: object - required: - - from - - required - - schema - type: object - type: array - definitionsConflict: - description: definitionsConflict specifies whether or not there - are conflicting definitions for a single variable name. - type: boolean - name: - description: name is the name of the variable. - type: string - required: - - definitions - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: clusterresourcesetbindings.addons.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSetBinding - listKind: ClusterResourceSetBindingList - plural: clusterresourcesetbindings - singular: clusterresourcesetbinding - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: clusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: lastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSetBinding - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSetBinding lists all matching ClusterResourceSets with the cluster it belongs to. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: clusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: lastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSetBinding - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSetBinding lists all matching ClusterResourceSets - with the cluster it belongs to. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: clusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: lastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - clusterName: - description: |- - clusterName is the name of the Cluster this binding applies to. - Note: this field mandatory in v1beta2. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: clusterresourcesets.addons.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSet - listKind: ClusterResourceSetList - plural: clusterresourcesets - singular: clusterresourceset - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSet is the Schema for the clusterresourcesets API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - ClusterResourceSet is the Schema for the clusterresourcesets API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - Label selector cannot be empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSet is the Schema for the clusterresourcesets - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - Label selector cannot be empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - - Reconcile - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in ClusterResourceSet's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a ClusterResourceSet's current state. - Known condition types are ResourceSetApplied, Deleting. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: clusters.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Cluster - listKind: ClusterList - plural: clusters - shortNames: - - cl - singular: cluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: Cluster is the Schema for the clusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - apiServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: controlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - controlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - infrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - controlPlaneInitialized: - description: controlPlaneInitialized defines if the control plane - has been initialized. - type: boolean - controlPlaneReady: - description: controlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: controlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: failureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - failureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of Cluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - Cluster is the Schema for the clusters API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - apiServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: controlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - controlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - infrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - topology: - description: |- - This encapsulates the topology for the cluster. - NOTE: It is required to enable the ClusterTopology - feature gate flag to activate managed topologies support; - this feature is highly experimental, and parts of it might still be not implemented. - properties: - class: - description: The name of the ClusterClass object to create the - topology. - type: string - controlPlane: - description: controlPlane describes the cluster control plane. - properties: - metadata: - description: |- - metadata is the metadata applied to the machines of the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - - This field is supported if and only if the control plane provider template - referenced in the ClusterClass is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - replicas: - description: |- - replicas is the number of control plane nodes. - If the value is nil, the ControlPlane object is created without the number of Replicas - and it's assumed that the control plane controller does not implement support for this field. - When specified against a control plane provider that lacks support for this field, this value will be ignored. - format: int32 - type: integer - type: object - rolloutAfter: - description: |- - rolloutAfter performs a rollout of the entire cluster one component at a time, - control plane first and then machine deployments. - format: date-time - type: string - version: - description: The Kubernetes version of the cluster. - type: string - workers: - description: |- - workers encapsulates the different constructs that form the worker nodes - for the cluster. - properties: - machineDeployments: - description: machineDeployments is a list of machine deployments - in the cluster. - items: - description: |- - MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. - This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - class is the name of the MachineDeploymentClass used to create the set of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - metadata: - description: |- - metadata is the metadata applied to the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - name: - description: |- - name is the unique identifier for this MachineDeploymentTopology. - The value is used with other unique identifiers to create a MachineDeployment's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - replicas: - description: |- - replicas is the number of worker nodes belonging to this set. - If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to zero) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - required: - - class - - name - type: object - type: array - type: object - required: - - class - - version - type: object - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - controlPlaneReady: - description: controlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: controlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: failureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - failureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: ClusterClass of this Cluster, empty if the Cluster is not using - a ClusterClass - jsonPath: .spec.topology.class - name: ClusterClass - type: string - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Cluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Cluster - jsonPath: .spec.topology.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Cluster is the Schema for the clusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - availabilityGates: - description: |- - availabilityGates specifies additional conditions to include when evaluating Cluster Available condition. - - NOTE: this field is considered only for computing v1beta2 conditions. - items: - description: ClusterAvailabilityGate contains the type of a Cluster - condition to be used as availability gate. - properties: - conditionType: - description: |- - conditionType refers to a positive polarity condition (status true means good) with matching type in the Cluster's condition list. - If the conditions doesn't exist, it will be treated as unknown. - Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as availability gates. - maxLength: 316 - minLength: 1 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - conditionType - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - conditionType - x-kubernetes-list-type: map - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - apiServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: controlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - controlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - infrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - topology: - description: |- - This encapsulates the topology for the cluster. - NOTE: It is required to enable the ClusterTopology - feature gate flag to activate managed topologies support; - this feature is highly experimental, and parts of it might still be not implemented. - properties: - class: - description: The name of the ClusterClass object to create the - topology. - type: string - classNamespace: - description: |- - classNamespace is the namespace of the ClusterClass object to create the topology. - If the namespace is empty or not set, it is defaulted to the namespace of the cluster object. - Value must follow the DNS1123Subdomain syntax. - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9](?:[-a-z0-9]*[a-z0-9])?)*$ - type: string - controlPlane: - description: controlPlane describes the cluster control plane. - properties: - machineHealthCheck: - description: |- - machineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this control plane. - properties: - enable: - description: |- - enable controls if a MachineHealthCheck should be created for the target machines. - - If false: No MachineHealthCheck will be created. - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - nodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it - is applied only to the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - replicas is the number of control plane nodes. - If the value is nil, the ControlPlane object is created without the number of Replicas - and it's assumed that the control plane controller does not implement support for this field. - When specified against a control plane provider that lacks support for this field, this value will be ignored. - format: int32 - type: integer - variables: - description: variables can be used to customize the ControlPlane - through patches. - properties: - overrides: - description: overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - definitionFrom specifies where the definition of this Variable is from. - - Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. - type: string - name: - description: name of the variable. - type: string - value: - description: |- - value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - rolloutAfter: - description: |- - rolloutAfter performs a rollout of the entire cluster one component at a time, - control plane first and then machine deployments. - - Deprecated: This field has no function and is going to be removed in the next apiVersion. - format: date-time - type: string - variables: - description: |- - variables can be used to customize the Cluster through - patches. They must comply to the corresponding - VariableClasses defined in the ClusterClass. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - definitionFrom specifies where the definition of this Variable is from. - - Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. - type: string - name: - description: name of the variable. - type: string - value: - description: |- - value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - version: - description: The Kubernetes version of the cluster. - type: string - workers: - description: |- - workers encapsulates the different constructs that form the worker nodes - for the cluster. - properties: - machineDeployments: - description: machineDeployments is a list of machine deployments - in the cluster. - items: - description: |- - MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. - This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - class is the name of the MachineDeploymentClass used to create the set of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - machineHealthCheck: - description: |- - machineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. - properties: - enable: - description: |- - enable controls if a MachineHealthCheck should be created for the target machines. - - If false: No MachineHealthCheck will be created. - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - nodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - name is the unique identifier for this MachineDeploymentTopology. - The value is used with other unique identifiers to create a MachineDeployment's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - replicas is the number of worker nodes belonging to this set. - If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - remediation: - description: |- - remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - maxInFlight determines how many in flight remediations should happen at the same time. - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - variables: - description: variables can be used to customize the - MachineDeployment through patches. - properties: - overrides: - description: overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - definitionFrom specifies where the definition of this Variable is from. - - Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. - type: string - name: - description: name of the variable. - type: string - value: - description: |- - value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - required: - - class - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - machinePools: - description: machinePools is a list of machine pools in the - cluster. - items: - description: |- - MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. - This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - class is the name of the MachinePoolClass used to create the pool of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomains: - description: |- - failureDomains is the list of failure domains the machine pool will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - items: - type: string - type: array - metadata: - description: |- - metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - name is the unique identifier for this MachinePoolTopology. - The value is used with other unique identifiers to create a MachinePool's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool - hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - replicas is the number of nodes belonging to this pool. - If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - variables: - description: variables can be used to customize the - MachinePool through patches. - properties: - overrides: - description: overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - definitionFrom specifies where the definition of this Variable is from. - - Deprecated: This field is deprecated, must not be set anymore and is going to be removed in the next apiVersion. - type: string - name: - description: name of the variable. - type: string - value: - description: |- - value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - required: - - class - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - required: - - class - - version - type: object - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneReady: - description: |- - controlPlaneReady denotes if the control plane became ready during initial provisioning - to receive requests. - NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. - The value of this field is never updated after provisioning is completed. Please use conditions - to check the operational state of the control plane. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: controlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: failureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - failureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - failureReason: - description: |- - failureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in Cluster's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a Cluster's current state. - Known condition types are Available, InfrastructureReady, ControlPlaneInitialized, ControlPlaneAvailable, WorkersAvailable, MachinesReady - MachinesUpToDate, RemoteConnectionProbe, ScalingUp, ScalingDown, Remediating, Deleting, Paused. - Additionally, a TopologyReconciled condition will be added in case the Cluster is referencing a ClusterClass / defining a managed Topology. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlane: - description: controlPlane groups all the observations about Cluster's - ControlPlane current state. - properties: - availableReplicas: - description: availableReplicas is the total number of available - control plane machines in this cluster. A machine is considered - available when Machine's Available condition is true. - format: int32 - type: integer - desiredReplicas: - description: desiredReplicas is the total number of desired - control plane machines in this cluster. - format: int32 - type: integer - readyReplicas: - description: readyReplicas is the total number of ready control - plane machines in this cluster. A machine is considered - ready when Machine's Ready condition is true. - format: int32 - type: integer - replicas: - description: |- - replicas is the total number of control plane machines in this cluster. - NOTE: replicas also includes machines still being provisioned or being deleted. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date - control plane machines in this cluster. A machine is considered - up-to-date when Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - workers: - description: workers groups all the observations about Cluster's - Workers current state. - properties: - availableReplicas: - description: availableReplicas is the total number of available - worker machines in this cluster. A machine is considered - available when Machine's Available condition is true. - format: int32 - type: integer - desiredReplicas: - description: desiredReplicas is the total number of desired - worker machines in this cluster. - format: int32 - type: integer - readyReplicas: - description: readyReplicas is the total number of ready worker - machines in this cluster. A machine is considered ready - when Machine's Ready condition is true. - format: int32 - type: integer - replicas: - description: |- - replicas is the total number of worker machines in this cluster. - NOTE: replicas also includes machines still being provisioned or being deleted. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date - worker machines in this cluster. A machine is considered - up-to-date when Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: extensionconfigs.runtime.cluster.x-k8s.io -spec: - group: runtime.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ExtensionConfig - listKind: ExtensionConfigList - plural: extensionconfigs - shortNames: - - ext - singular: extensionconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ExtensionConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ExtensionConfig is the Schema for the ExtensionConfig API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ExtensionConfigSpec is the desired state of the ExtensionConfig - properties: - clientConfig: - description: clientConfig defines how to communicate with the Extension - server. - properties: - caBundle: - description: caBundle is a PEM encoded CA bundle which will be - used to validate the Extension server's server certificate. - format: byte - type: string - service: - description: |- - service is a reference to the Kubernetes service for the Extension server. - Note: Exactly one of `url` or `service` must be specified. - - If the Extension server is running within a cluster, then you should use `service`. - properties: - name: - description: name is the name of the service. - type: string - namespace: - description: namespace is the namespace of the service. - type: string - path: - description: |- - path is an optional URL path and if present may be any string permissible in - a URL. If a path is set it will be used as prefix to the hook-specific path. - type: string - port: - description: |- - port is the port on the service that's hosting the Extension server. - Defaults to 443. - Port should be a valid port number (1-65535, inclusive). - format: int32 - type: integer - required: - - name - - namespace - type: object - url: - description: |- - url gives the location of the Extension server, in standard URL form - (`scheme://host:port/path`). - Note: Exactly one of `url` or `service` must be specified. - - The scheme must be "https". - - The `host` should not refer to a service running in the cluster; use - the `service` field instead. - - A path is optional, and if present may be any string permissible in - a URL. If a path is set it will be used as prefix to the hook-specific path. - - Attempting to use a user or basic auth e.g. "user:password@" is not - allowed. Fragments ("#...") and query parameters ("?...") are not - allowed either. - type: string - type: object - namespaceSelector: - description: |- - namespaceSelector decides whether to call the hook for an object based - on whether the namespace for that object matches the selector. - Defaults to the empty LabelSelector, which matches all objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - settings: - additionalProperties: - type: string - description: |- - settings defines key value pairs to be passed to all calls - to all supported RuntimeExtensions. - Note: Settings can be overridden on the ClusterClass. - type: object - required: - - clientConfig - type: object - status: - description: ExtensionConfigStatus is the current state of the ExtensionConfig - properties: - conditions: - description: conditions define the current service state of the ExtensionConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - handlers: - description: handlers defines the current ExtensionHandlers supported - by an Extension. - items: - description: ExtensionHandler specifies the details of a handler - for a particular runtime hook registered by an Extension server. - properties: - failurePolicy: - description: |- - failurePolicy defines how failures in calls to the ExtensionHandler should be handled by a client. - Defaults to Fail if not set. - type: string - name: - description: name is the unique name of the ExtensionHandler. - type: string - requestHook: - description: requestHook defines the versioned runtime hook - which this ExtensionHandler serves. - properties: - apiVersion: - description: apiVersion is the group and version of the - Hook. - type: string - hook: - description: hook is the name of the hook. - type: string - required: - - apiVersion - - hook - type: object - timeoutSeconds: - description: |- - timeoutSeconds defines the timeout duration for client calls to the ExtensionHandler. - Defaults to 10 is not set. - format: int32 - type: integer - required: - - name - - requestHook - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: ipaddressclaims.ipam.cluster.x-k8s.io -spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddressClaim - listKind: IPAddressClaimList - plural: ipaddressclaims - singular: ipaddressclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the pool to allocate an address from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool to allocate an address from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdressClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddressClaim is the Schema for the ipaddressclaim API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. - properties: - poolRef: - description: poolRef is a reference to the pool from which an IP address - should be created. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - required: - - poolRef - type: object - status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. - properties: - addressRef: - description: addressRef is a reference to the address that was created - for this claim. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - conditions: - description: conditions summarises the current state of the IPAddressClaim - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Name of the pool to allocate an address from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool to allocate an address from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdressClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddressClaim is the Schema for the ipaddressclaim API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - type: string - poolRef: - description: poolRef is a reference to the pool from which an IP address - should be created. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - required: - - poolRef - type: object - status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. - properties: - addressRef: - description: addressRef is a reference to the address that was created - for this claim. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - conditions: - description: conditions summarises the current state of the IPAddressClaim - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: ipaddresses.ipam.cluster.x-k8s.io -spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddress - listKind: IPAddressList - plural: ipaddresses - singular: ipaddress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address - jsonPath: .spec.address - name: Address - type: string - - description: Name of the pool the address is from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool the address is from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddress API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec is the desired state of an IPAddress. - properties: - address: - description: address is the IP address. - type: string - claimRef: - description: claimRef is a reference to the claim this IPAddress was - created for. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - gateway: - description: gateway is the network gateway of the network the address - is from. - type: string - poolRef: - description: poolRef is a reference to the pool that this IPAddress - was created from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - prefix: - description: prefix is the prefix of the address. - type: integer - required: - - address - - claimRef - - poolRef - - prefix - type: object - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Address - jsonPath: .spec.address - name: Address - type: string - - description: Name of the pool the address is from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool the address is from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddress API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec is the desired state of an IPAddress. - properties: - address: - description: address is the IP address. - type: string - claimRef: - description: claimRef is a reference to the claim this IPAddress was - created for. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - gateway: - description: gateway is the network gateway of the network the address - is from. - type: string - poolRef: - description: poolRef is a reference to the pool that this IPAddress - was created from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - prefix: - description: prefix is the prefix of the address. - type: integer - required: - - address - - claimRef - - poolRef - - prefix - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machinedeployments.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineDeployment - listKind: MachineDeploymentList - plural: machinedeployments - shortNames: - - md - singular: machinedeployment - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineDeployment is the Schema for the machinedeployments API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - generateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineDeployment - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineDeployment is the Schema for the machinedeployments API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - default: 1 - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. - Default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - conditions: - description: conditions defines current service state of the MachineDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachineDeployment - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachineDeployment - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineDeployment - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineDeployment is the Schema for the machinedeployments API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details. - format: int32 - type: integer - replicas: - description: |- - Number of desired machines. - This is a pointer to distinguish between explicit zero and not specified. - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineDeployment, use min size - - if the replicas field of the old MachineDeployment is < min size, use min size - - if the replicas field of the old MachineDeployment is > max size, use max size - - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineDeployment is created with replicas not set. - * On an existing MachineDeployment the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineDeployment is created and replicas should be managed by the autoscaler - * An existing MachineDeployment which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10479 for more details. - format: int32 - type: integer - rolloutAfter: - description: |- - rolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - MachineDeployment. - Example: In the YAML the time can be specified in the RFC3339 format. - To specify the rolloutAfter target as March 9, 2023, at 9 am UTC - use "2023-03-09T09:00:00Z". - format: date-time - type: string - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - remediation: - description: |- - remediation controls the strategy of remediating unhealthy machines - and how remediating operations should occur during the lifecycle of the dependant MachineSets. - properties: - maxInFlight: - anyOf: - - type: integer - - type: string - description: |- - maxInFlight determines how many in flight remediations should happen at the same time. - - Remediation only happens on the MachineSet with the most current revision, while - older MachineSets (usually present during rollout operations) aren't allowed to remediate. - - Note: In general (independent of remediations), unhealthy machines are always - prioritized during scale down operations over healthy ones. - - MaxInFlight can be set to a fixed number or a percentage. - Example: when this is set to 20%, the MachineSet controller deletes at most 20% of - the desired replicas. - - If not set, remediation is limited to all machines (bounded by replicas) - under the active MachineSet's management. - x-kubernetes-int-or-string: true - type: object - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - deletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - readinessGates: - description: |- - readinessGates specifies additional conditions to include when evaluating Machine Ready condition. - - This field can be used e.g. by Cluster API control plane providers to extend the semantic of the - Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates - for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. - - Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; - they can include the status of those components with a new condition and add this condition to ReadinessGates. - - NOTE: This field is considered only for computing v1beta2 conditions. - NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those - readiness gates condition are reporting the same message, when computing the Machine's Ready condition those - readinessGates will be replaced by a single entry reporting "Control plane components: " + message. - This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). - items: - description: MachineReadinessGate contains the type of a - Machine condition to be used as a readiness gate. - properties: - conditionType: - description: |- - conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list. - If the conditions doesn't exist, it will be treated as unknown. - Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. - maxLength: 316 - minLength: 1 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - conditionType - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - conditionType - x-kubernetes-list-type: map - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - conditions: - description: conditions defines current service state of the MachineDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in MachineDeployment's status with the V1Beta2 version. - properties: - availableReplicas: - description: availableReplicas is the number of available replicas - for this MachineDeployment. A machine is considered available - when Machine's Available condition is true. - format: int32 - type: integer - conditions: - description: |- - conditions represents the observations of a MachineDeployment's current state. - Known condition types are Available, MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - readyReplicas: - description: readyReplicas is the number of ready replicas for - this MachineDeployment. A machine is considered ready when Machine's - Ready condition is true. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date replicas - targeted by this deployment. A machine is considered up-to-date - when Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machinedrainrules.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineDrainRule - listKind: MachineDrainRuleList - plural: machinedrainrules - singular: machinedrainrule - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Drain behavior - jsonPath: .spec.drain.behavior - name: Behavior - type: string - - description: Drain order - jsonPath: .spec.drain.order - name: Order - type: string - - description: Time duration since creation of the MachineDrainRule - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineDrainRule is the Schema for the MachineDrainRule API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: spec defines the spec of a MachineDrainRule. - properties: - drain: - description: drain configures if and how Pods are drained. - properties: - behavior: - description: |- - behavior defines the drain behavior. - Can be either "Drain", "Skip", or "WaitCompleted". - "Drain" means that the Pods to which this MachineDrainRule applies will be drained. - If behavior is set to "Drain" the order in which Pods are drained can be configured - with the order field. When draining Pods of a Node the Pods will be grouped by order - and one group after another will be drained (by increasing order). Cluster API will - wait until all Pods of a group are terminated / removed from the Node before starting - with the next group. - "Skip" means that the Pods to which this MachineDrainRule applies will be skipped during drain. - "WaitCompleted" means that the pods to which this MachineDrainRule applies will never be evicted - and we wait for them to be completed, it is enforced that pods marked with this behavior always have Order=0. - enum: - - Drain - - Skip - - WaitCompleted - type: string - order: - description: |- - order defines the order in which Pods are drained. - Pods with higher order are drained after Pods with lower order. - order can only be set if behavior is set to "Drain". - If order is not set, 0 will be used. - Valid values for order are from -2147483648 to 2147483647 (inclusive). - format: int32 - type: integer - required: - - behavior - type: object - machines: - description: |- - machines defines to which Machines this MachineDrainRule should be applied. - - If machines is not set, the MachineDrainRule applies to all Machines in the Namespace. - If machines contains multiple selectors, the results are ORed. - Within a single Machine selector the results of selector and clusterSelector are ANDed. - Machines will be selected from all Clusters in the Namespace unless otherwise - restricted with the clusterSelector. - - Example: Selects control plane Machines in all Clusters or - Machines with label "os" == "linux" in Clusters with label - "stage" == "production". - - - selector: - matchExpressions: - - key: cluster.x-k8s.io/control-plane - operator: Exists - - selector: - matchLabels: - os: linux - clusterSelector: - matchExpressions: - - key: stage - operator: In - values: - - production - items: - description: MachineDrainRuleMachineSelector defines to which Machines - this MachineDrainRule should be applied. - minProperties: 1 - properties: - clusterSelector: - description: |- - clusterSelector is a label selector which selects Machines by the labels of - their Clusters. - This field follows standard label selector semantics; if not present or - empty, it selects Machines of all Clusters. - - If selector is also set, then the selector as a whole selects - Machines matching selector belonging to Clusters selected by clusterSelector. - If selector is not set, it selects all Machines belonging to Clusters - selected by clusterSelector. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - selector: - description: |- - selector is a label selector which selects Machines by their labels. - This field follows standard label selector semantics; if not present or - empty, it selects all Machines. - - If clusterSelector is also set, then the selector as a whole selects - Machines matching selector belonging to Clusters selected by clusterSelector. - If clusterSelector is not set, it selects all Machines matching selector in - all Clusters. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - maxItems: 32 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - pods: - description: |- - pods defines to which Pods this MachineDrainRule should be applied. - - If pods is not set, the MachineDrainRule applies to all Pods in all Namespaces. - If pods contains multiple selectors, the results are ORed. - Within a single Pod selector the results of selector and namespaceSelector are ANDed. - Pods will be selected from all Namespaces unless otherwise - restricted with the namespaceSelector. - - Example: Selects Pods with label "app" == "logging" in all Namespaces or - Pods with label "app" == "prometheus" in the "monitoring" - Namespace. - - - selector: - matchExpressions: - - key: app - operator: In - values: - - logging - - selector: - matchLabels: - app: prometheus - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - items: - description: MachineDrainRulePodSelector defines to which Pods this - MachineDrainRule should be applied. - minProperties: 1 - properties: - namespaceSelector: - description: |- - namespaceSelector is a label selector which selects Pods by the labels of - their Namespaces. - This field follows standard label selector semantics; if not present or - empty, it selects Pods of all Namespaces. - - If selector is also set, then the selector as a whole selects - Pods matching selector in Namespaces selected by namespaceSelector. - If selector is not set, it selects all Pods in Namespaces selected by - namespaceSelector. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - selector: - description: |- - selector is a label selector which selects Pods by their labels. - This field follows standard label selector semantics; if not present or - empty, it selects all Pods. - - If namespaceSelector is also set, then the selector as a whole selects - Pods matching selector in Namespaces selected by namespaceSelector. - If namespaceSelector is not set, it selects all Pods matching selector in - all Namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - maxItems: 32 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - required: - - drain - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machinehealthchecks.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineHealthCheck is the Schema for the machinehealthchecks API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - remediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineHealthCheck - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineHealthCheck is the Schema for the machinehealthchecks API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If not set, this value is defaulted to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - remediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - - description: Time duration since creation of MachineHealthCheck - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineHealthCheck is the Schema for the machinehealthchecks - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - nodeStartupTimeout allows to set the maximum time for MachineHealthCheck - to consider a Machine unhealthy if a corresponding Node isn't associated - through a `Spec.ProviderID` field. - - The duration set in this field is compared to the greatest of: - - Cluster's infrastructure ready condition timestamp (if and when available) - - Control Plane's initialized condition timestamp (if and when available) - - Machine's infrastructure ready condition timestamp (if and when available) - - Machine's metadata creation timestamp - - Defaults to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - remediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - unhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/10722 for more details. - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - required: - - clusterName - - selector - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - remediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in MachineHealthCheck's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a MachineHealthCheck's current state. - Known condition types are RemediationAllowed, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machinepools.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachinePool - listKind: MachinePoolList - plural: machinepools - shortNames: - - mp - singular: machinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachinePool is the Schema for the machinepools API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: failureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - format: int32 - type: integer - providerIDList: - description: |- - providerIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - strategy: - description: |- - The deployment strategy to use to replace existing machine instances with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of deployment. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - generateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - failureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: nodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of MachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachinePool is the Schema for the machinepools API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: failureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - format: int32 - type: integer - providerIDList: - description: |- - providerIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - failureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: nodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachinePool - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachinePool is the Schema for the machinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: failureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - format: int32 - type: integer - providerIDList: - description: |- - providerIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - template: - description: template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - readinessGates: - description: |- - readinessGates specifies additional conditions to include when evaluating Machine Ready condition. - - This field can be used e.g. by Cluster API control plane providers to extend the semantic of the - Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates - for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. - - Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; - they can include the status of those components with a new condition and add this condition to ReadinessGates. - - NOTE: This field is considered only for computing v1beta2 conditions. - NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those - readiness gates condition are reporting the same message, when computing the Machine's Ready condition those - readinessGates will be replaced by a single entry reporting "Control plane components: " + message. - This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). - items: - description: MachineReadinessGate contains the type of a - Machine condition to be used as a readiness gate. - properties: - conditionType: - description: |- - conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list. - If the conditions doesn't exist, it will be treated as unknown. - Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. - maxLength: 316 - minLength: 1 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - conditionType - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - conditionType - x-kubernetes-list-type: map - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - failureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - failureReason: - description: |- - failureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: nodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - format: int32 - type: integer - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in MachinePool's status with the V1Beta2 version. - properties: - availableReplicas: - description: availableReplicas is the number of available replicas - for this MachinePool. A machine is considered available when - Machine's Available condition is true. - format: int32 - type: integer - conditions: - description: |- - conditions represents the observations of a MachinePool's current state. - Known condition types are Available, BootstrapConfigReady, InfrastructureReady, MachinesReady, MachinesUpToDate, - ScalingUp, ScalingDown, Remediating, Deleting, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - readyReplicas: - description: readyReplicas is the number of ready replicas for - this MachinePool. A machine is considered ready when Machine's - Ready condition is true. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date replicas - targeted by this MachinePool. A machine is considered up-to-date - when Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machines.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Machine - listKind: MachineList - plural: machines - shortNames: - - ma - singular: machine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - priority: 1 - type: string - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - Machine is the Schema for the machines API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - failureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - failureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: lastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeRef: - description: nodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - version: - description: |- - version specifies the current version of Kubernetes running - on the corresponding Node. This is meant to be a means of bubbling - up status from the Node to the Machine. - It is entirely optional, but useful for end-user UX if it’s present. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of Machine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - priority: 1 - type: string - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - Machine is the Schema for the machines API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - failureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - failureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: lastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeInfo: - description: |- - nodeInfo is a set of ids/uuids to uniquely identify the node. - More info: https://kubernetes.io/docs/concepts/nodes/node/#info - properties: - architecture: - description: The Architecture reported by the node - type: string - bootID: - description: Boot ID reported by the node. - type: string - containerRuntimeVersion: - description: ContainerRuntime Version reported by the node through - runtime remote API (e.g. containerd://1.4.2). - type: string - kernelVersion: - description: Kernel Version reported by the node from 'uname -r' - (e.g. 3.16.0-0.bpo.4-amd64). - type: string - kubeProxyVersion: - description: 'Deprecated: KubeProxy Version reported by the node.' - type: string - kubeletVersion: - description: Kubelet Version reported by the node. - type: string - machineID: - description: |- - MachineID reported by the node. For unique machine identification - in the cluster this field is preferred. Learn more from man(5) - machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - type: string - operatingSystem: - description: The Operating System reported by the node - type: string - osImage: - description: OS Image reported by the node from /etc/os-release - (e.g. Debian GNU/Linux 7 (wheezy)). - type: string - systemUUID: - description: |- - SystemUUID reported by the node. For unique machine identification - MachineID is preferred. This field is specific to Red Hat hosts - https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - type: string - required: - - architecture - - bootID - - containerRuntimeVersion - - kernelVersion - - kubeProxyVersion - - kubeletVersion - - machineID - - operatingSystem - - osImage - - systemUUID - type: object - nodeRef: - description: nodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - version: - description: |- - version specifies the current version of Kubernetes running - on the corresponding Node. This is meant to be a means of bubbling - up status from the Node to the Machine. - It is entirely optional, but useful for end-user UX if it’s present. - type: string - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - type: string - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Machine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Machine is the Schema for the machines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - readinessGates: - description: |- - readinessGates specifies additional conditions to include when evaluating Machine Ready condition. - - This field can be used e.g. by Cluster API control plane providers to extend the semantic of the - Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates - for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. - - Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; - they can include the status of those components with a new condition and add this condition to ReadinessGates. - - NOTE: This field is considered only for computing v1beta2 conditions. - NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those - readiness gates condition are reporting the same message, when computing the Machine's Ready condition those - readinessGates will be replaced by a single entry reporting "Control plane components: " + message. - This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). - items: - description: MachineReadinessGate contains the type of a Machine - condition to be used as a readiness gate. - properties: - conditionType: - description: |- - conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list. - If the conditions doesn't exist, it will be treated as unknown. - Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. - maxLength: 316 - minLength: 1 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - conditionType - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - conditionType - x-kubernetes-list-type: map - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: bootstrapReady is the state of the bootstrap provider. - type: boolean - certificatesExpiryDate: - description: |- - certificatesExpiryDate is the expiry date of the machine certificates. - This value is only set for control plane machines. - format: date-time - type: string - conditions: - description: conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - deletion: - description: |- - deletion contains information relating to removal of the Machine. - Only present when the Machine has a deletionTimestamp and drain or wait for volume detach started. - properties: - nodeDrainStartTime: - description: |- - nodeDrainStartTime is the time when the drain of the node started and is used to determine - if the NodeDrainTimeout is exceeded. - Only present when the Machine has a deletionTimestamp and draining the node had been started. - format: date-time - type: string - waitForNodeVolumeDetachStartTime: - description: |- - waitForNodeVolumeDetachStartTime is the time when waiting for volume detachment started - and is used to determine if the NodeVolumeDetachTimeout is exceeded. - Detaching volumes from nodes is usually done by CSI implementations and the current state - is observed from the node's `.Status.VolumesAttached` field. - Only present when the Machine has a deletionTimestamp and waiting for volume detachments had been started. - format: date-time - type: string - type: object - failureMessage: - description: |- - failureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - failureReason: - description: |- - failureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - infrastructureReady: - description: infrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: lastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeInfo: - description: |- - nodeInfo is a set of ids/uuids to uniquely identify the node. - More info: https://kubernetes.io/docs/concepts/nodes/node/#info - properties: - architecture: - description: The Architecture reported by the node - type: string - bootID: - description: Boot ID reported by the node. - type: string - containerRuntimeVersion: - description: ContainerRuntime Version reported by the node through - runtime remote API (e.g. containerd://1.4.2). - type: string - kernelVersion: - description: Kernel Version reported by the node from 'uname -r' - (e.g. 3.16.0-0.bpo.4-amd64). - type: string - kubeProxyVersion: - description: 'Deprecated: KubeProxy Version reported by the node.' - type: string - kubeletVersion: - description: Kubelet Version reported by the node. - type: string - machineID: - description: |- - MachineID reported by the node. For unique machine identification - in the cluster this field is preferred. Learn more from man(5) - machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - type: string - operatingSystem: - description: The Operating System reported by the node - type: string - osImage: - description: OS Image reported by the node from /etc/os-release - (e.g. Debian GNU/Linux 7 (wheezy)). - type: string - systemUUID: - description: |- - SystemUUID reported by the node. For unique machine identification - MachineID is preferred. This field is specific to Red Hat hosts - https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - type: string - required: - - architecture - - bootID - - containerRuntimeVersion - - kernelVersion - - kubeProxyVersion - - kubeletVersion - - machineID - - operatingSystem - - osImage - - systemUUID - type: object - nodeRef: - description: nodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in Machine's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a Machine's current state. - Known condition types are Available, Ready, UpToDate, BootstrapConfigReady, InfrastructureReady, NodeReady, - NodeHealthy, Deleting, Paused. - If a MachineHealthCheck is targeting this machine, also HealthCheckSucceeded, OwnerRemediated conditions are added. - Additionally control plane Machines controlled by KubeadmControlPlane will have following additional conditions: - APIServerPodHealthy, ControllerManagerPodHealthy, SchedulerPodHealthy, EtcdPodHealthy, EtcdMemberHealthy. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: machinesets.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineSet - listKind: MachineSetList - plural: machinesets - shortNames: - - ms - singular: machineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - MachineSet is the Schema for the machinesets API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - deletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. - Defaults to 0 (machine will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - description: |- - replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - generateName: - description: |- - generateName is an optional prefix, used by the server, to generate a unique - name ONLY IF the Name field has not been provided. - If this field is used, the name returned to the client will be different - than the name passed. This value will also be combined with a unique suffix. - The provided value has the same validation rules as the Name field, - and may be truncated by the length of the suffix required to make the value - unique on the server. - - If this field is specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created or 500 with Reason - ServerTimeout indicating a unique name could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - name: - description: |- - name must be unique within a namespace. Is required when creating resources, although - some resources may allow a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence and configuration - definition. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - namespace: - description: |- - namespace defines the space within each name must be unique. An empty namespace is - equivalent to the "default" namespace, but "default" is the canonical representation. - Not all objects are required to be scoped to a namespace - the value of this field for - those objects will be empty. - - Must be a DNS_LABEL. - Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces - - Deprecated: This field has no function and is going to be removed in a next release. - type: string - ownerReferences: - description: |- - List of objects depended by this object. If ALL objects in the list have - been deleted, this object will be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, with the controller field set to true. - There cannot be more than one managing controller. - - Deprecated: This field has no function and is going to be removed in a next release. - items: - description: |- - OwnerReference contains enough information to let you identify an owning - object. An owning object must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: |- - If true, AND if the owner has the "foregroundDeletion" finalizer, then - the owner cannot be deleted from the key-value store until this - reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field and enforces the foreground deletion. - Defaults to false. - To set this field, a user needs "delete" permission of the owner, - otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.Data without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - data: - description: |- - data contains the bootstrap data, such as cloud-init details scripts. - If nil, the Machine should remain in the Pending state. - - Deprecated: Switch to DataSecretName. - type: string - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Time duration since creation of MachineSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - MachineSet is the Schema for the machinesets API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - deletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. - Defaults to 0 (machine will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - default: 1 - description: |- - replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - Defaults to 1. - format: int32 - type: integer - selector: - description: |- - selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - conditions: - description: conditions defines current service state of the MachineSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this machineset - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Time duration since creation of MachineSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineSet - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineSet is the Schema for the machinesets API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: clusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - deletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - minReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - replicas: - description: |- - replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineSet, use min size - - if the replicas field of the old MachineSet is < min size, use min size - - if the replicas field of the old MachineSet is > max size, use max size - - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineSet is created with replicas not set. - * On an existing MachineSet the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineSet is created and replicas should be managed by the autoscaler - * An existing MachineSet which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - selector: - description: |- - selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - configRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - dataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: clusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - failureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - providerID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - readinessGates: - description: |- - readinessGates specifies additional conditions to include when evaluating Machine Ready condition. - - This field can be used e.g. by Cluster API control plane providers to extend the semantic of the - Ready condition for the Machine they control, like the kubeadm control provider adding ReadinessGates - for the APIServerPodHealthy, SchedulerPodHealthy conditions, etc. - - Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; - they can include the status of those components with a new condition and add this condition to ReadinessGates. - - NOTE: This field is considered only for computing v1beta2 conditions. - NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those - readiness gates condition are reporting the same message, when computing the Machine's Ready condition those - readinessGates will be replaced by a single entry reporting "Control plane components: " + message. - This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). - items: - description: MachineReadinessGate contains the type of a - Machine condition to be used as a readiness gate. - properties: - conditionType: - description: |- - conditionType refers to a positive polarity condition (status true means good) with matching type in the Machine's condition list. - If the conditions doesn't exist, it will be treated as unknown. - Note: Both Cluster API conditions or conditions added by 3rd party controllers can be used as readiness gates. - maxLength: 316 - minLength: 1 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - conditionType - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - conditionType - x-kubernetes-list-type: map - version: - description: |- - version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - conditions: - description: conditions defines current service state of the MachineSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: 'Deprecated: This field is deprecated and is going to - be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md - for more details.' - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - fullyLabeledReplicas: - description: |- - The number of replicas that have labels matching the labels of the machine template of the MachineSet. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - format: int32 - type: integer - observedGeneration: - description: observedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in MachineSet's status with the V1Beta2 version. - properties: - availableReplicas: - description: availableReplicas is the number of available replicas - for this MachineSet. A machine is considered available when - Machine's Available condition is true. - format: int32 - type: integer - conditions: - description: |- - conditions represents the observations of a MachineSet's current state. - Known condition types are MachinesReady, MachinesUpToDate, ScalingUp, ScalingDown, Remediating, Deleting, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - readyReplicas: - description: readyReplicas is the number of ready replicas for - this MachineSet. A machine is considered ready when Machine's - Ready condition is true. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date replicas - for this MachineSet. A machine is considered up-to-date when - Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-manager - namespace: capi-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-leader-election-role - namespace: capi-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - cluster.x-k8s.io/aggregate-to-manager: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-aggregated-manager-role -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/aggregate-to-manager: "true" - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-manager-role -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - addons.cluster.x-k8s.io - resources: - - clusterresourcesets/finalizers - - clusterresourcesets/status - verbs: - - get - - patch - - update -- apiGroups: - - addons.cluster.x-k8s.io - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - cluster.x-k8s.io - resources: - - clusterclasses - - clusterclasses/status - - clusters - - clusters/finalizers - - clusters/status - - machinehealthchecks/finalizers - - machinehealthchecks/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - machinedeployments - - machinedeployments/finalizers - - machinedeployments/status - - machinehealthchecks - - machinepools - - machinepools/finalizers - - machinepools/status - - machines - - machines/finalizers - - machines/status - - machinesets - - machinesets/finalizers - - machinesets/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - machinedrainrules - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddressclaims - verbs: - - get - - list - - watch -- apiGroups: - - runtime.cluster.x-k8s.io - resources: - - extensionconfigs - - extensionconfigs/status - verbs: - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-leader-election-rolebinding - namespace: capi-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-leader-election-role -subjects: -- kind: ServiceAccount - name: capi-manager - namespace: capi-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-aggregated-manager-role -subjects: -- kind: ServiceAccount - name: capi-manager - namespace: capi-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-webhook-service - namespace: capi-system -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: cluster-api ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-controller-manager - namespace: capi-system -spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: cluster-api - control-plane: controller-manager - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=:8443 - - --insecure-diagnostics=false - - --use-deprecated-infra-machine-naming=false - - --feature-gates=MachinePool=true,ClusterResourceSet=true,ClusterTopology=false,RuntimeSDK=false,MachineSetPreflightChecks=true,MachineWaitForVolumeDetachConsiderVolumeAttachments=true - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/cluster-api-controller:v1.9.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-webhook-service-cert -status: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-cluster - failurePolicy: Fail - matchPolicy: Equivalent - name: default.cluster.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusters - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass - failurePolicy: Fail - matchPolicy: Equivalent - name: default.clusterclass.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterclasses - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machine - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machine.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machines - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinedeployment.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinedeployments - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinehealthcheck.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinehealthchecks - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machineset - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machineset.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinesets - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: default.extensionconfig.runtime.addons.cluster.x-k8s.io - rules: - - apiGroups: - - runtime.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - extensionconfigs - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-cluster-x-k8s-io-v1beta1-machinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: default.machinepool.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinepools - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset - failurePolicy: Fail - matchPolicy: Equivalent - name: default.clusterresourceset.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesets - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-system/capi-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: cluster-api - clusterctl.cluster.x-k8s.io: "" - name: capi-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-cluster - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.cluster.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clusters - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-clusterclass - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterclass.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clusterclasses - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machine - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machine.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machines - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinedeployment.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinedeployments - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinedrainrule - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinedrainrule.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinedrainrules - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinehealthcheck.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinehealthchecks - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machineset - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machineset.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinesets - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.extensionconfig.runtime.cluster.x-k8s.io - rules: - - apiGroups: - - runtime.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - extensionconfigs - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-cluster-x-k8s-io-v1beta1-machinepool - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.machinepool.cluster.x-k8s.io - rules: - - apiGroups: - - cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - machinepools - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterresourceset.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesets - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io - rules: - - apiGroups: - - addons.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - clusterresourcesetbindings - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddress.ipam.cluster.x-k8s.io - rules: - - apiGroups: - - ipam.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - ipaddresses - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-webhook-service - namespace: capi-system - path: /validate-ipam-cluster-x-k8s-io-v1beta1-ipaddressclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddressclaim.ipam.cluster.x-k8s.io - rules: - - apiGroups: - - ipam.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - ipaddressclaims - sideEffects: None diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml deleted file mode 100644 index 65bf20bc..00000000 --- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/bootstrap/kubeadm/bootstrap.yaml +++ /dev/null @@ -1,7998 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-kubeadm-bootstrap-system ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-selfsigned-issuer - namespace: capi-kubeadm-bootstrap-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-serving-cert - namespace: capi-kubeadm-bootstrap-system -spec: - dnsNames: - - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc - - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-kubeadm-bootstrap-selfsigned-issuer - secretName: capi-kubeadm-bootstrap-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: kubeadmconfigs.bootstrap.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: bootstrap.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmConfig - listKind: KubeadmConfigList - plural: kubeadmconfigs - singular: kubeadmconfig - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmConfig is the Schema for the kubeadmconfigs API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should be - used for Kubernetes components instead of their respective separate - images - type: boolean - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: secret represents a secret that should populate - this file. - properties: - key: - description: key is the key in the secret's data map - for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: path specifies the full path on disk where to store - the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: Discovery specifies the options for the kubelet to - use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for the - user - type: string - homeDir: - description: homeDir specifies the home directory to use for - the user - type: string - inactive: - description: inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the user - type: string - primaryGroup: - description: primaryGroup specifies the primary group for the - user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - bootstrapData: - description: |- - bootstrapData will be a cloud-init script for now. - - Deprecated: Switch to DataSecretName. - format: byte - type: string - conditions: - description: conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - dataSecretName: - description: dataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: failureMessage will be set on non-retryable errors - type: string - failureReason: - description: failureReason will be set on non-retryable errors - type: string - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: ready indicates the BootstrapData field is ready to be - consumed - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmConfig is the Schema for the kubeadmconfigs API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: secret represents a secret that should populate - this file. - properties: - key: - description: key is the key in the secret's data map - for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: path specifies the full path on disk where to store - the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet to - use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: kubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for the - user - type: string - homeDir: - description: homeDir specifies the home directory to use for - the user - type: string - inactive: - description: inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the user - type: string - primaryGroup: - description: primaryGroup specifies the primary group for the - user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - conditions: - description: conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - dataSecretName: - description: dataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: failureMessage will be set on non-retryable errors - type: string - failureReason: - description: failureReason will be set on non-retryable errors - type: string - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: ready indicates the BootstrapData field is ready to be - consumed - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] - name: Cluster - type: string - - description: Time duration since creation of KubeadmConfig - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmConfig is the Schema for the kubeadmconfigs API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration are - the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the API server - control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout that - we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings for the - controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass to - the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod where - hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems to - setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add to the - command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to be - used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", "none", - and , where NUM is the actual partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions to - setup. - items: - description: Partition defines how to create and layout a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files in - cloud-init. - properties: - append: - description: append specifies whether to append Content to existing - file if Path exists. - type: boolean - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content to - populate the file. - properties: - secret: - description: secret represents a secret that should populate - this file. - properties: - key: - description: key is the key in the secret's data map - for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, e.g. - "root:root". - type: string - path: - description: path specifies the full path on disk where to store - the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap data - enum: - - cloud-config - - ignition - type: string - ignition: - description: ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: containerLinuxConfig contains CLC specific configuration. - properties: - additionalConfig: - description: |- - additionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: strict controls if AdditionalConfig should be - strictly parsed. If so, warnings are treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: initConfiguration along with ClusterConfiguration are - the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, stored - as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for the - API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for the - join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint of the - API server instance to be deployed on this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet to - use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain name - to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - cluster contains information about how to communicate with the kubernetes cluster. - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - certificateAuthorityData contains PEM-encoded certificate authority certificates. - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: insecureSkipTLSVerify skips the validity - check for the server's certificate. This will - make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - proxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - server is the address of the kubernetes cluster (https://hostname:port). - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: tlsServerName is used to check server - certificate. If TLSServerName is empty, the - hostname used to contact the server is used. - type: string - type: object - user: - description: |- - user contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: authProvider specifies a custom authentication - plugin for the kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: config holds the parameters for - the authentication plugin. - type: object - name: - description: name is the name of the authentication - plugin. - type: string - required: - - name - type: object - exec: - description: exec specifies a custom exec-based - authentication plugin for the kubernetes cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to the command - when executing it. - items: - type: string - type: array - command: - description: command to execute. - type: string - env: - description: |- - env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - provideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: kubeConfigPath is used to specify the actual - file path or URL to the kubeconfig file from which to - load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node API - object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of pre-flight - errors to be ignored when the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run after - kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run before - kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for the - user - type: string - homeDir: - description: homeDir specifies the home directory to use for - the user - type: string - inactive: - description: inactive specifies whether to mark the user as - inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the user - type: string - passwdFrom: - description: passwdFrom is a referenced source of passwd to - populate the passwd. - properties: - secret: - description: secret represents a secret that should populate - this password. - properties: - key: - description: key is the key in the secret's data map - for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: primaryGroup specifies the primary group for the - user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - status: - description: KubeadmConfigStatus defines the observed state of KubeadmConfig. - properties: - conditions: - description: conditions defines current service state of the KubeadmConfig. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - dataSecretName: - description: dataSecretName is the name of the secret that stores - the bootstrap data script. - type: string - failureMessage: - description: |- - failureMessage will be set on non-retryable errors - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - failureReason: - description: |- - failureReason will be set on non-retryable errors - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: ready indicates the BootstrapData field is ready to be - consumed - type: boolean - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in KubeadmConfig's status with the V1Beta2 version. - properties: - conditions: - description: |- - conditions represents the observations of a KubeadmConfig's current state. - Known condition types are Ready, DataSecretAvailable, CertificatesAvailable. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: bootstrap.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmConfigTemplate - listKind: KubeadmConfigTemplateList - plural: kubeadmconfigtemplates - singular: kubeadmconfigtemplate - scope: Namespaced - versions: - - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod - template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should - be used for Kubernetes components instead of their respective - separate images - type: boolean - type: object - diskSetup: - description: diskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system - type. - type: string - label: - description: label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: Discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the - user - type: string - groups: - description: groups specifies the additional groups - for the user - type: string - homeDir: - description: homeDir specifies the home directory to - use for the user - type: string - inactive: - description: inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login - should be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for - the user - type: string - primaryGroup: - description: primaryGroup specifies the primary group - for the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: false - storage: false - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfigTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system - type. - type: string - label: - description: label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: kubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the - user - type: string - groups: - description: groups specifies the additional groups - for the user - type: string - homeDir: - description: homeDir specifies the home directory to - use for the user - type: string - inactive: - description: inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login - should be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for - the user - type: string - primaryGroup: - description: primaryGroup specifies the primary group - for the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmConfigTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. - properties: - template: - description: KubeadmConfigTemplateResource defines the Template structure. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - KubeadmConfigSpec defines the desired state of KubeadmConfig. - Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the - API server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s - services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the - scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to - pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the - pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod - template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to - be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to - add to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system - type. - type: string - label: - description: label specifies the file system label - to be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition - to use. The valid options are: "auto|any", "auto", - "any", "none", and , where NUM is the actual - partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: append specifies whether to append Content - to existing file if Path exists. - type: boolean - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the - file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to - assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - - ignition - type: string - ignition: - description: ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: containerLinuxConfig contains CLC specific - configuration. - properties: - additionalConfig: - description: |- - additionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: strict controls if AdditionalConfig should - be strictly parsed. If so, warnings are treated - as errors. - type: boolean - type: object - type: object - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on this - node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain - name to the API server from which info will - be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - cluster contains information about how to communicate with the kubernetes cluster. - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - certificateAuthorityData contains PEM-encoded certificate authority certificates. - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: insecureSkipTLSVerify skips - the validity check for the server's - certificate. This will make your HTTPS - connections insecure. - type: boolean - proxyURL: - description: |- - proxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - server is the address of the kubernetes cluster (https://hostname:port). - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: tlsServerName is used to - check server certificate. If TLSServerName - is empty, the hostname used to contact - the server is used. - type: string - type: object - user: - description: |- - user contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: authProvider specifies a - custom authentication plugin for the - kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: config holds the parameters - for the authentication plugin. - type: object - name: - description: name is the name of the - authentication plugin. - type: string - required: - - name - type: object - exec: - description: exec specifies a custom exec-based - authentication plugin for the kubernetes - cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to - the command when executing it. - items: - type: string - type: array - command: - description: command to execute. - type: string - env: - description: |- - env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - provideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: kubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice - of pre-flight errors to be ignored when the current - node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to - the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: mounts specifies a list of mount points to be - setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to - run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user - in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the - user - type: string - groups: - description: groups specifies the additional groups - for the user - type: string - homeDir: - description: homeDir specifies the home directory to - use for the user - type: string - inactive: - description: inactive specifies whether to mark the - user as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login - should be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for - the user - type: string - passwdFrom: - description: passwdFrom is a referenced source of passwd - to populate the passwd. - properties: - secret: - description: secret represents a secret that should - populate this password. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: primaryGroup specifies the primary group - for the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh - authorized keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-leader-election-role - namespace: capi-kubeadm-bootstrap-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - kubeadmconfigs - - kubeadmconfigs/finalizers - - kubeadmconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machinepools - - machinepools/status - - machines - - machines/status - - machinesets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-leader-election-rolebinding - namespace: capi-kubeadm-bootstrap-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-kubeadm-bootstrap-leader-election-role -subjects: -- kind: ServiceAccount - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-kubeadm-bootstrap-manager-role -subjects: -- kind: ServiceAccount - name: capi-kubeadm-bootstrap-manager - namespace: capi-kubeadm-bootstrap-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: bootstrap-kubeadm ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-kubeadm-bootstrap-controller-manager - namespace: capi-kubeadm-bootstrap-system -spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - control-plane: controller-manager - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=:8443 - - --insecure-diagnostics=false - - --feature-gates=MachinePool=true,KubeadmBootstrapFormatIgnition=false - - --bootstrap-token-ttl=15m - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.9.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-kubeadm-bootstrap-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-kubeadm-bootstrap-webhook-service-cert -status: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig - failurePolicy: Fail - name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigs - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate - failurePolicy: Fail - name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigtemplates - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: bootstrap-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-bootstrap-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigs - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-bootstrap-webhook-service - namespace: capi-kubeadm-bootstrap-system - path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmconfigtemplates - sideEffects: None diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml deleted file mode 100644 index a69dcb13..00000000 --- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/control-plane/kubeadm/control-plane.yaml +++ /dev/null @@ -1,8280 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-kubeadm-control-plane-system ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-selfsigned-issuer - namespace: capi-kubeadm-control-plane-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-serving-cert - namespace: capi-kubeadm-control-plane-system -spec: - dnsNames: - - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc - - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-kubeadm-control-plane-selfsigned-issuer - secretName: capi-kubeadm-control-plane-webhook-service-cert - subject: - organizations: - - k8s-sig-cluster-lifecycle ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: controlplane.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmControlPlane - listKind: KubeadmControlPlaneList - plural: kubeadmcontrolplanes - shortNames: - - kcp - singular: kubeadmcontrolplane - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha3 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - infrastructureTemplate: - description: |- - infrastructureTemplate is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeadmConfigSpec: - description: |- - kubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: APIServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: CertSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: TimeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - CertificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: ControllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: DNS defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: - description: Type defines the DNS add-on to be used - type: string - type: object - etcd: - description: |- - Etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - External describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - CAFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - CertFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: Endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - KeyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - Local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - DataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - ExtraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: PeerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: ServerCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: FeatureGates enabled by the user. - type: object - imageRepository: - description: |- - ImageRepository sets the container registry to pull images from. - If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - KubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - Networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: DNSDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - PodSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - ServiceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: Scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: ExtraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: ExtraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - HostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: MountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: Name of the volume inside the pod template. - type: string - pathType: - description: PathType is the type of the HostPath. - type: string - readOnly: - description: ReadOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - useHyperKubeImage: - description: UseHyperKubeImage controls if hyperkube should - be used for Kubernetes components instead of their respective - separate images - type: boolean - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's data - map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - Description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - Expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - Groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - Token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - TTL defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - Usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - CACertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - ControlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: LocalAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: AdvertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - BindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - required: - - advertiseAddress - - bindPort - type: object - type: object - discovery: - description: Discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - BootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: APIServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - CACertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - Token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - UnsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - - unsafeSkipCAVerification - type: object - file: - description: |- - File is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: KubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: Timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - TLSBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: CRISocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for - the user - type: string - homeDir: - description: homeDir specifies the home directory to use - for the user - type: string - inactive: - description: inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the - user - type: string - primaryGroup: - description: primaryGroup specifies the primary group for - the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutStrategy: - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - upgradeAfter: - description: |- - upgradeAfter is a field to indicate an upgrade should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane - format: date-time - type: string - version: - description: version defines the desired Kubernetes version. - type: string - required: - - infrastructureTemplate - - kubeadmConfigSpec - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - initialized: - description: |- - initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. - type: boolean - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - ready denotes that the KubeadmControlPlane API Server is ready to - receive requests. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlane is the Schema for the KubeadmControlPlane API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - kubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's data - map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: kubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for - the user - type: string - homeDir: - description: homeDir specifies the home directory to use - for the user - type: string - inactive: - description: inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the - user - type: string - primaryGroup: - description: primaryGroup specifies the primary group for - the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - machineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - required: - - infrastructureRef - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - rolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: version defines the desired Kubernetes version. - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - failureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - initialized: - description: |- - initialized denotes whether or not the control plane has the - uploaded kubeadm-config configmap. - type: boolean - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - ready denotes that the KubeadmControlPlane API Server is ready to - receive requests. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - version: - description: |- - version represents the minimum Kubernetes version for the control plane machines - in the cluster. - type: string - type: object - type: object - served: false - storage: false - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] - name: Cluster - type: string - - description: This denotes whether or not the control plane has the uploaded - kubeadm-config configmap - jsonPath: .status.initialized - name: Initialized - type: boolean - - description: KubeadmControlPlane API Server is ready to receive requests - jsonPath: .status.ready - name: API Server Available - type: boolean - - description: Total number of machines desired by this control plane - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this control - plane - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of fully running and ready control plane machines - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this control - plane that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this control plane - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: Time duration since creation of KubeadmControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this control plane - jsonPath: .spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmControlPlane is the Schema for the KubeadmControlPlane - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - kubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for the API - server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative Names - for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the timeout - that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings for - the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on installed - in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required for - ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject Alternative - Names for the etcd peer signing cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject Alternative - Names for the etcd server signing cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used by k8s services. - Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for the scheduler - control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags to pass - to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host volumes, - mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside the pod - where hostPath will be mounted. - type: string - name: - description: name of the volume inside the pod template. - type: string - pathType: - description: pathType is the type of the HostPath. - type: string - readOnly: - description: readOnly controls write access to the - volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation of partition - tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file systems - to setup. - items: - description: Filesystem defines the file systems to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options to add - to the command for creating the file system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system type. - type: string - label: - description: label specifies the file system label to - be used. If set to None, no label is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition to use. - The valid options are: "auto|any", "auto", "any", - "none", and , where NUM is the actual partition - number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the partitions - to setup. - items: - description: Partition defines how to create and layout - a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed to user_data - upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: append specifies whether to append Content - to existing file if Path exists. - type: boolean - content: - description: content is the actual content of the file. - type: string - contentFrom: - description: contentFrom is a referenced source of content - to populate the file. - properties: - secret: - description: secret represents a secret that should - populate this file. - properties: - key: - description: key is the key in the secret's data - map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of the file - contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the file, - e.g. "root:root". - type: string - path: - description: path specifies the full path on disk where - to store the file. - type: string - permissions: - description: permissions specifies the permissions to assign - to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the bootstrap - data - enum: - - cloud-config - - ignition - type: string - ignition: - description: ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: containerLinuxConfig contains CLC specific configuration. - properties: - additionalConfig: - description: |- - additionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: strict controls if AdditionalConfig should - be strictly parsed. If so, warnings are treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap token, - stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address for - the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration for - the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the kubelet - to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or domain - name to the API server from which info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - cluster contains information about how to communicate with the kubernetes cluster. - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - certificateAuthorityData contains PEM-encoded certificate authority certificates. - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: insecureSkipTLSVerify skips the - validity check for the server's certificate. - This will make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - proxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - server is the address of the kubernetes cluster (https://hostname:port). - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: tlsServerName is used to check - server certificate. If TLSServerName is - empty, the hostname used to contact the - server is used. - type: string - type: object - user: - description: |- - user contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: authProvider specifies a custom - authentication plugin for the kubernetes - cluster. - properties: - config: - additionalProperties: - type: string - description: config holds the parameters - for the authentication plugin. - type: object - name: - description: name is the name of the authentication - plugin. - type: string - required: - - name - type: object - exec: - description: exec specifies a custom exec-based - authentication plugin for the kubernetes - cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass to the - command when executing it. - items: - type: string - type: array - command: - description: command to execute. - type: string - env: - description: |- - env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - provideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: kubeConfigPath is used to specify the - actual file path or URL to the kubeconfig file from - which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container runtime - info. This information will be annotated to the Node - API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a slice of - pre-flight errors to be ignored when the current node - is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: mounts specifies a list of mount points to be setup. - items: - description: MountPoints defines input for generated mounts - in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should be enabled - type: boolean - servers: - description: servers specifies which NTP servers to use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands to run - after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands to run - before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated user in - cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for the user - type: string - groups: - description: groups specifies the additional groups for - the user - type: string - homeDir: - description: homeDir specifies the home directory to use - for the user - type: string - inactive: - description: inactive specifies whether to mark the user - as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password login should - be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password for the - user - type: string - passwdFrom: - description: passwdFrom is a referenced source of passwd - to populate the passwd. - properties: - secret: - description: secret represents a secret that should - populate this password. - properties: - key: - description: key is the key in the secret's data - map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: primaryGroup specifies the primary group for - the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list of ssh authorized - keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineNamingStrategy: - description: |- - MachineNamingStrategy allows changing the naming pattern used when creating Machines. - InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. - properties: - template: - description: |- - Template defines the template to use for generating the names of the Machine objects. - If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. - If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - Length of the template string must not exceed 256 characters. - The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. - The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. - The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. - The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. - maxLength: 256 - type: string - type: object - machineTemplate: - description: |- - machineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - If no value is provided, the default value for this property of the Machine resource will be used. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - required: - - infrastructureRef - type: object - remediationStrategy: - description: The RemediationStrategy that controls how control plane - machine remediation happens. - properties: - maxRetry: - description: "maxRetry is the Max number of retries while attempting - to remediate an unhealthy machine.\nA retry happens when a machine - that was created as a replacement for an unhealthy machine also - fails.\nFor example, given a control plane with three machines - M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and - M1-1 is created as a replacement.\n\tIf M1-1 (replacement of - M1) has problems while bootstrapping it will become unhealthy, - and then be\n\tremediated; such operation is considered a retry, - remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes - unhealthy, remediation-retry #2 will happen, etc.\n\nA retry - could happen only after RetryPeriod from the previous retry.\nIf - a machine is marked as unhealthy after MinHealthyPeriod from - the previous remediation expired,\nthis is not considered a - retry anymore because the new issue is assumed unrelated from - the previous one.\n\nIf not set, the remedation will be retried - infinitely." - format: int32 - type: integer - minHealthyPeriod: - description: "minHealthyPeriod defines the duration after which - KCP will consider any failure to a machine unrelated\nfrom the - previous one. In this case the remediation is not considered - a retry anymore, and thus the retry\ncounter restarts from 0. - For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1 - become unhealthy; remediation happens, and M1-1 is created as - a replacement.\n\tIf M1-1 (replacement of M1) has problems within - the 1hr after the creation, also\n\tthis machine will be remediated - and this operation is considered a retry - a problem related\n\tto - the original issue happened to M1 -.\n\n\tIf instead the problem - on M1-1 is happening after MinHealthyPeriod expired, e.g. four - days after\n\tm1-1 has been created as a remediation of M1, - the problem on M1-1 is considered unrelated to\n\tthe original - issue happened to M1.\n\nIf not set, this value is defaulted - to 1h." - type: string - retryPeriod: - description: |- - retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement - for an unhealthy machine (a retry). - - If not set, a retry will happen immediately. - type: string - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - rolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - Example: In the YAML the time can be specified in the RFC3339 format. - To specify the rolloutAfter target as March 9, 2023, at 9 am UTC - use "2023-03-09T09:00:00Z". - format: date-time - type: string - rolloutBefore: - description: |- - rolloutBefore is a field to indicate a rollout should be performed - if the specified criteria is met. - properties: - certificatesExpiryDays: - description: |- - certificatesExpiryDays indicates a rollout needs to be performed if the - certificates of the machine will expire within the specified days. - format: int32 - type: integer - type: object - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: |- - version defines the desired Kubernetes version. - Please note that if kubeadmConfigSpec.ClusterConfiguration.imageRepository is not set - we don't allow upgrades to versions >= v1.22.0 for which kubeadm uses the old registry (k8s.gcr.io). - Please use a newer patch version with the new registry instead. The default registries of kubeadm are: - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - status: - description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane. - properties: - conditions: - description: conditions defines current service state of the KubeadmControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage indicates that there is a terminal problem reconciling the - state, and will be set to a descriptive error message. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - failureReason: - description: |- - failureReason indicates that there is a terminal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - type: string - initialized: - description: |- - initialized denotes that the KubeadmControlPlane API Server is initialized and thus - it can accept requests. - NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. - The value of this field is never updated after provisioning is completed. Please use conditions - to check the operational state of the control plane. - type: boolean - lastRemediation: - description: lastRemediation stores info about last remediation performed. - properties: - machine: - description: machine is the machine name of the latest machine - being remediated. - type: string - retryCount: - description: |- - retryCount used to keep track of remediation retry for the last remediated machine. - A retry happens when a machine that was created as a replacement for an unhealthy machine also fails. - format: int32 - type: integer - timestamp: - description: timestamp is when last remediation happened. It is - represented in RFC3339 form and is in UTC. - format: date-time - type: string - required: - - machine - - retryCount - - timestamp - type: object - observedGeneration: - description: observedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - ready: - description: |- - ready denotes that the KubeadmControlPlane API Server became ready during initial provisioning - to receive requests. - NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning. - The value of this field is never updated after provisioning is completed. Please use conditions - to check the operational state of the control plane. - type: boolean - readyReplicas: - description: Total number of fully running and ready control plane - machines. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this control plane - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - selector is the label selector in string format to avoid introspection - by clients, and is used to provide the CRD-based integration for the - scale subresource and additional integrations for things like kubectl - describe.. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this control plane. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet ready or machines - that still have not been created. - - Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this control plane - that have the desired template spec. - format: int32 - type: integer - v1beta2: - description: v1beta2 groups all the fields that will be added or modified - in KubeadmControlPlane's status with the V1Beta2 version. - properties: - availableReplicas: - description: availableReplicas is the number of available replicas - targeted by this KubeadmControlPlane. A machine is considered - available when Machine's Available condition is true. - format: int32 - type: integer - conditions: - description: |- - conditions represents the observations of a KubeadmControlPlane's current state. - Known condition types are Available, CertificatesAvailable, EtcdClusterAvailable, MachinesReady, MachinesUpToDate, - ScalingUp, ScalingDown, Remediating, Deleting, Paused. - items: - description: Condition contains details for one aspect of the - current state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - readyReplicas: - description: readyReplicas is the number of ready replicas for - this KubeadmControlPlane. A machine is considered ready when - Machine's Ready condition is true. - format: int32 - type: integer - upToDateReplicas: - description: upToDateReplicas is the number of up-to-date replicas - targeted by this KubeadmControlPlane. A machine is considered - up-to-date when Machine's UpToDate condition is true. - format: int32 - type: integer - type: object - version: - description: |- - version represents the minimum Kubernetes version for the control plane machines - in the cluster. - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - cluster.x-k8s.io/v1beta1: v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: controlplane.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubeadmControlPlaneTemplate - listKind: KubeadmControlPlaneTemplateList - plural: kubeadmcontrolplanetemplates - singular: kubeadmcontrolplanetemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlaneTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - name: v1alpha4 - schema: - openAPIV3Schema: - description: |- - KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. - properties: - template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. - properties: - spec: - description: KubeadmControlPlaneSpec defines the desired state - of KubeadmControlPlane. - properties: - kubeadmConfigSpec: - description: |- - kubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for - the API server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the - timeout that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject - Alternative Names for the etcd peer signing - cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` - will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used - by k8s services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for - the scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file - systems to setup. - items: - description: Filesystem defines the file systems - to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options - to add to the command for creating the file - system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system - type. - type: string - label: - description: label specifies the file system - label to be used. If set to None, no label - is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition - to use. The valid options are: "auto|any", - "auto", "any", "none", and , where NUM - is the actual partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the - partitions to setup. - items: - description: Partition defines how to create and - layout a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed - to user_data upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - content: - description: content is the actual content of the - file. - type: string - contentFrom: - description: contentFrom is a referenced source - of content to populate the file. - properties: - secret: - description: secret represents a secret that - should populate this file. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of - the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the - file, e.g. "root:root". - type: string - path: - description: path specifies the full path on disk - where to store the file. - type: string - permissions: - description: permissions specifies the permissions - to assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the - bootstrap data - enum: - - cloud-config - type: string - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on - this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP - address for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the - kubelet to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or - domain name to the API server from which - info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfigPath: - description: kubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - mounts: - description: mounts specifies a list of mount points to - be setup. - items: - description: MountPoints defines input for generated - mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should - be enabled - type: boolean - servers: - description: servers specifies which NTP servers to - use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands - to run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated - user in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for - the user - type: string - groups: - description: groups specifies the additional groups - for the user - type: string - homeDir: - description: homeDir specifies the home directory - to use for the user - type: string - inactive: - description: inactive specifies whether to mark - the user as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password - login should be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password - for the user - type: string - primaryGroup: - description: primaryGroup specifies the primary - group for the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list - of ssh authorized keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the - user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineTemplate: - description: |- - machineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - infrastructureRef: - description: |- - infrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - required: - - infrastructureRef - type: object - replicas: - description: |- - Number of desired machines. Defaults to 1. When stacked etcd is used only - odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - rolloutAfter: - description: |- - rolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - version: - description: version defines the desired Kubernetes version. - type: string - required: - - kubeadmConfigSpec - - machineTemplate - - version - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of KubeadmControlPlaneTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubeadmControlPlaneTemplateSpec defines the desired state - of KubeadmControlPlaneTemplate. - properties: - template: - description: KubeadmControlPlaneTemplateResource describes the data - needed to create a KubeadmControlPlane from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. - NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but - omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, - because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot - be configured on the KubeadmControlPlaneTemplate. - properties: - kubeadmConfigSpec: - description: |- - kubeadmConfigSpec is a KubeadmConfigSpec - to use for initializing and joining machines to the control plane. - properties: - clusterConfiguration: - description: clusterConfiguration along with InitConfiguration - are the configurations necessary for the init command - properties: - apiServer: - description: apiServer contains extra settings for - the API server control plane component - properties: - certSANs: - description: certSANs sets extra Subject Alternative - Names for the API Server signing cert. - items: - type: string - type: array - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - timeoutForControlPlane: - description: timeoutForControlPlane controls the - timeout that we use for API server to appear - type: string - type: object - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - certificatesDir: - description: |- - certificatesDir specifies where to store or look for all required certificates. - NB: if not provided, this will default to `/etc/kubernetes/pki` - type: string - clusterName: - description: The cluster name - type: string - controlPlaneEndpoint: - description: |- - controlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it - can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. - In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort - are used; in case the ControlPlaneEndpoint is specified but without a TCP port, - the BindPort is used. - Possible usages are: - e.g. In a cluster with more than one control plane instances, this field should be - assigned the address of the external load balancer in front of the - control plane instances. - e.g. in environments with enforced node recycling, the ControlPlaneEndpoint - could be used for assigning a stable DNS to the control plane. - NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. - type: string - controllerManager: - description: controllerManager contains extra settings - for the controller manager control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - dns: - description: dns defines the options for the DNS add-on - installed in the cluster. - properties: - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - type: object - etcd: - description: |- - etcd holds configuration for etcd. - NB: This value defaults to a Local (stacked) etcd - properties: - external: - description: |- - external describes how to connect to an external etcd cluster - Local and External are mutually exclusive - properties: - caFile: - description: |- - caFile is an SSL Certificate Authority file used to secure etcd communication. - Required if using a TLS connection. - type: string - certFile: - description: |- - certFile is an SSL certification file used to secure etcd communication. - Required if using a TLS connection. - type: string - endpoints: - description: endpoints of etcd members. Required - for ExternalEtcd. - items: - type: string - type: array - keyFile: - description: |- - keyFile is an SSL key file used to secure etcd communication. - Required if using a TLS connection. - type: string - required: - - caFile - - certFile - - endpoints - - keyFile - type: object - local: - description: |- - local provides configuration knobs for configuring the local etcd instance - Local and External are mutually exclusive - properties: - dataDir: - description: |- - dataDir is the directory etcd will place its data. - Defaults to "/var/lib/etcd". - type: string - extraArgs: - additionalProperties: - type: string - description: |- - extraArgs are extra arguments provided to the etcd binary - when run inside a static pod. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a - ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a - secret in the pod's namespace - properties: - key: - description: The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - if not set, the ImageRepository defined in ClusterConfiguration will be used instead. - type: string - imageTag: - description: |- - imageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. - type: string - peerCertSANs: - description: peerCertSANs sets extra Subject - Alternative Names for the etcd peer signing - cert. - items: - type: string - type: array - serverCertSANs: - description: serverCertSANs sets extra Subject - Alternative Names for the etcd server signing - cert. - items: - type: string - type: array - type: object - type: object - featureGates: - additionalProperties: - type: boolean - description: featureGates enabled by the user. - type: object - imageRepository: - description: |- - imageRepository sets the container registry to pull images from. - * If not set, the default registry of kubeadm will be used, i.e. - * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 - * k8s.gcr.io (old registry): all older versions - Please note that when imageRepository is not set we don't allow upgrades to - versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use - a newer patch version with the new registry instead (i.e. >= v1.22.17, - >= v1.23.15, >= v1.24.9, >= v1.25.0). - * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) - `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components - and for kube-proxy, while `registry.k8s.io` will be used for all the other images. - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - kubernetesVersion: - description: |- - kubernetesVersion is the target version of the control plane. - NB: This value defaults to the Machine object spec.version - type: string - networking: - description: |- - networking holds configuration for the networking topology of the cluster. - NB: This value defaults to the Cluster object spec.clusterNetwork. - properties: - dnsDomain: - description: dnsDomain is the dns domain used - by k8s services. Defaults to "cluster.local". - type: string - podSubnet: - description: |- - podSubnet is the subnet used by pods. - If unset, the API server will not allocate CIDR ranges for every node. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set - type: string - serviceSubnet: - description: |- - serviceSubnet is the subnet used by k8s services. - Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or - to "10.96.0.0/12" if that's unset. - type: string - type: object - scheduler: - description: scheduler contains extra settings for - the scheduler control plane component - properties: - extraArgs: - additionalProperties: - type: string - description: extraArgs is an extra set of flags - to pass to the control plane component. - type: object - extraEnvs: - description: |- - extraEnvs is an extra set of environment variables to pass to the control plane component. - Environment variables passed using ExtraEnvs will override any existing environment variables, or *_proxy environment variables that kubeadm adds by default. - This option takes effect only on Kubernetes >=1.31.0. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if value - is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - extraVolumes: - description: extraVolumes is an extra set of host - volumes, mounted to the control plane component. - items: - description: |- - HostPathMount contains elements describing volumes that are mounted from the - host. - properties: - hostPath: - description: |- - hostPath is the path in the host that will be mounted inside - the pod. - type: string - mountPath: - description: mountPath is the path inside - the pod where hostPath will be mounted. - type: string - name: - description: name of the volume inside the - pod template. - type: string - pathType: - description: pathType is the type of the - HostPath. - type: string - readOnly: - description: readOnly controls write access - to the volume - type: boolean - required: - - hostPath - - mountPath - - name - type: object - type: array - type: object - type: object - diskSetup: - description: diskSetup specifies options for the creation - of partition tables and file systems on devices. - properties: - filesystems: - description: filesystems specifies the list of file - systems to setup. - items: - description: Filesystem defines the file systems - to be created. - properties: - device: - description: device specifies the device name - type: string - extraOpts: - description: extraOpts defined extra options - to add to the command for creating the file - system. - items: - type: string - type: array - filesystem: - description: filesystem specifies the file system - type. - type: string - label: - description: label specifies the file system - label to be used. If set to None, no label - is used. - type: string - overwrite: - description: |- - overwrite defines whether or not to overwrite any existing filesystem. - If true, any pre-existing file system will be destroyed. Use with Caution. - type: boolean - partition: - description: 'partition specifies the partition - to use. The valid options are: "auto|any", - "auto", "any", "none", and , where NUM - is the actual partition number.' - type: string - replaceFS: - description: |- - replaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of . - NOTE: unless you define a label, this requires the use of the 'any' partition directive. - type: string - required: - - device - - filesystem - - label - type: object - type: array - partitions: - description: partitions specifies the list of the - partitions to setup. - items: - description: Partition defines how to create and - layout a partition. - properties: - device: - description: device is the name of the device. - type: string - layout: - description: |- - layout specifies the device layout. - If it is true, a single partition will be created for the entire device. - When layout is false, it means don't partition or ignore existing partitioning. - type: boolean - overwrite: - description: |- - overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. - Use with caution. Default is 'false'. - type: boolean - tableType: - description: |- - tableType specifies the tupe of partition table. The following are supported: - 'mbr': default and setups a MS-DOS partition table - 'gpt': setups a GPT partition table - type: string - required: - - device - - layout - type: object - type: array - type: object - files: - description: files specifies extra files to be passed - to user_data upon creation. - items: - description: File defines the input for generating write_files - in cloud-init. - properties: - append: - description: append specifies whether to append - Content to existing file if Path exists. - type: boolean - content: - description: content is the actual content of the - file. - type: string - contentFrom: - description: contentFrom is a referenced source - of content to populate the file. - properties: - secret: - description: secret represents a secret that - should populate this file. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - encoding: - description: encoding specifies the encoding of - the file contents. - enum: - - base64 - - gzip - - gzip+base64 - type: string - owner: - description: owner specifies the ownership of the - file, e.g. "root:root". - type: string - path: - description: path specifies the full path on disk - where to store the file. - type: string - permissions: - description: permissions specifies the permissions - to assign to the file, e.g. "0640". - type: string - required: - - path - type: object - type: array - format: - description: format specifies the output format of the - bootstrap data - enum: - - cloud-config - - ignition - type: string - ignition: - description: ignition contains Ignition specific configuration. - properties: - containerLinuxConfig: - description: containerLinuxConfig contains CLC specific - configuration. - properties: - additionalConfig: - description: |- - additionalConfig contains additional configuration to be merged with the Ignition - configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging - - The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ - type: string - strict: - description: strict controls if AdditionalConfig - should be strictly parsed. If so, warnings are - treated as errors. - type: boolean - type: object - type: object - initConfiguration: - description: initConfiguration along with ClusterConfiguration - are the configurations necessary for the init command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - bootstrapTokens: - description: |- - bootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. - This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature - items: - description: BootstrapToken describes one bootstrap - token, stored as a Secret in the cluster. - properties: - description: - description: |- - description sets a human-friendly message why this token exists and what it's used - for, so other administrators can know its purpose. - type: string - expires: - description: |- - expires specifies the timestamp when this token expires. Defaults to being set - dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. - format: date-time - type: string - groups: - description: |- - groups specifies the extra groups that this token will authenticate as when/if - used for authentication - items: - type: string - type: array - token: - description: |- - token is used for establishing bidirectional trust between nodes and control-planes. - Used for joining nodes in the cluster. - type: string - ttl: - description: |- - ttl defines the time to live for this token. Defaults to 24h. - Expires and TTL are mutually exclusive. - type: string - usages: - description: |- - usages describes the ways in which this token can be used. Can by default be used - for establishing bidirectional trust, but that can be changed here. - items: - type: string - type: array - required: - - token - type: object - type: array - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - localAPIEndpoint: - description: |- - localAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node - In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint - is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This - configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible - on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process - fails you may set the desired value here. - properties: - advertiseAddress: - description: advertiseAddress sets the IP address - for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - joinConfiguration: - description: joinConfiguration is the kubeadm configuration - for the join command - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - caCertPath: - description: |- - caCertPath is the path to the SSL certificate authority used to - secure comunications between node and control-plane. - Defaults to "/etc/kubernetes/pki/ca.crt". - type: string - controlPlane: - description: |- - controlPlane defines the additional control plane instance to be deployed on the joining node. - If nil, no additional control plane instance will be deployed. - properties: - localAPIEndpoint: - description: localAPIEndpoint represents the endpoint - of the API server instance to be deployed on - this node. - properties: - advertiseAddress: - description: advertiseAddress sets the IP - address for the API server to advertise. - type: string - bindPort: - description: |- - bindPort sets the secure port for the API Server to bind to. - Defaults to 6443. - format: int32 - type: integer - type: object - type: object - discovery: - description: discovery specifies the options for the - kubelet to use during the TLS Bootstrap process - properties: - bootstrapToken: - description: |- - bootstrapToken is used to set the options for bootstrap token based discovery - BootstrapToken and File are mutually exclusive - properties: - apiServerEndpoint: - description: apiServerEndpoint is an IP or - domain name to the API server from which - info will be fetched. - type: string - caCertHashes: - description: |- - caCertHashes specifies a set of public key pins to verify - when token-based discovery is used. The root CA found during discovery - must match one of these values. Specifying an empty set disables root CA - pinning, which can be unsafe. Each hash is specified as ":", - where the only currently supported type is "sha256". This is a hex-encoded - SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded - ASN.1. These hashes can be calculated using, for example, OpenSSL: - openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex - items: - type: string - type: array - token: - description: |- - token is a token used to validate cluster information - fetched from the control-plane. - type: string - unsafeSkipCAVerification: - description: |- - unsafeSkipCAVerification allows token-based discovery - without CA verification via CACertHashes. This can weaken - the security of kubeadm since other nodes can impersonate the control-plane. - type: boolean - required: - - token - type: object - file: - description: |- - file is used to specify a file or URL to a kubeconfig file from which to load cluster information - BootstrapToken and File are mutually exclusive - properties: - kubeConfig: - description: |- - kubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information. - The file is generated at the path specified in KubeConfigPath. - - Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint. - Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret. - properties: - cluster: - description: |- - cluster contains information about how to communicate with the kubernetes cluster. - - By default the following fields are automatically populated: - - Server with the Cluster's ControlPlaneEndpoint. - - CertificateAuthorityData with the Cluster's CA certificate. - properties: - certificateAuthorityData: - description: |- - certificateAuthorityData contains PEM-encoded certificate authority certificates. - - Defaults to the Cluster's CA certificate if empty. - format: byte - type: string - insecureSkipTLSVerify: - description: insecureSkipTLSVerify - skips the validity check for the - server's certificate. This will - make your HTTPS connections insecure. - type: boolean - proxyURL: - description: |- - proxyURL is the URL to the proxy to be used for all requests made by this - client. URLs with "http", "https", and "socks5" schemes are supported. If - this configuration is not provided or the empty string, the client - attempts to construct a proxy configuration from http_proxy and - https_proxy environment variables. If these environment variables are not - set, the client does not attempt to proxy requests. - - socks5 proxying does not currently support spdy streaming endpoints (exec, - attach, port forward). - type: string - server: - description: |- - server is the address of the kubernetes cluster (https://hostname:port). - - Defaults to https:// + Cluster.Spec.ControlPlaneEndpoint. - type: string - tlsServerName: - description: tlsServerName is used - to check server certificate. If - TLSServerName is empty, the hostname - used to contact the server is used. - type: string - type: object - user: - description: |- - user contains information that describes identity information. - This is used to tell the kubernetes cluster who you are. - properties: - authProvider: - description: authProvider specifies - a custom authentication plugin for - the kubernetes cluster. - properties: - config: - additionalProperties: - type: string - description: config holds the - parameters for the authentication - plugin. - type: object - name: - description: name is the name - of the authentication plugin. - type: string - required: - - name - type: object - exec: - description: exec specifies a custom - exec-based authentication plugin - for the kubernetes cluster. - properties: - apiVersion: - description: |- - Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - the same encoding version as the input. - Defaults to client.authentication.k8s.io/v1 if not set. - type: string - args: - description: Arguments to pass - to the command when executing - it. - items: - type: string - type: array - command: - description: command to execute. - type: string - env: - description: |- - env defines additional environment variables to expose to the process. These - are unioned with the host's environment, as well as variables client-go uses - to pass argument to the plugin. - items: - description: |- - KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based - credential plugin. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - provideClusterInfo: - description: |- - provideClusterInfo determines whether or not to provide cluster information, - which could potentially contain very large CA data, to this exec plugin as a - part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set - to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for - reading this environment variable. - type: boolean - required: - - command - type: object - type: object - required: - - user - type: object - kubeConfigPath: - description: kubeConfigPath is used to specify - the actual file path or URL to the kubeconfig - file from which to load cluster information - type: string - required: - - kubeConfigPath - type: object - timeout: - description: timeout modifies the discovery timeout - type: string - tlsBootstrapToken: - description: |- - tlsBootstrapToken is a token used for TLS bootstrapping. - If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. - If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information - type: string - type: object - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - nodeRegistration: - description: |- - nodeRegistration holds fields that relate to registering the new control-plane node to the cluster. - When used in the context of control plane nodes, NodeRegistration should remain consistent - across both InitConfiguration and JoinConfiguration - properties: - criSocket: - description: criSocket is used to retrieve container - runtime info. This information will be annotated - to the Node API object, for later re-use - type: string - ignorePreflightErrors: - description: ignorePreflightErrors provides a - slice of pre-flight errors to be ignored when - the current node is registered. - items: - type: string - type: array - imagePullPolicy: - description: |- - imagePullPolicy specifies the policy for image pulling - during kubeadm "init" and "join" operations. The value of - this field must be one of "Always", "IfNotPresent" or - "Never". Defaults to "IfNotPresent". This can be used only - with Kubernetes version equal to 1.22 and later. - enum: - - Always - - IfNotPresent - - Never - type: string - imagePullSerial: - description: |- - imagePullSerial specifies if image pulling performed by kubeadm must be done serially or in parallel. - This option takes effect only on Kubernetes >=1.31.0. - Default: true (defaulted in kubeadm) - type: boolean - kubeletExtraArgs: - additionalProperties: - type: string - description: |- - kubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file - kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap - Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. - type: object - name: - description: |- - name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. - This field is also used in the CommonName field of the kubelet's client certificate to the API server. - Defaults to the hostname of the node if not provided. - type: string - taints: - description: |- - taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process - it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an - empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. - items: - description: |- - The node this Taint is attached to has the "effect" on - any pod that does not tolerate the Taint. - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to - be applied to a node. - type: string - timeAdded: - description: |- - TimeAdded represents the time at which the taint was added. - It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding - to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - patches: - description: |- - patches contains options related to applying patches to components deployed by kubeadm during - "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 - properties: - directory: - description: |- - directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". - For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of - "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one - of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. - The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". - "suffix" is an optional string that can be used to determine which patches are applied - first alpha-numerically. - These files can be written into the target directory via KubeadmConfig.Files which - specifies additional files to be created on the machine, either with content inline or - by referencing a secret. - type: string - type: object - skipPhases: - description: |- - skipPhases is a list of phases to skip during command execution. - The list of phases can be obtained with the "kubeadm init --help" command. - This option takes effect only on Kubernetes >=1.22.0. - items: - type: string - type: array - type: object - mounts: - description: mounts specifies a list of mount points to - be setup. - items: - description: MountPoints defines input for generated - mounts in cloud-init. - items: - type: string - type: array - type: array - ntp: - description: ntp specifies NTP configuration - properties: - enabled: - description: enabled specifies whether NTP should - be enabled - type: boolean - servers: - description: servers specifies which NTP servers to - use - items: - type: string - type: array - type: object - postKubeadmCommands: - description: postKubeadmCommands specifies extra commands - to run after kubeadm runs - items: - type: string - type: array - preKubeadmCommands: - description: preKubeadmCommands specifies extra commands - to run before kubeadm runs - items: - type: string - type: array - useExperimentalRetryJoin: - description: |- - useExperimentalRetryJoin replaces a basic kubeadm command with a shell - script with retries for joins. - - This is meant to be an experimental temporary workaround on some environments - where joins fail due to timing (and other issues). The long term goal is to add retries to - kubeadm proper and use that functionality. - - This will add about 40KB to userdata - - For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. - - Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. - When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml - type: boolean - users: - description: users specifies extra users to add - items: - description: User defines the input for a generated - user in cloud-init. - properties: - gecos: - description: gecos specifies the gecos to use for - the user - type: string - groups: - description: groups specifies the additional groups - for the user - type: string - homeDir: - description: homeDir specifies the home directory - to use for the user - type: string - inactive: - description: inactive specifies whether to mark - the user as inactive - type: boolean - lockPassword: - description: lockPassword specifies if password - login should be disabled - type: boolean - name: - description: name specifies the user name - type: string - passwd: - description: passwd specifies a hashed password - for the user - type: string - passwdFrom: - description: passwdFrom is a referenced source of - passwd to populate the passwd. - properties: - secret: - description: secret represents a secret that - should populate this password. - properties: - key: - description: key is the key in the secret's - data map for this value. - type: string - name: - description: name of the secret in the KubeadmBootstrapConfig's - namespace to use. - type: string - required: - - key - - name - type: object - required: - - secret - type: object - primaryGroup: - description: primaryGroup specifies the primary - group for the user - type: string - shell: - description: shell specifies the user's shell - type: string - sshAuthorizedKeys: - description: sshAuthorizedKeys specifies a list - of ssh authorized keys for the user - items: - type: string - type: array - sudo: - description: sudo specifies a sudo role for the - user - type: string - required: - - name - type: object - type: array - verbosity: - description: |- - verbosity is the number for the kubeadm log level verbosity. - It overrides the `--v` flag in kubeadm commands. - format: int32 - type: integer - type: object - machineNamingStrategy: - description: |- - MachineNamingStrategy allows changing the naming pattern used when creating Machines. - InfraMachines & KubeadmConfigs will use the same name as the corresponding Machines. - properties: - template: - description: |- - Template defines the template to use for generating the names of the Machine objects. - If not defined, it will fallback to `{{ .kubeadmControlPlane.name }}-{{ .random }}`. - If the generated name string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - Length of the template string must not exceed 256 characters. - The template allows the following variables `.cluster.name`, `.kubeadmControlPlane.name` and `.random`. - The variable `.cluster.name` retrieves the name of the cluster object that owns the Machines being created. - The variable `.kubeadmControlPlane.name` retrieves the name of the KubeadmControlPlane object that owns the Machines being created. - The variable `.random` is substituted with random alphanumeric string, without vowels, of length 5. - maxLength: 256 - type: string - type: object - machineTemplate: - description: |- - machineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - If no value is provided, the default value for this property of the Machine resource will be used. - type: string - nodeDrainTimeout: - description: |- - nodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - type: object - remediationStrategy: - description: The RemediationStrategy that controls how control - plane machine remediation happens. - properties: - maxRetry: - description: "maxRetry is the Max number of retries while - attempting to remediate an unhealthy machine.\nA retry - happens when a machine that was created as a replacement - for an unhealthy machine also fails.\nFor example, given - a control plane with three machines M1, M2, M3:\n\n\tM1 - become unhealthy; remediation happens, and M1-1 is created - as a replacement.\n\tIf M1-1 (replacement of M1) has - problems while bootstrapping it will become unhealthy, - and then be\n\tremediated; such operation is considered - a retry, remediation-retry #1.\n\tIf M1-2 (replacement - of M1-1) becomes unhealthy, remediation-retry #2 will - happen, etc.\n\nA retry could happen only after RetryPeriod - from the previous retry.\nIf a machine is marked as - unhealthy after MinHealthyPeriod from the previous remediation - expired,\nthis is not considered a retry anymore because - the new issue is assumed unrelated from the previous - one.\n\nIf not set, the remedation will be retried infinitely." - format: int32 - type: integer - minHealthyPeriod: - description: "minHealthyPeriod defines the duration after - which KCP will consider any failure to a machine unrelated\nfrom - the previous one. In this case the remediation is not - considered a retry anymore, and thus the retry\ncounter - restarts from 0. For example, assuming MinHealthyPeriod - is set to 1h (default)\n\n\tM1 become unhealthy; remediation - happens, and M1-1 is created as a replacement.\n\tIf - M1-1 (replacement of M1) has problems within the 1hr - after the creation, also\n\tthis machine will be remediated - and this operation is considered a retry - a problem - related\n\tto the original issue happened to M1 -.\n\n\tIf - instead the problem on M1-1 is happening after MinHealthyPeriod - expired, e.g. four days after\n\tm1-1 has been created - as a remediation of M1, the problem on M1-1 is considered - unrelated to\n\tthe original issue happened to M1.\n\nIf - not set, this value is defaulted to 1h." - type: string - retryPeriod: - description: |- - retryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement - for an unhealthy machine (a retry). - - If not set, a retry will happen immediately. - type: string - type: object - rolloutAfter: - description: |- - rolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - KubeadmControlPlane. - format: date-time - type: string - rolloutBefore: - description: |- - rolloutBefore is a field to indicate a rollout should be performed - if the specified criteria is met. - properties: - certificatesExpiryDays: - description: |- - certificatesExpiryDays indicates a rollout needs to be performed if the - certificates of the machine will expire within the specified days. - format: int32 - type: integer - type: object - rolloutStrategy: - default: - rollingUpdate: - maxSurge: 1 - type: RollingUpdate - description: |- - The RolloutStrategy to use to replace control plane machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - RolloutStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of control planes that can be scheduled above or under the - desired number of control planes. - Value can be an absolute number 1 or 0. - Defaults to 1. - Example: when this is set to 1, the control plane can be scaled - up immediately when the rolling update starts. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - type of rollout. Currently the only supported strategy is - "RollingUpdate". - Default is RollingUpdate. - type: string - type: object - required: - - kubeadmConfigSpec - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-leader-election-role - namespace: capi-kubeadm-control-plane-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-aggregated-manager-role -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" - name: capi-kubeadm-control-plane-manager-role -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machinepools - verbs: - - get - - list - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - machines - - machines/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-leader-election-rolebinding - namespace: capi-kubeadm-control-plane-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-kubeadm-control-plane-leader-election-role -subjects: -- kind: ServiceAccount - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-kubeadm-control-plane-aggregated-manager-role -subjects: -- kind: ServiceAccount - name: capi-kubeadm-control-plane-manager - namespace: capi-kubeadm-control-plane-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: control-plane-kubeadm ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - control-plane: controller-manager - name: capi-kubeadm-control-plane-controller-manager - namespace: capi-kubeadm-control-plane-system -spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: control-plane-kubeadm - control-plane: controller-manager - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - control-plane: controller-manager - spec: - containers: - - args: - - --leader-elect - - --diagnostics-address=:8443 - - --insecure-diagnostics=false - - --use-deprecated-infra-machine-naming=false - - --feature-gates=MachinePool=true,ClusterTopology=false,KubeadmBootstrapFormatIgnition=false - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.9.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capi-kubeadm-control-plane-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: capi-kubeadm-control-plane-webhook-service-cert -status: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanes - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate - failurePolicy: Fail - name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanetemplates - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: control-plane-kubeadm - clusterctl.cluster.x-k8s.io: "" - name: capi-kubeadm-control-plane-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - UPDATE - resources: - - kubeadmcontrolplanes/scale - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanes - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-kubeadm-control-plane-webhook-service - namespace: capi-kubeadm-control-plane-system - path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate - failurePolicy: Fail - name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io - rules: - - apiGroups: - - controlplane.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - kubeadmcontrolplanetemplates - sideEffects: None diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml deleted file mode 100644 index d95f83e1..00000000 --- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack-resource-controller.yaml +++ /dev/null @@ -1,888 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - control-plane: controller-manager - name: orc-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.4 - name: images.openstack.k-orc.cloud -spec: - group: openstack.k-orc.cloud - names: - kind: Image - listKind: ImageList - plural: images - singular: image - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Resource ID - jsonPath: .status.id - name: ID - type: string - - description: Availability status of resource - jsonPath: .status.conditions[?(@.type=='Available')].status - name: Available - type: string - - description: Message describing current availability status - jsonPath: .status.conditions[?(@.type=='Available')].message - name: Message - type: string - - description: Time duration since creation - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: Image is the Schema for an ORC resource. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ImageSpec defines the desired state of an ORC object. - properties: - cloudCredentialsRef: - description: CloudCredentialsRef points to a secret containing OpenStack - credentials - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - maxLength: 256 - minLength: 1 - type: string - secretName: - description: |- - SecretName is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - maxLength: 253 - minLength: 1 - type: string - required: - - cloudName - - secretName - type: object - import: - description: |- - Import refers to an existing OpenStack resource which will be imported instead of - creating a new one. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter contains a resource query which is expected to return a single - result. The controller will continue to retry if filter returns no - results. If filter returns multiple results the controller will set an - error state and will not continue to retry. - minProperties: 1 - properties: - name: - description: Name specifies the name of a Glance image - maxLength: 1000 - minLength: 1 - type: string - type: object - id: - description: |- - ID contains the unique identifier of an existing OpenStack resource. Note - that when specifying an import by ID, the resource MUST already exist. - The ORC object will enter an error state if the resource does not exist. - format: uuid - type: string - type: object - managedOptions: - description: ManagedOptions specifies options which may be applied - to managed objects. - properties: - onDelete: - default: delete - description: |- - OnDelete specifies the behaviour of the controller when the ORC - object is deleted. Options are `delete` - delete the OpenStack resource; - `detach` - do not delete the OpenStack resource. If not specified, the - default is `delete`. - enum: - - delete - - detach - type: string - type: object - managementPolicy: - default: managed - description: |- - ManagementPolicy defines how ORC will treat the object. Valid values are - `managed`: ORC will create, update, and delete the resource; `unmanaged`: - ORC will import an existing resource, and will not apply updates to it or - delete it. - enum: - - managed - - unmanaged - type: string - x-kubernetes-validations: - - message: managementPolicy is immutable - rule: self == oldSelf - resource: - description: |- - Resource specifies the desired state of the resource. - - Resource may not be specified if the management policy is `unmanaged`. - - Resource must be specified if the management policy is `managed`. - properties: - content: - description: Content specifies how to obtain the image content. - properties: - containerFormat: - default: bare - description: |- - ContainerFormat is the format of the image container. - qcow2 and raw images do not usually have a container. This is specified as "bare", which is also the default. - Permitted values are ami, ari, aki, bare, ovf, ova, and docker. - enum: - - ami - - ari - - aki - - bare - - ovf - - ova - - docker - type: string - diskFormat: - description: |- - DiskFormat is the format of the disk image. - Normal values are "qcow2", or "raw". Glance may be configured to support others. - enum: - - ami - - ari - - aki - - vhd - - vhdx - - vmdk - - raw - - qcow2 - - vdi - - ploop - - iso - type: string - download: - description: |- - Download describes how to obtain image data by downloading it from a URL. - Must be set when creating a managed image. - properties: - decompress: - description: |- - Decompress specifies that the source data must be decompressed with the - given compression algorithm before being stored. Specifying Decompress - will disable the use of Glance's web-download, as web-download cannot - currently deterministically decompress downloaded content. - enum: - - xz - - gz - - bz2 - type: string - hash: - description: |- - Hash is a hash which will be used to verify downloaded data, i.e. - before any decompression. If not specified, no hash verification will be - performed. Specifying a Hash will disable the use of Glance's - web-download, as web-download cannot currently deterministically verify - the hash of downloaded content. - properties: - algorithm: - description: Algorithm is the hash algorithm used - to generate value. - enum: - - md5 - - sha1 - - sha256 - - sha512 - type: string - value: - description: Value is the hash of the image data using - Algorithm. It must be hex encoded using lowercase - letters. - maxLength: 1024 - minLength: 1 - pattern: ^[0-9a-f]+$ - type: string - required: - - algorithm - - value - type: object - x-kubernetes-validations: - - message: hash is immutable - rule: self == oldSelf - url: - description: URL containing image data - format: uri - type: string - required: - - url - type: object - required: - - diskFormat - - download - type: object - x-kubernetes-validations: - - message: content is immutable - rule: self == oldSelf - name: - description: |- - Name will be the name of the created Glance image. If not specified, the - name of the Image object will be used. - maxLength: 1024 - minLength: 1 - type: string - properties: - description: Properties is metadata available to consumers of - the image - properties: - hardware: - description: |- - Hardware is a set of properties which control the virtual hardware - created by Nova. - properties: - cdromBus: - description: CDROMBus specifies the type of disk controller - to attach CD-ROM devices to. - enum: - - scsi - - virtio - - uml - - xen - - ide - - usb - - lxc - type: string - cpuCores: - description: CPUCores is the preferred number of cores - to expose to the guest - type: integer - cpuPolicy: - description: |- - CPUPolicy is used to pin the virtual CPUs (vCPUs) of instances to the - host's physical CPU cores (pCPUs). Host aggregates should be used to - separate these pinned instances from unpinned instances as the latter - will not respect the resourcing requirements of the former. - - Permitted values are shared (the default), and dedicated. - - shared: The guest vCPUs will be allowed to freely float across host - pCPUs, albeit potentially constrained by NUMA policy. - - dedicated: The guest vCPUs will be strictly pinned to a set of host - pCPUs. In the absence of an explicit vCPU topology request, the - drivers typically expose all vCPUs as sockets with one core and one - thread. When strict CPU pinning is in effect the guest CPU topology - will be setup to match the topology of the CPUs to which it is - pinned. This option implies an overcommit ratio of 1.0. For example, - if a two vCPU guest is pinned to a single host core with two threads, - then the guest will get a topology of one socket, one core, two - threads. - enum: - - shared - - dedicated - type: string - cpuSockets: - description: CPUSockets is the preferred number of sockets - to expose to the guest - type: integer - cpuThreadPolicy: - description: |- - CPUThreadPolicy further refines a CPUPolicy of 'dedicated' by stating - how hardware CPU threads in a simultaneous multithreading-based (SMT) - architecture be used. SMT-based architectures include Intel - processors with Hyper-Threading technology. In these architectures, - processor cores share a number of components with one or more other - cores. Cores in such architectures are commonly referred to as - hardware threads, while the cores that a given core share components - with are known as thread siblings. - - Permitted values are prefer (the default), isolate, and require. - - prefer: The host may or may not have an SMT architecture. Where an - SMT architecture is present, thread siblings are preferred. - - isolate: The host must not have an SMT architecture or must emulate a - non-SMT architecture. If the host does not have an SMT architecture, - each vCPU is placed on a different core as expected. If the host does - have an SMT architecture - that is, one or more cores have thread - siblings - then each vCPU is placed on a different physical core. No - vCPUs from other guests are placed on the same core. All but one - thread sibling on each utilized core is therefore guaranteed to be - unusable. - - require: The host must have an SMT architecture. Each vCPU is - allocated on thread siblings. If the host does not have an SMT - architecture, then it is not used. If the host has an SMT - architecture, but not enough cores with free thread siblings are - available, then scheduling fails. - enum: - - prefer - - isolate - - require - type: string - cpuThreads: - description: CPUThreads is the preferred number of threads - to expose to the guest - type: integer - diskBus: - description: DiskBus specifies the type of disk controller - to attach disk devices to. - enum: - - scsi - - virtio - - uml - - xen - - ide - - usb - - lxc - type: string - scsiModel: - description: |- - SCSIModel enables the use of VirtIO SCSI (virtio-scsi) to provide - block device access for compute instances; by default, instances use - VirtIO Block (virtio-blk). VirtIO SCSI is a para-virtualized SCSI - controller device that provides improved scalability and performance, - and supports advanced SCSI hardware. - - The only permitted value is virtio-scsi. - enum: - - virtio-scsi - type: string - vifModel: - description: |- - VIFModel specifies the model of virtual network interface device to use. - - Permitted values are e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio, - and vmxnet3. - enum: - - e1000 - - e1000e - - ne2k_pci - - pcnet - - rtl8139 - - virtio - - vmxnet3 - type: string - type: object - minDiskGB: - description: MinDisk is the minimum amount of disk space in - GB that is required to boot the image - minimum: 1 - type: integer - minMemoryMB: - description: MinMemoryMB is the minimum amount of RAM in MB - that is required to boot the image. - minimum: 1 - type: integer - type: object - protected: - description: |- - Protected specifies that the image is protected from deletion. - If not specified, the default is false. - type: boolean - tags: - description: Tags is a list of tags which will be applied to the - image. A tag has a maximum length of 255 characters. - items: - maxLength: 255 - minLength: 1 - type: string - type: array - x-kubernetes-list-type: set - visibility: - description: Visibility of the image - enum: - - public - - private - - shared - - community - type: string - x-kubernetes-validations: - - message: visibility is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: name is immutable - rule: 'has(self.name) ? self.name == oldSelf.name : !has(oldSelf.name)' - - message: name is immutable - rule: 'has(self.protected) ? self.protected == oldSelf.protected - : !has(oldSelf.protected)' - - message: tags is immutable - rule: 'has(self.tags) ? self.tags == oldSelf.tags : !has(oldSelf.tags)' - - message: visibility is immutable - rule: 'has(self.visibility) ? self.visibility == oldSelf.visibility - : !has(oldSelf.visibility)' - - message: properties is immutable - rule: 'has(self.properties) ? self.properties == oldSelf.properties - : !has(oldSelf.properties)' - required: - - cloudCredentialsRef - type: object - x-kubernetes-validations: - - message: resource must be specified when policy is managed - rule: 'self.managementPolicy == ''managed'' ? has(self.resource) : true' - - message: import may not be specified when policy is managed - rule: 'self.managementPolicy == ''managed'' ? !has(self.__import__) - : true' - - message: resource may not be specified when policy is unmanaged - rule: 'self.managementPolicy == ''unmanaged'' ? !has(self.resource) - : true' - - message: import must be specified when policy is unmanaged - rule: 'self.managementPolicy == ''unmanaged'' ? has(self.__import__) - : true' - - message: managedOptions may only be provided when policy is managed - rule: 'has(self.managedOptions) ? self.managementPolicy == ''managed'' - : true' - - message: resource content must be specified when not importing - rule: '!has(self.__import__) ? has(self.resource.content) : true' - status: - description: ImageStatus defines the observed state of an ORC resource. - properties: - conditions: - description: |- - Conditions represents the observed status of the object. - Known .status.conditions.type are: "Available", "Progressing" - - Available represents the availability of the OpenStack resource. If it is - true then the resource is ready for use. - - Progressing indicates whether the controller is still attempting to - reconcile the current state of the OpenStack resource to the desired - state. Progressing will be False either because the desired state has - been achieved, or because some terminal error prevents it from ever being - achieved and the controller is no longer attempting to reconcile. If - Progressing is True, an observer waiting on the resource should continue - to wait. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - downloadAttempts: - description: DownloadAttempts is the number of times the controller - has attempted to download the image contents - type: integer - id: - description: ID is the unique identifier of the OpenStack resource. - type: string - resource: - description: Resource contains the observed state of the OpenStack - resource. - properties: - hash: - description: |- - Hash is the hash of the image data published by Glance. Note that this is - a hash of the data stored internally by Glance, which will have been - decompressed and potentially format converted depending on server-side - configuration which is not visible to clients. It is expected that this - hash will usually differ from the download hash. - properties: - algorithm: - description: Algorithm is the hash algorithm used to generate - value. - enum: - - md5 - - sha1 - - sha256 - - sha512 - type: string - value: - description: Value is the hash of the image data using Algorithm. - It must be hex encoded using lowercase letters. - maxLength: 1024 - minLength: 1 - pattern: ^[0-9a-f]+$ - type: string - required: - - algorithm - - value - type: object - sizeB: - description: SizeB is the size of the image data, in bytes - format: int64 - type: integer - status: - description: Status is the image status as reported by Glance - type: string - virtualSizeB: - description: VirtualSizeB is the size of the disk the image data - represents, in bytes - format: int64 - type: integer - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-controller-manager - namespace: orc-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-leader-election-role - namespace: orc-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-image-editor-role -rules: -- apiGroups: - - openstack.k-orc.cloud - resources: - - images - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - openstack.k-orc.cloud - resources: - - images/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-image-viewer-role -rules: -- apiGroups: - - openstack.k-orc.cloud - resources: - - images - verbs: - - get - - list - - watch -- apiGroups: - - openstack.k-orc.cloud - resources: - - images/status - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: orc-manager-role -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - openstack.k-orc.cloud - resources: - - images - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - openstack.k-orc.cloud - resources: - - images/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: orc-metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: orc-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-leader-election-rolebinding - namespace: orc-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: orc-leader-election-role -subjects: -- kind: ServiceAccount - name: orc-controller-manager - namespace: orc-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - name: orc-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: orc-manager-role -subjects: -- kind: ServiceAccount - name: orc-controller-manager - namespace: orc-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: orc-metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: orc-metrics-auth-role -subjects: -- kind: ServiceAccount - name: orc-controller-manager - namespace: orc-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - control-plane: controller-manager - name: orc-controller-manager-metrics-service - namespace: orc-system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: 8443 - selector: - control-plane: controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: orc - control-plane: controller-manager - name: orc-controller-manager - namespace: orc-system -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --metrics-bind-address=:8443 - - --leader-elect - - --health-probe-bind-address=:8081 - command: - - /manager - image: quay.io/orc/openstack-resource-controller:v1.0.1 - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: orc-controller-manager - terminationGracePeriodSeconds: 10 diff --git a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml b/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml deleted file mode 100644 index 4f6a7e11..00000000 --- a/installers/flux/templates/sw-catalogs/infra-controllers/capi/manifests/providers/infrastructure/openstack/openstack.yaml +++ /dev/null @@ -1,11668 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/warn: restricted - name: capo-system ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-selfsigned-issuer - namespace: capo-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-serving-cert - namespace: capo-system -spec: - dnsNames: - - capo-webhook-service.capo-system.svc - - capo-webhook-service.capo-system.svc.cluster.local - issuerRef: - kind: Issuer - name: capo-selfsigned-issuer - secretName: capo-webhook-service-cert ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackclusters.infrastructure.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackCluster - listKind: OpenStackClusterList - plural: openstackclusters - shortNames: - - osc - singular: openstackcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this OpenStackCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for OpenStack instances - jsonPath: .status.ready - name: Ready - type: string - - description: Network the cluster is using - jsonPath: .status.network.id - name: Network - type: string - - description: API Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Bastion address for breakglass access - jsonPath: .status.bastion.floatingIP - name: Bastion IP - type: string - - description: Time duration since creation of OpenStackCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: The v1alpha7 version of OpenStackCluster has been deprecated - and will be removed in a future release. - name: v1alpha7 - schema: - openAPIV3Schema: - description: |- - OpenStackCluster is the Schema for the openstackclusters API. - - Deprecated: v1alpha7.OpenStackCluster has been replaced by v1beta1.OpenStackCluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterSpec defines the desired state of OpenStackCluster. - properties: - allowAllInClusterTraffic: - description: |- - AllowAllInClusterTraffic is only used when managed security groups are in use. - If set to true, the rules for the managed security groups are configured so that all - ingress and egress between cluster nodes is permitted, allowing CNIs other than - Calico to be used. - type: boolean - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - It must be activated by setting `enabled: true`. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports to the - load balancer. - items: - type: integer - type: array - allowedCidrs: - description: AllowedCIDRs restrict access to all API-Server listeners - to the given address CIDRs. - items: - type: string - type: array - enabled: - description: Enabled defines whether a load balancer should be - created. - type: boolean - provider: - description: Octavia Provider Used to create load balancer - type: string - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. Set `enabled: false` to - make changes. - properties: - availabilityZone: - type: string - enabled: - type: boolean - instance: - description: Instance for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume in. - If omitted, the availability zone of the server will be used. - The availability zone must NOT contain spaces otherwise it will lead to volume that belongs - to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for - further information. - type: string - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - cloudName: - description: The name of the cloud to use from the clouds - secret - type: string - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIP: - description: |- - The floatingIP which will be associated to the machine, only used for master. - The floatingIP should have been created and haven't been associated. - type: string - identityRef: - description: |- - IdentityRef is a reference to a identity to be used when reconciling this cluster. - If not specified, the identity ref of the cluster will be used instead. - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - image: - description: |- - The name of the image to use for your server instance. - If the RootVolume is specified, this will be ignored and use rootVolume directly. - type: string - imageUUID: - description: |- - The uuid of the image to use for your server instance. - if it's empty, Image name will be used - type: string - instanceID: - description: InstanceID is the OpenStack instance ID for this - machine. - type: string - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - type: boolean - allowedAddressPairs: - items: - properties: - ipAddress: - type: string - macAddress: - type: string - type: object - type: array - description: - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: Specify pairs of subnet and/or IP address. - These should be subnets of the network with the given - NetworkID. - items: - properties: - ipAddress: - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - hostId: - description: The ID of the host where the port is allocated - type: string - macAddress: - type: string - nameSuffix: - description: Used to make the name of the port unique. - If unspecified, instead the 0-based index of the port - in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding details. - We intentionally don't expose this as a map[string]string because we only want to enable - the users to set the values of the keys that are known to work in OpenStack Networking API. - See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the - OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroupFilters: - description: The names, uuids, filters or any combination - these of the security groups to assign to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Enables and disables trunk at port level. - If not provided, openStackMachine.Spec.Trunk is inherited. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: The virtual network interface card (vNIC) - type that is bound to the neutron port. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - type: string - diskSize: - type: integer - volumeType: - type: string - type: object - securityGroups: - description: The names of the security groups to assign to - the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - serverGroupID: - description: The server group to assign the machine to - type: string - serverMetadata: - additionalProperties: - type: string - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - type: object - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Machine tags - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - type: object - type: object - cloudName: - description: The name of the cloud to use from the clouds secret - type: string - controlPlaneAvailabilityZones: - description: ControlPlaneAvailabilityZones is the az to deploy control - plane to - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler - to make a decision on which az to use based on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - dnsNameservers: - description: |- - DNSNameservers is the list of nameservers for OpenStack Subnet being created. - Set this value when you need create a new network/subnet while the access - through DNS is required. - items: - type: string - type: array - x-kubernetes-list-type: set - externalNetworkId: - description: |- - ExternalNetworkID is the ID of an external OpenStack Network. This is necessary - to get public internet to the VMs. - type: string - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used for the - Gateway of this router - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - identityRef: - description: IdentityRef is a reference to a identity to be used when - reconciling this cluster - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, the - Kubernetes API server and the Calico CNI plugin to function correctly. - type: boolean - network: - description: If NodeCIDR cannot be set this can be used to detect - an existing network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - networkMtu: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If leaved empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - nodeCidr: - description: |- - NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a - network, a subnet with NodeCIDR, and a router connected to this subnet. - If you leave this empty, no network will be created. - type: string - router: - description: |- - If NodeCIDR is set this option can be used to detect an existing router. - If specified, no new router will be created. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - subnet: - description: If NodeCIDR cannot be set this can be used to detect - an existing subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - tags: - description: Tags for all resources in cluster - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - status: - description: OpenStackClusterStatus defines the observed state of OpenStackCluster. - properties: - apiServerLoadBalancer: - description: APIServerLoadBalancer describes the api server load balancer - if one exists - properties: - allowedCIDRs: - items: - type: string - type: array - id: - type: string - internalIP: - type: string - ip: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - internalIP - - ip - - name - type: object - bastion: - properties: - floatingIP: - type: string - id: - type: string - ip: - type: string - name: - type: string - sshKeyName: - type: string - state: - description: InstanceState describes the state of an OpenStack - instance. - type: string - type: object - bastionSecurityGroup: - description: |- - SecurityGroup represents the basic information of the associated - OpenStack Neutron Security Group. - properties: - id: - type: string - name: - type: string - rules: - items: - description: |- - SecurityGroupRule represent the basic information of the associated OpenStack - Security Group Role. - properties: - description: - type: string - direction: - type: string - etherType: - type: string - name: - type: string - portRangeMax: - type: integer - portRangeMin: - type: integer - protocol: - type: string - remoteGroupID: - type: string - remoteIPPrefix: - type: string - securityGroupID: - type: string - required: - - description - - direction - - etherType - - name - - portRangeMax - - portRangeMin - - protocol - - remoteGroupID - - remoteIPPrefix - - securityGroupID - type: object - type: array - required: - - id - - name - type: object - controlPlaneSecurityGroup: - description: |- - ControlPlaneSecurityGroups contains all the information about the OpenStack - Security Group that needs to be applied to control plane nodes. - properties: - id: - type: string - name: - type: string - rules: - items: - description: |- - SecurityGroupRule represent the basic information of the associated OpenStack - Security Group Role. - properties: - description: - type: string - direction: - type: string - etherType: - type: string - name: - type: string - portRangeMax: - type: integer - portRangeMin: - type: integer - protocol: - type: string - remoteGroupID: - type: string - remoteIPPrefix: - type: string - securityGroupID: - type: string - required: - - description - - direction - - etherType - - name - - portRangeMax - - portRangeMin - - protocol - - remoteGroupID - - remoteIPPrefix - - securityGroupID - type: object - type: array - required: - - id - - name - type: object - externalNetwork: - description: externalNetwork contains information about the external - network used for default ingress and egress traffic. - properties: - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: controlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains represent OpenStack availability zones - type: object - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a succinct value suitable - for machine interpretation. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - network: - description: Network contains information about the created OpenStack - Network. - properties: - id: - type: string - name: - type: string - subnets: - description: Subnets is a list of subnets associated with the - default cluster network. Machines which use the default cluster - network will get an address from all of these subnets. - items: - description: Subnet represents basic information about the associated - OpenStack Neutron Subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - cidr - - id - - name - type: object - type: array - tags: - items: - type: string - type: array - required: - - id - - name - type: object - ready: - type: boolean - router: - description: Router describes the default cluster router - properties: - id: - type: string - ips: - items: - type: string - type: array - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - workerSecurityGroup: - description: |- - WorkerSecurityGroup contains all the information about the OpenStack Security - Group that needs to be applied to worker nodes. - properties: - id: - type: string - name: - type: string - rules: - items: - description: |- - SecurityGroupRule represent the basic information of the associated OpenStack - Security Group Role. - properties: - description: - type: string - direction: - type: string - etherType: - type: string - name: - type: string - portRangeMax: - type: integer - portRangeMin: - type: integer - protocol: - type: string - remoteGroupID: - type: string - remoteIPPrefix: - type: string - securityGroupID: - type: string - required: - - description - - direction - - etherType - - name - - portRangeMax - - portRangeMin - - protocol - - remoteGroupID - - remoteIPPrefix - - securityGroupID - type: object - type: array - required: - - id - - name - type: object - required: - - ready - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this OpenStackCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for OpenStack instances - jsonPath: .status.ready - name: Ready - type: string - - description: Network the cluster is using - jsonPath: .status.network.id - name: Network - type: string - - description: API Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Bastion address for breakglass access - jsonPath: .status.bastion.floatingIP - name: Bastion IP - type: string - - description: Time duration since creation of OpenStackCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackCluster is the Schema for the openstackclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterSpec defines the desired state of OpenStackCluster. - properties: - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - If not specified, no load balancer will be created for the API server. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports to the - load balancer. - items: - type: integer - type: array - x-kubernetes-list-type: set - allowedCIDRs: - description: AllowedCIDRs restrict access to all API-Server listeners - to the given address CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: set - availabilityZone: - description: AvailabilityZone is the failure domain that will - be used to create the APIServerLoadBalancer Spec. - type: string - enabled: - default: true - description: |- - Enabled defines whether a load balancer should be created. This value - defaults to true if an APIServerLoadBalancer is given. - - There is no reason to set this to false. To disable creation of the - API server loadbalancer, omit the APIServerLoadBalancer field in the - cluster spec instead. - type: boolean - flavor: - description: Flavor is the flavor name that will be used to create - the APIServerLoadBalancer Spec. - type: string - network: - description: Network defines which network should the load balancer - be allocated on. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is - provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - provider: - description: |- - Provider specifies name of a specific Octavia provider to use for the - API load balancer. The Octavia default will be used if it is not - specified. - type: string - subnets: - description: |- - Subnets define which subnets should the load balancer be allocated on. - It is expected that subnets are located on the network specified in this resource. - Only the first element is taken into account. - kubebuilder:validation:MaxLength:=2 - items: - description: SubnetParam specifies an OpenStack subnet to use. - It may be specified by either ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be - validated. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - required: - - enabled - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created. If specified, it must be an integer between 0 and 65535. - maximum: 65535 - minimum: 0 - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. To make changes, it's required - to first set `enabled: false` which will remove the bastion and then changes can be made. - properties: - availabilityZone: - description: AvailabilityZone is the failure domain that will - be used to create the Bastion Spec. - type: string - enabled: - default: true - description: |- - Enabled means that bastion is enabled. The bastion is enabled by - default if this field is not specified. Set this field to false to disable the - bastion. - - It is not currently possible to remove the bastion from the cluster - spec without first disabling it by setting this field to false and - waiting until the bastion has been deleted. - type: boolean - floatingIP: - description: |- - FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID. - The floating IP should already exist and should not be associated with a port. If FIP of this address does not - exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so. - format: ipv4 - type: string - spec: - description: Spec for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single - matching image or an error will be raised. - type: string - tags: - description: The tags associated with the desired - image. If specified, the combination of name and - tags must return a single matching image or an error - will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not - be validated before use. - format: uuid - type: string - imageRef: - description: |- - ImageRef is a reference to an ORC Image in the same namespace as the - referring object. - properties: - name: - description: Name is the name of the referenced resource - type: string - required: - - name - type: object - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select the subnet. It must match exactly - one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. - It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name - of the port if specified. If unspecified, instead - the 0-based index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - an OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. - If ID is provided, the other filters cannot be - provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, - uuids, filters or any combination these of the security - groups to assign to the instance. - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, cannot - be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in - gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - schedulerHintAdditionalProperties: - description: |- - SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints - to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure, - such as specifying certain host aggregates or availability zones. - items: - description: |- - SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint. - It includes a Name to identify the property and a Value that can be of various types. - properties: - name: - description: |- - Name is the name of the scheduler hint property. - It is a unique identifier for the property. - minLength: 1 - type: string - value: - description: |- - Value is the value of the scheduler hint property, which can be of various types - (e.g., bool, string, int). The type is indicated by the Value.Type field. - properties: - bool: - description: |- - Bool is the boolean value of the scheduler hint, used when Type is "Bool". - This field is required if type is 'Bool', and must not be set otherwise. - type: boolean - number: - description: |- - Number is the integer value of the scheduler hint, used when Type is "Number". - This field is required if type is 'Number', and must not be set otherwise. - type: integer - string: - description: |- - String is the string value of the scheduler hint, used when Type is "String". - This field is required if type is 'String', and must not be set otherwise. - maxLength: 255 - minLength: 1 - type: string - type: - description: |- - Type represents the type of the value. - Valid values are Bool, String, and Number. - enum: - - Bool - - String - - Number - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: bool is required when type is Bool, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool) - : !has(self.bool)' - - message: number is required when type is Number, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''Number'' ? - has(self.number) : !has(self.number)' - - message: string is required when type is String, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''String'' ? - has(self.string) : !has(self.string)' - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityGroups: - description: The names of the security groups to assign to - the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - server group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to - look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - required: - - image - type: object - x-kubernetes-validations: - - message: at least one of flavor or flavorID must be set - rule: (has(self.flavor) || has(self.flavorID)) - type: object - x-kubernetes-validations: - - message: spec is required if bastion is enabled - rule: '!self.enabled || has(self.spec)' - controlPlaneAvailabilityZones: - description: |- - ControlPlaneAvailabilityZones is the set of availability zones which - control plane machines may be deployed to. - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - It is normally populated automatically by the OpenStackCluster - controller during cluster provisioning. If it is set on creation the - control plane endpoint will use the values set here in preference to - values set elsewhere. - ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - ControlPlaneOmitAvailabilityZone causes availability zone to be - omitted when creating control plane nodes, allowing the Nova - scheduler to make a decision on which availability zone to use based - on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - If ExternalNetwork is defined it must refer to exactly one external network. - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used for the - Gateway of this router - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be - validated. - format: uuid - type: string - type: object - required: - - subnet - type: object - type: array - x-kubernetes-list-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this cluster. It is also to reconcile - machines unless overridden in the machine spec. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, and the - Kubernetes API server to function correctly. - It's possible to add additional rules to the managed security groups. - When defined to an empty struct, the managed security groups will be created with the default rules. - properties: - allNodesSecurityGroupRules: - description: allNodesSecurityGroupRules defines the rules that - should be applied to all nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched by - the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - allowAllInClusterTraffic: - default: false - description: AllowAllInClusterTraffic allows all ingress and egress - traffic between cluster nodes when set to true. - type: boolean - controlPlaneNodesSecurityGroupRules: - description: controlPlaneNodesSecurityGroupRules defines the rules - that should be applied to control plane nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched by - the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - workerNodesSecurityGroupRules: - description: workerNodesSecurityGroupRules defines the rules that - should be applied to worker nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched by - the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - allowAllInClusterTraffic - type: object - managedSubnets: - description: |- - ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network, - subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4 - subnet is supported. If you leave this empty, no network will be created. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the AllocationPool, - that is the lowest IP of the pool. - type: string - required: - - end - - start - type: object - type: array - cidr: - description: |- - CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24. - This field is required when defining a subnet. - type: string - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - required: - - cidr - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to use. It - may be specified by either ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which support - tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - x-kubernetes-validations: - - message: bastion floating IP cannot be set when disableExternalNetwork - is true - rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork - ? !has(self.bastion) || !has(self.bastion.floatingIP) : true' - - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork - is true - rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork - ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP - : true' - status: - description: OpenStackClusterStatus defines the observed state of OpenStackCluster. - properties: - apiServerLoadBalancer: - description: APIServerLoadBalancer describes the api server load balancer - if one exists - properties: - allowedCIDRs: - items: - type: string - type: array - id: - type: string - internalIP: - type: string - ip: - type: string - loadBalancerNetwork: - description: |- - LoadBalancerNetwork contains information about network and/or subnets which the - loadbalancer is allocated on. - If subnets are specified within the LoadBalancerNetwork currently only the first - subnet in the list is taken into account. - properties: - id: - type: string - name: - type: string - subnets: - description: Subnets is a list of subnets associated with - the default cluster network. Machines which use the default - cluster network will get an address from all of these subnets. - items: - description: Subnet represents basic information about the - associated OpenStack Neutron Subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - cidr - - id - - name - type: object - type: array - tags: - items: - type: string - type: array - required: - - id - - name - type: object - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - internalIP - - ip - - name - type: object - bastion: - description: Bastion contains the information about the deployed bastion - host - properties: - floatingIP: - type: string - id: - type: string - ip: - type: string - name: - type: string - resolved: - description: |- - Resolved contains parts of the bastion's machine spec with all - external references fully resolved. - properties: - flavorID: - description: FlavorID is the ID of the flavor to use. - type: string - imageID: - description: ImageID is the ID of the image to use for the - machine and is calculated based on ImageFilter. - type: string - ports: - description: Ports is the fully resolved list of ports to - create for the machine. - items: - description: ResolvedPortSpec is a PortOpts with all contained - references fully resolved. - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - description: ResolvedFixedIP is a FixedIP with the - Subnet resolved to an ID. - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If SubnetID - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: SubnetID is the id of a subnet to - create the fixed IP of a port in. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - name: - description: Name is the name of the port. - type: string - networkID: - description: NetworkID is the ID of the network the - port will be created in. - type: string - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of security group - IDs to assign to the port. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags applied to the port (and corresponding - trunk, if a trunk is configured.) - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk specifies whether trunking is enabled - at the port level. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - required: - - description - - name - - networkID - type: object - type: array - serverGroupID: - description: ServerGroupID is the ID of the server group the - machine should be added to and is calculated based on ServerGroupFilter. - type: string - type: object - resources: - description: Resources contains references to OpenStack resources - created for the bastion. - properties: - ports: - description: Ports is the status of the ports created for - the machine. - items: - properties: - id: - description: ID is the unique identifier of the port. - type: string - required: - - id - type: object - type: array - type: object - sshKeyName: - type: string - state: - description: InstanceState describes the state of an OpenStack - instance. - type: string - type: object - bastionSecurityGroup: - description: |- - BastionSecurityGroup contains the information about the OpenStack - Security Group that needs to be applied to worker nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - controlPlaneSecurityGroup: - description: |- - ControlPlaneSecurityGroup contains the information about the - OpenStack Security Group that needs to be applied to control plane - nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - externalNetwork: - description: ExternalNetwork contains information about the external - network used for default ingress and egress traffic. - properties: - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: controlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains represent OpenStack availability zones - type: object - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a succinct value suitable - for machine interpretation. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - network: - description: Network contains information about the created OpenStack - Network. - properties: - id: - type: string - name: - type: string - subnets: - description: Subnets is a list of subnets associated with the - default cluster network. Machines which use the default cluster - network will get an address from all of these subnets. - items: - description: Subnet represents basic information about the associated - OpenStack Neutron Subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - cidr - - id - - name - type: object - type: array - tags: - items: - type: string - type: array - required: - - id - - name - type: object - ready: - default: false - description: Ready is true when the cluster infrastructure is ready. - type: boolean - router: - description: Router describes the default cluster router - properties: - id: - type: string - ips: - items: - type: string - type: array - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - workerSecurityGroup: - description: |- - WorkerSecurityGroup contains the information about the OpenStack - Security Group that needs to be applied to worker nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackclustertemplates.infrastructure.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackClusterTemplate - listKind: OpenStackClusterTemplateList - plural: openstackclustertemplates - shortNames: - - osct - singular: openstackclustertemplate - scope: Namespaced - versions: - - deprecated: true - deprecationWarning: The v1alpha7 version of OpenStackClusterTemplate has been - deprecated and will be removed in a future release. - name: v1alpha7 - schema: - openAPIV3Schema: - description: |- - OpenStackClusterTemplate is the Schema for the openstackclustertemplates API. - - Deprecated: v1alpha7.OpenStackClusterTemplate has been replaced by v1beta1.OpenStackClusterTemplate. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterTemplateSpec defines the desired state of - OpenStackClusterTemplate. - properties: - template: - description: OpenStackClusterTemplateResource describes the data needed - to create a OpenStackCluster from a template. - properties: - spec: - description: OpenStackClusterSpec defines the desired state of - OpenStackCluster. - properties: - allowAllInClusterTraffic: - description: |- - AllowAllInClusterTraffic is only used when managed security groups are in use. - If set to true, the rules for the managed security groups are configured so that all - ingress and egress between cluster nodes is permitted, allowing CNIs other than - Calico to be used. - type: boolean - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - It must be activated by setting `enabled: true`. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports - to the load balancer. - items: - type: integer - type: array - allowedCidrs: - description: AllowedCIDRs restrict access to all API-Server - listeners to the given address CIDRs. - items: - type: string - type: array - enabled: - description: Enabled defines whether a load balancer should - be created. - type: boolean - provider: - description: Octavia Provider Used to create load balancer - type: string - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. Set `enabled: false` to - make changes. - properties: - availabilityZone: - type: string - enabled: - type: boolean - instance: - description: Instance for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server - instance - items: - description: AdditionalBlockDevice is a block device - to attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - type: string - sizeGiB: - description: SizeGiB is the size of the block - device in gibibytes (GiB). - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional - storage options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume in. - If omitted, the availability zone of the server will be used. - The availability zone must NOT contain spaces otherwise it will lead to volume that belongs - to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for - further information. - type: string - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - cloudName: - description: The name of the cloud to use from the - clouds secret - type: string - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for - your server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIP: - description: |- - The floatingIP which will be associated to the machine, only used for master. - The floatingIP should have been created and haven't been associated. - type: string - identityRef: - description: |- - IdentityRef is a reference to a identity to be used when reconciling this cluster. - If not specified, the identity ref of the cluster will be used instead. - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - image: - description: |- - The name of the image to use for your server instance. - If the RootVolume is specified, this will be ignored and use rootVolume directly. - type: string - imageUUID: - description: |- - The uuid of the image to use for your server instance. - if it's empty, Image name will be used - type: string - instanceID: - description: InstanceID is the OpenStack instance - ID for this machine. - type: string - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - type: boolean - allowedAddressPairs: - items: - properties: - ipAddress: - type: string - macAddress: - type: string - type: object - type: array - description: - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: Specify pairs of subnet and/or - IP address. These should be subnets of the - network with the given NetworkID. - items: - properties: - ipAddress: - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - hostId: - description: The ID of the host where the port - is allocated - type: string - macAddress: - type: string - nameSuffix: - description: Used to make the name of the port - unique. If unspecified, instead the 0-based - index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding details. - We intentionally don't expose this as a map[string]string because we only want to enable - the users to set the values of the keys that are known to work in OpenStack Networking API. - See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables - the OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables - the “trusted mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or - disables the propagate uplink status on the - port. - type: boolean - securityGroupFilters: - description: The names, uuids, filters or any - combination these of the security groups to - assign to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Enables and disables trunk at port - level. If not provided, openStackMachine.Spec.Trunk - is inherited. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single - value_spec key-value pair. - properties: - key: - description: Key is the key in the key-value - pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the - key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: The virtual network interface card - (vNIC) type that is bound to the neutron port. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as - specified by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - type: string - diskSize: - type: integer - volumeType: - type: string - type: object - securityGroups: - description: The names of the security groups to assign - to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - serverGroupID: - description: The server group to assign the machine - to - type: string - serverMetadata: - additionalProperties: - type: string - description: Metadata mapping. Allows you to create - a map of key value pairs to add to the server instance. - type: object - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Machine tags - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created - on a trunk port or not. - type: boolean - type: object - type: object - cloudName: - description: The name of the cloud to use from the clouds - secret - type: string - controlPlaneAvailabilityZones: - description: ControlPlaneAvailabilityZones is the az to deploy - control plane to - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - Indicates whether to omit the az for control plane nodes, allowing the Nova scheduler - to make a decision on which az to use based on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - dnsNameservers: - description: |- - DNSNameservers is the list of nameservers for OpenStack Subnet being created. - Set this value when you need create a new network/subnet while the access - through DNS is required. - items: - type: string - type: array - x-kubernetes-list-type: set - externalNetworkId: - description: |- - ExternalNetworkID is the ID of an external OpenStack Network. This is necessary - to get public internet to the VMs. - type: string - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used - for the Gateway of this router - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - identityRef: - description: IdentityRef is a reference to a identity to be - used when reconciling this cluster - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, the - Kubernetes API server and the Calico CNI plugin to function correctly. - type: boolean - network: - description: If NodeCIDR cannot be set this can be used to - detect an existing network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - networkMtu: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If leaved empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - nodeCidr: - description: |- - NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a - network, a subnet with NodeCIDR, and a router connected to this subnet. - If you leave this empty, no network will be created. - type: string - router: - description: |- - If NodeCIDR is set this option can be used to detect an existing router. - If specified, no new router will be created. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - subnet: - description: If NodeCIDR cannot be set this can be used to - detect an existing subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - tags: - description: Tags for all resources in cluster - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: false - storage: false - - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterTemplateSpec defines the desired state of - OpenStackClusterTemplate. - properties: - template: - description: OpenStackClusterTemplateResource describes the data needed - to create a OpenStackCluster from a template. - properties: - spec: - description: OpenStackClusterSpec defines the desired state of - OpenStackCluster. - properties: - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - If not specified, no load balancer will be created for the API server. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports - to the load balancer. - items: - type: integer - type: array - x-kubernetes-list-type: set - allowedCIDRs: - description: AllowedCIDRs restrict access to all API-Server - listeners to the given address CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: set - availabilityZone: - description: AvailabilityZone is the failure domain that - will be used to create the APIServerLoadBalancer Spec. - type: string - enabled: - default: true - description: |- - Enabled defines whether a load balancer should be created. This value - defaults to true if an APIServerLoadBalancer is given. - - There is no reason to set this to false. To disable creation of the - API server loadbalancer, omit the APIServerLoadBalancer field in the - cluster spec instead. - type: boolean - flavor: - description: Flavor is the flavor name that will be used - to create the APIServerLoadBalancer Spec. - type: string - network: - description: Network defines which network should the - load balancer be allocated on. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an - OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If - ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - provider: - description: |- - Provider specifies name of a specific Octavia provider to use for the - API load balancer. The Octavia default will be used if it is not - specified. - type: string - subnets: - description: |- - Subnets define which subnets should the load balancer be allocated on. - It is expected that subnets are located on the network specified in this resource. - Only the first element is taken into account. - kubebuilder:validation:MaxLength:=2 - items: - description: SubnetParam specifies an OpenStack subnet - to use. It may be specified by either ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - the subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - required: - - enabled - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created. If specified, it must be an integer between 0 and 65535. - maximum: 65535 - minimum: 0 - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. To make changes, it's required - to first set `enabled: false` which will remove the bastion and then changes can be made. - properties: - availabilityZone: - description: AvailabilityZone is the failure domain that - will be used to create the Bastion Spec. - type: string - enabled: - default: true - description: |- - Enabled means that bastion is enabled. The bastion is enabled by - default if this field is not specified. Set this field to false to disable the - bastion. - - It is not currently possible to remove the bastion from the cluster - spec without first disabling it by setting this field to false and - waiting until the bastion has been deleted. - type: boolean - floatingIP: - description: |- - FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID. - The floating IP should already exist and should not be associated with a port. If FIP of this address does not - exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so. - format: ipv4 - type: string - spec: - description: Spec for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server - instance - items: - description: AdditionalBlockDevice is a block device - to attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block - device in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional - storage options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from - is 'Name' or default - rule: '!has(self.from) || self.from - == ''Name'' ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for - your server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the - entry in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) - || self.region == oldSelf.region - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. - If specified, the combination of name and - tags must return a single matching image - or an error will be raised. - type: string - tags: - description: The tags associated with the - desired image. If specified, the combination - of name and tags must return a single matching - image or an error will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will - not be validated before use. - format: uuid - type: string - imageRef: - description: |- - ImageRef is a reference to an ORC Image in the same namespace as the - referring object. - properties: - name: - description: Name is the name of the referenced - resource - type: string - required: - - name - type: object - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether - the port should be created in the up (true) - or down (false) state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable - description for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of - subnet and/or IP address to assign to the - port. If specified, these must be subnets - of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter - to select the subnet. It must match - exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the - subnet. It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the - host where the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address - of the port. If not specified, the MAC address - will be generated. - type: string - nameSuffix: - description: NameSuffix will be appended to - the name of the port if specified. If unspecified, - instead the 0-based index of the port in the - list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select an OpenStack network. If provided, - cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables - the “trusted mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or - disables the propagate uplink status on the - port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the - names, uuids, filters or any combination these - of the security groups to assign to the instance. - items: - description: SecurityGroupParam specifies - an OpenStack security group. It may be specified - by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query - to select an OpenStack security group. - If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security - group to use. If ID is provided, the - other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single - value_spec key-value pair. - properties: - key: - description: Key is the key in the key-value - pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the - key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as - specified by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block - device in gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - schedulerHintAdditionalProperties: - description: |- - SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints - to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure, - such as specifying certain host aggregates or availability zones. - items: - description: |- - SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint. - It includes a Name to identify the property and a Value that can be of various types. - properties: - name: - description: |- - Name is the name of the scheduler hint property. - It is a unique identifier for the property. - minLength: 1 - type: string - value: - description: |- - Value is the value of the scheduler hint property, which can be of various types - (e.g., bool, string, int). The type is indicated by the Value.Type field. - properties: - bool: - description: |- - Bool is the boolean value of the scheduler hint, used when Type is "Bool". - This field is required if type is 'Bool', and must not be set otherwise. - type: boolean - number: - description: |- - Number is the integer value of the scheduler hint, used when Type is "Number". - This field is required if type is 'Number', and must not be set otherwise. - type: integer - string: - description: |- - String is the string value of the scheduler hint, used when Type is "String". - This field is required if type is 'String', and must not be set otherwise. - maxLength: 255 - minLength: 1 - type: string - type: - description: |- - Type represents the type of the value. - Valid values are Bool, String, and Number. - enum: - - Bool - - String - - Number - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: bool is required when type is Bool, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Bool'' - ? has(self.bool) : !has(self.bool)' - - message: number is required when type is Number, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Number'' - ? has(self.number) : !has(self.number)' - - message: string is required when type is String, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''String'' - ? has(self.string) : !has(self.string)' - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityGroups: - description: The names of the security groups to assign - to the instance - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, - cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine - to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack server group. If provided, it cannot - be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server - group to look for. - type: string - type: object - id: - description: ID is the ID of the server group - to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create - a map of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created - on a trunk port or not. - type: boolean - required: - - image - type: object - x-kubernetes-validations: - - message: at least one of flavor or flavorID must be - set - rule: (has(self.flavor) || has(self.flavorID)) - type: object - x-kubernetes-validations: - - message: spec is required if bastion is enabled - rule: '!self.enabled || has(self.spec)' - controlPlaneAvailabilityZones: - description: |- - ControlPlaneAvailabilityZones is the set of availability zones which - control plane machines may be deployed to. - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - It is normally populated automatically by the OpenStackCluster - controller during cluster provisioning. If it is set on creation the - control plane endpoint will use the values set here in preference to - values set elsewhere. - ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - ControlPlaneOmitAvailabilityZone causes availability zone to be - omitted when creating control plane nodes, allowing the Nova - scheduler to make a decision on which availability zone to use based - on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - If ExternalNetwork is defined it must refer to exactly one external network. - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used - for the Gateway of this router - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - the subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - required: - - subnet - type: object - type: array - x-kubernetes-list-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this cluster. It is also to reconcile - machines unless overridden in the machine spec. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, and the - Kubernetes API server to function correctly. - It's possible to add additional rules to the managed security groups. - When defined to an empty struct, the managed security groups will be created with the default rules. - properties: - allNodesSecurityGroupRules: - description: allNodesSecurityGroupRules defines the rules - that should be applied to all nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched - by the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - allowAllInClusterTraffic: - default: false - description: AllowAllInClusterTraffic allows all ingress - and egress traffic between cluster nodes when set to - true. - type: boolean - controlPlaneNodesSecurityGroupRules: - description: controlPlaneNodesSecurityGroupRules defines - the rules that should be applied to control plane nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched - by the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - workerNodesSecurityGroupRules: - description: workerNodesSecurityGroupRules defines the - rules that should be applied to worker nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched - by the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - allowAllInClusterTraffic - type: object - managedSubnets: - description: |- - ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network, - subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4 - subnet is supported. If you leave this empty, no network will be created. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the - AllocationPool, that is the lowest IP of the - pool. - type: string - required: - - end - - start - type: object - type: array - cidr: - description: |- - CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24. - This field is required when defining a subnet. - type: string - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - required: - - cidr - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to - use. It may be specified by either ID or filter, but not - both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not - be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which - support tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - x-kubernetes-validations: - - message: bastion floating IP cannot be set when disableExternalNetwork - is true - rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork - ? !has(self.bastion) || !has(self.bastion.floatingIP) : true' - - message: disableAPIServerFloatingIP cannot be false when disableExternalNetwork - is true - rule: 'has(self.disableExternalNetwork) && self.disableExternalNetwork - ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP - : true' - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackfloatingippools.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: OpenStackFloatingIPPool - listKind: OpenStackFloatingIPPoolList - plural: openstackfloatingippools - singular: openstackfloatingippool - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OpenStackFloatingIPPool is the Schema for the openstackfloatingippools - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackFloatingIPPoolSpec defines the desired state of - OpenStackFloatingIPPool. - properties: - floatingIPNetwork: - description: FloatingIPNetwork is the external network to use for - floating ips, if there's only one external network it will be used - by default - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - identityRef: - description: IdentityRef is a reference to a identity to be used when - reconciling this pool. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - maxIPs: - description: |- - MaxIPs is the maximum number of floating ips that can be allocated from this pool, if nil there is no limit. - If set, the pool will stop allocating floating ips when it reaches this number of ClaimedIPs. - type: integer - preAllocatedFloatingIPs: - description: |- - PreAllocatedFloatingIPs is a list of floating IPs precreated in OpenStack that should be used by this pool. - These are used before allocating new ones and are not deleted from OpenStack when the pool is deleted. - items: - type: string - type: array - reclaimPolicy: - description: The stratergy to use for reclaiming floating ips when - they are released from a machine - enum: - - Retain - - Delete - type: string - required: - - identityRef - - reclaimPolicy - type: object - status: - description: OpenStackFloatingIPPoolStatus defines the observed state - of OpenStackFloatingIPPool. - properties: - availableIPs: - default: [] - items: - type: string - type: array - claimedIPs: - default: [] - items: - type: string - type: array - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failedIPs: - description: FailedIPs contains a list of floating ips that failed - to be allocated - items: - type: string - type: array - floatingIPNetwork: - description: floatingIPNetwork contains information about the network - used for floating ips - properties: - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackmachines.infrastructure.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackMachine - listKind: OpenStackMachineList - plural: openstackmachines - shortNames: - - osm - singular: openstackmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this OpenStackMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: OpenStack instance state - jsonPath: .status.instanceState - name: InstanceState - type: string - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: OpenStack instance ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine object which owns with this OpenStackMachine - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - type: string - - description: Time duration since creation of OpenStackMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: The v1alpha7 version of OpenStackMachine has been deprecated - and will be removed in a future release. - name: v1alpha7 - schema: - openAPIV3Schema: - description: |- - OpenStackMachine is the Schema for the openstackmachines API. - - Deprecated: v1alpha7.OpenStackMachine has been replaced by v1beta1.OpenStackMachine. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineSpec defines the desired state of OpenStackMachine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications for - additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to attach to - the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - type: string - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage options - for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume in. - If omitted, the availability zone of the server will be used. - The availability zone must NOT contain spaces otherwise it will lead to volume that belongs - to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for - further information. - type: string - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - cloudName: - description: The name of the cloud to use from the clouds secret - type: string - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIP: - description: |- - The floatingIP which will be associated to the machine, only used for master. - The floatingIP should have been created and haven't been associated. - type: string - identityRef: - description: |- - IdentityRef is a reference to a identity to be used when reconciling this cluster. - If not specified, the identity ref of the cluster will be used instead. - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - image: - description: |- - The name of the image to use for your server instance. - If the RootVolume is specified, this will be ignored and use rootVolume directly. - type: string - imageUUID: - description: |- - The uuid of the image to use for your server instance. - if it's empty, Image name will be used - type: string - instanceID: - description: InstanceID is the OpenStack instance ID for this machine. - type: string - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - type: boolean - allowedAddressPairs: - items: - properties: - ipAddress: - type: string - macAddress: - type: string - type: object - type: array - description: - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: Specify pairs of subnet and/or IP address. These - should be subnets of the network with the given NetworkID. - items: - properties: - ipAddress: - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - hostId: - description: The ID of the host where the port is allocated - type: string - macAddress: - type: string - nameSuffix: - description: Used to make the name of the port unique. If unspecified, - instead the 0-based index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding details. - We intentionally don't expose this as a map[string]string because we only want to enable - the users to set the values of the keys that are known to work in OpenStack Networking API. - See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the OVS hardware - offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the propagate - uplink status on the port. - type: boolean - securityGroupFilters: - description: The names, uuids, filters or any combination these - of the security groups to assign to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Enables and disables trunk at port level. If not - provided, openStackMachine.Spec.Trunk is inherited. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec key-value - pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: The virtual network interface card (vNIC) type - that is bound to the neutron port. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - type: string - diskSize: - type: integer - volumeType: - type: string - type: object - securityGroups: - description: The names of the security groups to assign to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - serverGroupID: - description: The server group to assign the machine to - type: string - serverMetadata: - additionalProperties: - type: string - description: Metadata mapping. Allows you to create a map of key value - pairs to add to the server instance. - type: object - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Machine tags - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk port - or not. - type: boolean - type: object - status: - description: OpenStackMachineStatus defines the observed state of OpenStackMachine. - properties: - addresses: - description: Addresses contains the OpenStack instance associated - addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: DeprecatedCAPIMachineStatusError defines errors states - for Machine objects. - type: string - instanceState: - description: InstanceState is the state of the OpenStack instance - for this machine. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this OpenStackMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: OpenStack instance ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine object which owns with this OpenStackMachine - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - type: string - - description: Time duration since creation of OpenStackMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackMachine is the Schema for the openstackmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineSpec defines the desired state of OpenStackMachine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications for - additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to attach to - the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage options - for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? - has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single matching - image or an error will be raised. - type: string - tags: - description: The tags associated with the desired image. If - specified, the combination of name and tags must return - a single matching image or an error will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not be validated - before use. - format: uuid - type: string - imageRef: - description: |- - ImageRef is a reference to an ORC Image in the same namespace as the - referring object. - properties: - name: - description: Name is the name of the referenced resource - type: string - required: - - name - type: object - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The default - is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description for - the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or IP - address to assign to the port. If specified, these must be - subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the port - resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the port. - If not specified, the MAC address will be generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name of the - port if specified. If unspecified, instead the 0-based index - of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is - provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the propagate - uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, uuids, filters - or any combination these of the security groups to assign - to the instance. - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec key-value - pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - schedulerHintAdditionalProperties: - description: |- - SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints - to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure, - such as specifying certain host aggregates or availability zones. - items: - description: |- - SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint. - It includes a Name to identify the property and a Value that can be of various types. - properties: - name: - description: |- - Name is the name of the scheduler hint property. - It is a unique identifier for the property. - minLength: 1 - type: string - value: - description: |- - Value is the value of the scheduler hint property, which can be of various types - (e.g., bool, string, int). The type is indicated by the Value.Type field. - properties: - bool: - description: |- - Bool is the boolean value of the scheduler hint, used when Type is "Bool". - This field is required if type is 'Bool', and must not be set otherwise. - type: boolean - number: - description: |- - Number is the integer value of the scheduler hint, used when Type is "Number". - This field is required if type is 'Number', and must not be set otherwise. - type: integer - string: - description: |- - String is the string value of the scheduler hint, used when Type is "String". - This field is required if type is 'String', and must not be set otherwise. - maxLength: 255 - minLength: 1 - type: string - type: - description: |- - Type represents the type of the value. - Valid values are Bool, String, and Number. - enum: - - Bool - - String - - Number - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: bool is required when type is Bool, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool) - : !has(self.bool)' - - message: number is required when type is Number, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Number'' ? has(self.number) - : !has(self.number)' - - message: string is required when type is String, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''String'' ? has(self.string) - : !has(self.string)' - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityGroups: - description: The names of the security groups to assign to the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. If ID - is provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack server - group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map of key value - pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk port - or not. - type: boolean - required: - - image - type: object - x-kubernetes-validations: - - message: at least one of flavor or flavorID must be set - rule: (has(self.flavor) || has(self.flavorID)) - status: - description: OpenStackMachineStatus defines the observed state of OpenStackMachine. - properties: - addresses: - description: Addresses contains the OpenStack instance associated - addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: DeprecatedCAPIMachineStatusError defines errors states - for Machine objects. - type: string - instanceID: - description: InstanceID is the OpenStack instance ID for this machine. - type: string - instanceState: - description: |- - InstanceState is the state of the OpenStack instance for this machine. - This field is not set anymore by the OpenStackMachine controller. - Instead, it's set by the OpenStackServer controller. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - resolved: - description: |- - Resolved contains parts of the machine spec with all external - references fully resolved. - properties: - flavorID: - description: FlavorID is the ID of the flavor to use. - type: string - imageID: - description: ImageID is the ID of the image to use for the machine - and is calculated based on ImageFilter. - type: string - ports: - description: Ports is the fully resolved list of ports to create - for the machine. - items: - description: ResolvedPortSpec is a PortOpts with all contained - references fully resolved. - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The - default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - description: ResolvedFixedIP is a FixedIP with the Subnet - resolved to an ID. - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If SubnetID - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: SubnetID is the id of a subnet to create - the fixed IP of a port in. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the - port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the - port. If not specified, the MAC address will be generated. - type: string - name: - description: Name is the name of the port. - type: string - networkID: - description: NetworkID is the ID of the network the port - will be created in. - type: string - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the - propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of security group - IDs to assign to the port. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags applied to the port (and corresponding - trunk, if a trunk is configured.) - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk specifies whether trunking is enabled - at the port level. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - required: - - description - - name - - networkID - type: object - type: array - serverGroupID: - description: ServerGroupID is the ID of the server group the machine - should be added to and is calculated based on ServerGroupFilter. - type: string - type: object - resources: - description: Resources contains references to OpenStack resources - created for the machine. - properties: - ports: - description: Ports is the status of the ports created for the - machine. - items: - properties: - id: - description: ID is the unique identifier of the port. - type: string - required: - - id - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackMachineTemplate - listKind: OpenStackMachineTemplateList - plural: openstackmachinetemplates - shortNames: - - osmt - singular: openstackmachinetemplate - scope: Namespaced - versions: - - deprecated: true - deprecationWarning: The v1alpha7 version of OpenStackMachineTemplate has been - deprecated and will be removed in a future release. - name: v1alpha7 - schema: - openAPIV3Schema: - description: |- - OpenStackMachineTemplate is the Schema for the openstackmachinetemplates API. - - Deprecated: v1alpha7.OpenStackMachineTemplate has been replaced by v1beta1.OpenStackMachineTemplate. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineTemplateSpec defines the desired state of - OpenStackMachineTemplate. - properties: - template: - description: OpenStackMachineTemplateResource describes the data needed - to create a OpenStackMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume in. - If omitted, the availability zone of the server will be used. - The availability zone must NOT contain spaces otherwise it will lead to volume that belongs - to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for - further information. - type: string - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - cloudName: - description: The name of the cloud to use from the clouds - secret - type: string - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIP: - description: |- - The floatingIP which will be associated to the machine, only used for master. - The floatingIP should have been created and haven't been associated. - type: string - identityRef: - description: |- - IdentityRef is a reference to a identity to be used when reconciling this cluster. - If not specified, the identity ref of the cluster will be used instead. - properties: - kind: - description: |- - Kind of the identity. Must be supported by the infrastructure - provider and may be either cluster or namespace-scoped. - minLength: 1 - type: string - name: - description: |- - Name of the infrastructure identity to be used. - Must be either a cluster-scoped resource, or namespaced-scoped - resource the same namespace as the resource(s) being provisioned. - type: string - required: - - kind - - name - type: object - image: - description: |- - The name of the image to use for your server instance. - If the RootVolume is specified, this will be ignored and use rootVolume directly. - type: string - imageUUID: - description: |- - The uuid of the image to use for your server instance. - if it's empty, Image name will be used - type: string - instanceID: - description: InstanceID is the OpenStack instance ID for this - machine. - type: string - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - type: boolean - allowedAddressPairs: - items: - properties: - ipAddress: - type: string - macAddress: - type: string - type: object - type: array - description: - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: Specify pairs of subnet and/or IP address. - These should be subnets of the network with the given - NetworkID. - items: - properties: - ipAddress: - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - properties: - cidr: - type: string - description: - type: string - gateway_ip: - type: string - id: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RaMode: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - required: - - subnet - type: object - type: array - hostId: - description: The ID of the host where the port is allocated - type: string - macAddress: - type: string - nameSuffix: - description: Used to make the name of the port unique. - If unspecified, instead the 0-based index of the port - in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding details. - We intentionally don't expose this as a map[string]string because we only want to enable - the users to set the values of the keys that are known to work in OpenStack Networking API. - See https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the - OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroupFilters: - description: The names, uuids, filters or any combination - these of the security groups to assign to the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Enables and disables trunk at port level. - If not provided, openStackMachine.Spec.Trunk is inherited. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: The virtual network interface card (vNIC) - type that is bound to the neutron port. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - type: string - diskSize: - type: integer - volumeType: - type: string - type: object - securityGroups: - description: The names of the security groups to assign to - the instance - items: - properties: - description: - type: string - id: - type: string - name: - type: string - notTags: - type: string - notTagsAny: - type: string - projectId: - type: string - tags: - type: string - tagsAny: - type: string - type: object - type: array - serverGroupID: - description: The server group to assign the machine to - type: string - serverMetadata: - additionalProperties: - type: string - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - type: object - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Machine tags - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: false - storage: false - - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineTemplateSpec defines the desired state of - OpenStackMachineTemplate. - properties: - template: - description: OpenStackMachineTemplateResource describes the data needed - to create a OpenStackMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single - matching image or an error will be raised. - type: string - tags: - description: The tags associated with the desired - image. If specified, the combination of name and - tags must return a single matching image or an error - will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not - be validated before use. - format: uuid - type: string - imageRef: - description: |- - ImageRef is a reference to an ORC Image in the same namespace as the - referring object. - properties: - name: - description: Name is the name of the referenced resource - type: string - required: - - name - type: object - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select the subnet. It must match exactly - one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. - It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name - of the port if specified. If unspecified, instead - the 0-based index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - an OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. - If ID is provided, the other filters cannot be - provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, - uuids, filters or any combination these of the security - groups to assign to the instance. - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, cannot - be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in - gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - schedulerHintAdditionalProperties: - description: |- - SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints - to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure, - such as specifying certain host aggregates or availability zones. - items: - description: |- - SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint. - It includes a Name to identify the property and a Value that can be of various types. - properties: - name: - description: |- - Name is the name of the scheduler hint property. - It is a unique identifier for the property. - minLength: 1 - type: string - value: - description: |- - Value is the value of the scheduler hint property, which can be of various types - (e.g., bool, string, int). The type is indicated by the Value.Type field. - properties: - bool: - description: |- - Bool is the boolean value of the scheduler hint, used when Type is "Bool". - This field is required if type is 'Bool', and must not be set otherwise. - type: boolean - number: - description: |- - Number is the integer value of the scheduler hint, used when Type is "Number". - This field is required if type is 'Number', and must not be set otherwise. - type: integer - string: - description: |- - String is the string value of the scheduler hint, used when Type is "String". - This field is required if type is 'String', and must not be set otherwise. - maxLength: 255 - minLength: 1 - type: string - type: - description: |- - Type represents the type of the value. - Valid values are Bool, String, and Number. - enum: - - Bool - - String - - Number - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: bool is required when type is Bool, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool) - : !has(self.bool)' - - message: number is required when type is Number, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''Number'' ? - has(self.number) : !has(self.number)' - - message: string is required when type is String, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''String'' ? - has(self.string) : !has(self.string)' - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityGroups: - description: The names of the security groups to assign to - the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - server group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to - look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - required: - - image - type: object - x-kubernetes-validations: - - message: at least one of flavor or flavorID must be set - rule: (has(self.flavor) || has(self.flavorID)) - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - cluster.x-k8s.io/v1beta1: v1alpha7_v1beta1 - clusterctl.cluster.x-k8s.io: "" - name: openstackservers.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackServer - listKind: OpenStackServerList - plural: openstackservers - shortNames: - - oss - singular: openstackserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: OpenStack instance state - jsonPath: .status.instanceState - name: InstanceState - type: string - - description: OpenStack instance ready status - jsonPath: .status.ready - name: Ready - type: string - - description: OpenStack instance ID - jsonPath: .status.instanceID - name: InstanceID - type: string - - description: Time duration since creation of OpenStack instance - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: OpenStackServer is the Schema for the openstackservers API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackServerSpec defines the desired state of OpenStackServer. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications for - additional block devices to attach to the server instance. - items: - description: AdditionalBlockDevice is a block device to attach to - the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage options - for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? - has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - availabilityZone: - description: AvailabilityZone is the availability zone in which to - create the server instance. - type: string - configDrive: - description: ConfigDrive is a flag to enable config drive for the - server instance. - type: boolean - flavor: - description: The flavor reference for the flavor for the server instance. - minLength: 1 - type: string - flavorID: - description: |- - FlavorID allows flavors to be specified by ID. This field takes precedence - over Flavor. - minLength: 1 - type: string - floatingIPPoolRef: - description: FloatingIPPoolRef is a reference to a FloatingIPPool - to allocate a floating IP from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: IdentityRef is a reference to a secret holding OpenStack - credentials. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - region: - description: |- - Region specifies an OpenStack region to use. If specified, it overrides - any value in clouds.yaml. If specified for an OpenStackMachine, its - value will be included in providerID. - type: string - required: - - cloudName - - name - type: object - x-kubernetes-validations: - - message: region is immutable - rule: (!has(self.region) && !has(oldSelf.region)) || self.region - == oldSelf.region - image: - description: The image to use for the server instance. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single matching - image or an error will be raised. - type: string - tags: - description: The tags associated with the desired image. If - specified, the combination of name and tags must return - a single matching image or an error will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not be validated - before use. - format: uuid - type: string - imageRef: - description: |- - ImageRef is a reference to an ORC Image in the same namespace as the - referring object. - properties: - name: - description: Name is the name of the referenced resource - type: string - required: - - name - type: object - type: object - ports: - description: Ports to be attached to the server instance. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The default - is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description for - the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or IP - address to assign to the port. If specified, these must be - subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the port - resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the port. - If not specified, the MAC address will be generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name of the - port if specified. If unspecified, instead the 0-based index - of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is - provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the propagate - uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, uuids, filters - or any combination these of the security groups to assign - to the instance. - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec key-value - pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - rootVolume: - description: RootVolume is the specification for the root volume of - the server instance. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - schedulerHintAdditionalProperties: - description: |- - SchedulerHintAdditionalProperties are arbitrary key/value pairs that provide additional hints - to the OpenStack scheduler. These hints can influence how instances are placed on the infrastructure, - such as specifying certain host aggregates or availability zones. - items: - description: |- - SchedulerHintAdditionalProperty represents a single additional property for a scheduler hint. - It includes a Name to identify the property and a Value that can be of various types. - properties: - name: - description: |- - Name is the name of the scheduler hint property. - It is a unique identifier for the property. - minLength: 1 - type: string - value: - description: |- - Value is the value of the scheduler hint property, which can be of various types - (e.g., bool, string, int). The type is indicated by the Value.Type field. - properties: - bool: - description: |- - Bool is the boolean value of the scheduler hint, used when Type is "Bool". - This field is required if type is 'Bool', and must not be set otherwise. - type: boolean - number: - description: |- - Number is the integer value of the scheduler hint, used when Type is "Number". - This field is required if type is 'Number', and must not be set otherwise. - type: integer - string: - description: |- - String is the string value of the scheduler hint, used when Type is "String". - This field is required if type is 'String', and must not be set otherwise. - maxLength: 255 - minLength: 1 - type: string - type: - description: |- - Type represents the type of the value. - Valid values are Bool, String, and Number. - enum: - - Bool - - String - - Number - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: bool is required when type is Bool, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Bool'' ? has(self.bool) - : !has(self.bool)' - - message: number is required when type is Number, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Number'' ? has(self.number) - : !has(self.number)' - - message: string is required when type is String, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''String'' ? has(self.string) - : !has(self.string)' - required: - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityGroups: - description: SecurityGroups is a list of security groups names to - assign to the instance. - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. If ID - is provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: ServerGroup is the server group to which the server instance - belongs. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack server - group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: ServerMetadata is a map of key value pairs to add to - the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: SSHKeyName is the name of the SSH key to inject in the - instance. - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk is a flag to indicate if the server instance is - created on a trunk port or not. - type: boolean - userDataRef: - description: |- - UserDataRef is a reference to a secret containing the user data to - be injected into the server instance. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - required: - - identityRef - - image - - ports - - sshKeyName - type: object - x-kubernetes-validations: - - message: at least one of flavor or flavorID must be set - rule: (has(self.flavor) || has(self.flavorID)) - status: - description: OpenStackServerStatus defines the observed state of OpenStackServer. - properties: - addresses: - description: Addresses is the list of addresses of the server instance. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the OpenStackServer. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - instanceID: - description: InstanceID is the ID of the server instance. - type: string - instanceState: - description: InstanceState is the state of the server instance. - type: string - ready: - default: false - description: Ready is true when the OpenStack server is ready. - type: boolean - resolved: - description: |- - Resolved contains parts of the machine spec with all external - references fully resolved. - properties: - flavorID: - description: FlavorID is the ID of the flavor to use. - type: string - imageID: - description: ImageID is the ID of the image to use for the server - and is calculated based on ImageFilter. - type: string - ports: - description: Ports is the fully resolved list of ports to create - for the server. - items: - description: ResolvedPortSpec is a PortOpts with all contained - references fully resolved. - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The - default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - description: ResolvedFixedIP is a FixedIP with the Subnet - resolved to an ID. - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If SubnetID - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: SubnetID is the id of a subnet to create - the fixed IP of a port in. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the - port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the - port. If not specified, the MAC address will be generated. - type: string - name: - description: Name is the name of the port. - type: string - networkID: - description: NetworkID is the ID of the network the port - will be created in. - type: string - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: |- - OVSHWOffload enables or disables the OVS hardware offload feature. - This flag is not required on OpenStack clouds since Yoga as Nova will set it automatically when the port is attached. - See: https://bugs.launchpad.net/nova/+bug/2020813 - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the - propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of security group - IDs to assign to the port. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags applied to the port (and corresponding - trunk, if a trunk is configured.) - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk specifies whether trunking is enabled - at the port level. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - required: - - description - - name - - networkID - type: object - type: array - serverGroupID: - description: ServerGroupID is the ID of the server group the server - should be added to and is calculated based on ServerGroupFilter. - type: string - type: object - resources: - description: Resources contains references to OpenStack resources - created for the machine. - properties: - ports: - description: Ports is the status of the ports created for the - server. - items: - properties: - id: - description: ID is the unique identifier of the port. - type: string - required: - - id - type: object - type: array - type: object - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-manager - namespace: capo-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-leader-election-role - namespace: capo-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-manager-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machines - - machines/status - verbs: - - get - - list - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - openstackclusters - - openstackfloatingippools - - openstackmachines - - openstackservers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - openstackclusters/status - - openstackfloatingippools/status - - openstackmachines/status - - openstackservers/status - verbs: - - get - - patch - - update -- apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddressclaims - - ipaddressclaims/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddresses - - ipaddresses/status - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - openstack.k-orc.cloud - resources: - - images - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-leader-election-rolebinding - namespace: capo-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capo-leader-election-role -subjects: -- kind: ServiceAccount - name: capo-manager - namespace: capo-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capo-manager-role -subjects: -- kind: ServiceAccount - name: capo-manager - namespace: capo-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-webhook-service - namespace: capo-system -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - cluster.x-k8s.io/provider: infrastructure-openstack ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - control-plane: capo-controller-manager - name: capo-controller-manager - namespace: capo-system -spec: - replicas: 1 - selector: - matchLabels: - cluster.x-k8s.io/provider: infrastructure-openstack - control-plane: capo-controller-manager - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - control-plane: capo-controller-manager - spec: - containers: - - args: - - --leader-elect - - --v=2 - - --diagnostics-address=127.0.0.1:8080 - - --insecure-diagnostics=true - command: - - /manager - image: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.12.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: capo-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: capo-webhook-service-cert -status: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: capo-system/capo-serving-cert - creationTimestamp: null - labels: - cluster.x-k8s.io/provider: infrastructure-openstack - clusterctl.cluster.x-k8s.io: "" - name: capo-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackcluster - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.openstackcluster.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - openstackclusters - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackclustertemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - openstackclustertemplates - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachine - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.openstackmachine.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - openstackmachines - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-openstackmachinetemplate - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - openstackmachinetemplates - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: capo-webhook-service - namespace: capo-system - path: /validate-infrastructure-cluster-x-k8s-io-v1alpha1-openstackserver - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.openstackserver.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - openstackservers - sideEffects: None -- 2.25.1