diff --git a/Dockerfile b/Dockerfile
index 67faa28..e89fbd4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,19 @@
 ADD . /app
 RUN poetry install --only main --no-interaction
 
+FROM python:3.10-slim AS kubectl
+ADD https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl /kubectl
+RUN chmod +x /kubectl
+RUN /kubectl version --client
+
+FROM python:3.10-slim AS helm
+ADD https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz /helm.tar.gz
+RUN tar -xvzf /helm.tar.gz
+RUN /linux-amd64/helm version
+
 FROM python:3.10-slim AS runtime
 ENV PATH="/app/.venv/bin:$PATH"
 COPY --from=builder --link /app /app
+COPY --from=kubectl --link /kubectl /usr/local/bin/kubectl
+COPY --from=helm --link /linux-amd64/helm /usr/local/bin/helm
 CMD ["kopf", "run", "/app/atmosphere/cmd/operator.py"]
diff --git a/atmosphere/operator/api/__init__.py b/atmosphere/operator/api/__init__.py
index e69de29..2eeaeee 100644
--- a/atmosphere/operator/api/__init__.py
+++ b/atmosphere/operator/api/__init__.py
@@ -0,0 +1,7 @@
+import pykube
+
+
+class Cloud(pykube.objects.NamespacedAPIObject):
+    version = "atmosphere.vexxhost.com/v1alpha1"
+    endpoint = "clouds"
+    kind = "Cloud"
diff --git a/atmosphere/operator/controllers/__init__.py b/atmosphere/operator/controllers/__init__.py
index 89e0cdf..2e2e8ae 100644
--- a/atmosphere/operator/controllers/__init__.py
+++ b/atmosphere/operator/controllers/__init__.py
@@ -1 +1,2 @@
+from atmosphere.operator.controllers import cloud  # noqa: F401
 from atmosphere.operator.controllers import openstack  # noqa: F401
diff --git a/atmosphere/operator/controllers/cloud.py b/atmosphere/operator/controllers/cloud.py
new file mode 100644
index 0000000..39c836f
--- /dev/null
+++ b/atmosphere/operator/controllers/cloud.py
@@ -0,0 +1,79 @@
+import logging
+
+import kopf
+from taskflow import engines
+from taskflow.listeners import logging as logging_listener
+from taskflow.patterns import graph_flow
+
+from atmosphere.operator import tasks
+from atmosphere.operator.api import Cloud
+
+
+@kopf.on.resume(Cloud.version, Cloud.kind)
+@kopf.on.create(Cloud.version, Cloud.kind)
+def create_fn(namespace: str, name: str, spec: dict, **_):
+    flow = graph_flow.Flow("deploy").add(
+        tasks.BuildApiClient(),
+        tasks.GenerateImageTagsConfigMap(provides="image_tags"),
+        tasks.GenerateSecrets(provides="secrets"),
+    )
+
+    if spec["magnum"].get("enabled", True):
+        flow.add(
+            tasks.InstallClusterApiTask(),
+            tasks.ApplyRabbitmqClusterTask(
+                inject={"chart_name": "magnum"}, provides="magnum_rabbitmq"
+            ),
+            tasks.GetChartValues(
+                inject={
+                    "helm_repository": "openstack-helm",
+                    "helm_repository_url": "https://tarballs.opendev.org/openstack/openstack-helm/",
+                    "chart_name": "magnum",
+                    "chart_version": "0.2.8",
+                },
+                provides="magnum_chart_values",
+            ),
+            tasks.GenerateReleaseValues(
+                inject={"chart_name": "magnum"},
+                rebind={"rabbitmq": "magnum_rabbitmq"},
+                provides="magnum_release_values",
+            ),
+            tasks.GenerateMagnumChartValuesFrom(
+                rebind={"rabbitmq": "magnum_rabbitmq"},
+                provides="magnum_values_from",
+            ),
+            tasks.ApplyHelmReleaseTask(
+                inject={
+                    "helm_repository": "openstack-helm",
+                    "chart_name": "magnum",
+                    "chart_version": "0.2.8",
+                    "release_name": "magnum",
+                },
+                rebind={
+                    "values": "magnum_release_values",
+                    "values_from": "magnum_values_from",
+                },
+            ),
+            tasks.ApplyIngressTask(
+                inject={"endpoint": "container_infra"},
+                rebind={
+                    "chart_values": "magnum_chart_values",
+                    "release_values": "magnum_release_values",
+                },
+            ),
+        )
+
+    engine = engines.load(
+        flow,
+        store={
+            "namespace": namespace,
+            "name": name,
+            "spec": spec,
+        },
+        executor="greenthreaded",
+        engine="parallel",
+        max_workers=4,
+    )
+
+    with logging_listener.DynamicLoggingListener(engine, level=logging.INFO):
+        engine.run()
diff --git a/atmosphere/operator/manifests/capi-bootstrap.yml b/atmosphere/operator/manifests/capi-bootstrap.yml
new file mode 100644
index 0000000..27be3d1
--- /dev/null
+++ b/atmosphere/operator/manifests/capi-bootstrap.yml
@@ -0,0 +1,6570 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-kubeadm-bootstrap-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1alpha4: v1alpha4
+    cluster.x-k8s.io/v1beta1: v1beta1
+    clusterctl.cluster.x-k8s.io: ""
+  name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-kubeadm-bootstrap-webhook-service
+          namespace: capi-kubeadm-bootstrap-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: bootstrap.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: KubeadmConfig
+    listKind: KubeadmConfigList
+    plural: kubeadmconfigs
+    singular: kubeadmconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+              Either ClusterConfiguration and InitConfiguration should be defined
+              or the JoinConfiguration should be defined.
+            properties:
+              clusterConfiguration:
+                description: ClusterConfiguration along with InitConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiServer:
+                    description: APIServer contains extra settings for the API server
+                      control plane component
+                    properties:
+                      certSANs:
+                        description: CertSANs sets extra Subject Alternative Names
+                          for the API Server signing cert.
+                        items:
+                          type: string
+                        type: array
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                      timeoutForControlPlane:
+                        description: TimeoutForControlPlane controls the timeout that
+                          we use for API server to appear
+                        type: string
+                    type: object
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  certificatesDir:
+                    description: 'CertificatesDir specifies where to store or look
+                      for all required certificates. NB: if not provided, this will
+                      default to `/etc/kubernetes/pki`'
+                    type: string
+                  clusterName:
+                    description: The cluster name
+                    type: string
+                  controlPlaneEndpoint:
+                    description: 'ControlPlaneEndpoint sets a stable IP address or
+                      DNS name for the control plane; it can be a valid IP address
+                      or a RFC-1123 DNS subdomain, both with optional TCP port. In
+                      case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+                      + BindPort are used; in case the ControlPlaneEndpoint is specified
+                      but without a TCP port, the BindPort is used. Possible usages
+                      are: e.g. In a cluster with more than one control plane instances,
+                      this field should be assigned the address of the external load
+                      balancer in front of the control plane instances. e.g.  in environments
+                      with enforced node recycling, the ControlPlaneEndpoint could
+                      be used for assigning a stable DNS to the control plane. NB:
+                      This value defaults to the first value in the Cluster object
+                      status.apiEndpoints array.'
+                    type: string
+                  controllerManager:
+                    description: ControllerManager contains extra settings for the
+                      controller manager control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                  dns:
+                    description: DNS defines the options for the DNS add-on installed
+                      in the cluster.
+                    properties:
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. if not set, the ImageRepository defined
+                          in ClusterConfiguration will be used instead.
+                        type: string
+                      imageTag:
+                        description: ImageTag allows to specify a tag for the image.
+                          In case this value is set, kubeadm does not change automatically
+                          the version of the above components during upgrades.
+                        type: string
+                      type:
+                        description: Type defines the DNS add-on to be used
+                        type: string
+                    type: object
+                  etcd:
+                    description: 'Etcd holds configuration for etcd. NB: This value
+                      defaults to a Local (stacked) etcd'
+                    properties:
+                      external:
+                        description: External describes how to connect to an external
+                          etcd cluster Local and External are mutually exclusive
+                        properties:
+                          caFile:
+                            description: CAFile is an SSL Certificate Authority file
+                              used to secure etcd communication. Required if using
+                              a TLS connection.
+                            type: string
+                          certFile:
+                            description: CertFile is an SSL certification file used
+                              to secure etcd communication. Required if using a TLS
+                              connection.
+                            type: string
+                          endpoints:
+                            description: Endpoints of etcd members. Required for ExternalEtcd.
+                            items:
+                              type: string
+                            type: array
+                          keyFile:
+                            description: KeyFile is an SSL key file used to secure
+                              etcd communication. Required if using a TLS connection.
+                            type: string
+                        required:
+                        - caFile
+                        - certFile
+                        - endpoints
+                        - keyFile
+                        type: object
+                      local:
+                        description: Local provides configuration knobs for configuring
+                          the local etcd instance Local and External are mutually
+                          exclusive
+                        properties:
+                          dataDir:
+                            description: DataDir is the directory etcd will place
+                              its data. Defaults to "/var/lib/etcd".
+                            type: string
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: ExtraArgs are extra arguments provided to
+                              the etcd binary when run inside a static pod.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                          peerCertSANs:
+                            description: PeerCertSANs sets extra Subject Alternative
+                              Names for the etcd peer signing cert.
+                            items:
+                              type: string
+                            type: array
+                          serverCertSANs:
+                            description: ServerCertSANs sets extra Subject Alternative
+                              Names for the etcd server signing cert.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    type: object
+                  featureGates:
+                    additionalProperties:
+                      type: boolean
+                    description: FeatureGates enabled by the user.
+                    type: object
+                  imageRepository:
+                    description: ImageRepository sets the container registry to pull
+                      images from. If empty, `k8s.gcr.io` will be used by default;
+                      in case of kubernetes version is a CI build (kubernetes version
+                      starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                      will be used as a default for control plane components and for
+                      kube-proxy, while `k8s.gcr.io` will be used for all the other
+                      images.
+                    type: string
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  kubernetesVersion:
+                    description: 'KubernetesVersion is the target version of the control
+                      plane. NB: This value defaults to the Machine object spec.version'
+                    type: string
+                  networking:
+                    description: 'Networking holds configuration for the networking
+                      topology of the cluster. NB: This value defaults to the Cluster
+                      object spec.clusterNetwork.'
+                    properties:
+                      dnsDomain:
+                        description: DNSDomain is the dns domain used by k8s services.
+                          Defaults to "cluster.local".
+                        type: string
+                      podSubnet:
+                        description: PodSubnet is the subnet used by pods. If unset,
+                          the API server will not allocate CIDR ranges for every node.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.services.cidrBlocks if that is set
+                        type: string
+                      serviceSubnet:
+                        description: ServiceSubnet is the subnet used by k8s services.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+                          if that's unset.
+                        type: string
+                    type: object
+                  scheduler:
+                    description: Scheduler contains extra settings for the scheduler
+                      control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                  useHyperKubeImage:
+                    description: UseHyperKubeImage controls if hyperkube should be
+                      used for Kubernetes components instead of their respective separate
+                      images
+                    type: boolean
+                type: object
+              diskSetup:
+                description: DiskSetup specifies options for the creation of partition
+                  tables and file systems on devices.
+                properties:
+                  filesystems:
+                    description: Filesystems specifies the list of file systems to
+                      setup.
+                    items:
+                      description: Filesystem defines the file systems to be created.
+                      properties:
+                        device:
+                          description: Device specifies the device name
+                          type: string
+                        extraOpts:
+                          description: ExtraOpts defined extra options to add to the
+                            command for creating the file system.
+                          items:
+                            type: string
+                          type: array
+                        filesystem:
+                          description: Filesystem specifies the file system type.
+                          type: string
+                        label:
+                          description: Label specifies the file system label to be
+                            used. If set to None, no label is used.
+                          type: string
+                        overwrite:
+                          description: Overwrite defines whether or not to overwrite
+                            any existing filesystem. If true, any pre-existing file
+                            system will be destroyed. Use with Caution.
+                          type: boolean
+                        partition:
+                          description: 'Partition specifies the partition to use.
+                            The valid options are: "auto|any", "auto", "any", "none",
+                            and <NUM>, where NUM is the actual partition number.'
+                          type: string
+                        replaceFS:
+                          description: 'ReplaceFS is a special directive, used for
+                            Microsoft Azure that instructs cloud-init to replace a
+                            file system of <FS_TYPE>. NOTE: unless you define a label,
+                            this requires the use of the ''any'' partition directive.'
+                          type: string
+                      required:
+                      - device
+                      - filesystem
+                      - label
+                      type: object
+                    type: array
+                  partitions:
+                    description: Partitions specifies the list of the partitions to
+                      setup.
+                    items:
+                      description: Partition defines how to create and layout a partition.
+                      properties:
+                        device:
+                          description: Device is the name of the device.
+                          type: string
+                        layout:
+                          description: Layout specifies the device layout. If it is
+                            true, a single partition will be created for the entire
+                            device. When layout is false, it means don't partition
+                            or ignore existing partitioning.
+                          type: boolean
+                        overwrite:
+                          description: Overwrite describes whether to skip checks
+                            and create the partition if a partition or filesystem
+                            is found on the device. Use with caution. Default is 'false'.
+                          type: boolean
+                        tableType:
+                          description: 'TableType specifies the tupe of partition
+                            table. The following are supported: ''mbr'': default and
+                            setups a MS-DOS partition table ''gpt'': setups a GPT
+                            partition table'
+                          type: string
+                      required:
+                      - device
+                      - layout
+                      type: object
+                    type: array
+                type: object
+              files:
+                description: Files specifies extra files to be passed to user_data
+                  upon creation.
+                items:
+                  description: File defines the input for generating write_files in
+                    cloud-init.
+                  properties:
+                    content:
+                      description: Content is the actual content of the file.
+                      type: string
+                    contentFrom:
+                      description: ContentFrom is a referenced source of content to
+                        populate the file.
+                      properties:
+                        secret:
+                          description: Secret represents a secret that should populate
+                            this file.
+                          properties:
+                            key:
+                              description: Key is the key in the secret's data map
+                                for this value.
+                              type: string
+                            name:
+                              description: Name of the secret in the KubeadmBootstrapConfig's
+                                namespace to use.
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                      required:
+                      - secret
+                      type: object
+                    encoding:
+                      description: Encoding specifies the encoding of the file contents.
+                      enum:
+                      - base64
+                      - gzip
+                      - gzip+base64
+                      type: string
+                    owner:
+                      description: Owner specifies the ownership of the file, e.g.
+                        "root:root".
+                      type: string
+                    path:
+                      description: Path specifies the full path on disk where to store
+                        the file.
+                      type: string
+                    permissions:
+                      description: Permissions specifies the permissions to assign
+                        to the file, e.g. "0640".
+                      type: string
+                  required:
+                  - path
+                  type: object
+                type: array
+              format:
+                description: Format specifies the output format of the bootstrap data
+                enum:
+                - cloud-config
+                type: string
+              initConfiguration:
+                description: InitConfiguration along with ClusterConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  bootstrapTokens:
+                    description: BootstrapTokens is respected at `kubeadm init` time
+                      and describes a set of Bootstrap Tokens to create. This information
+                      IS NOT uploaded to the kubeadm cluster configmap, partly because
+                      of its sensitive nature
+                    items:
+                      description: BootstrapToken describes one bootstrap token, stored
+                        as a Secret in the cluster.
+                      properties:
+                        description:
+                          description: Description sets a human-friendly message why
+                            this token exists and what it's used for, so other administrators
+                            can know its purpose.
+                          type: string
+                        expires:
+                          description: Expires specifies the timestamp when this token
+                            expires. Defaults to being set dynamically at runtime
+                            based on the TTL. Expires and TTL are mutually exclusive.
+                          format: date-time
+                          type: string
+                        groups:
+                          description: Groups specifies the extra groups that this
+                            token will authenticate as when/if used for authentication
+                          items:
+                            type: string
+                          type: array
+                        token:
+                          description: Token is used for establishing bidirectional
+                            trust between nodes and control-planes. Used for joining
+                            nodes in the cluster.
+                          type: string
+                        ttl:
+                          description: TTL defines the time to live for this token.
+                            Defaults to 24h. Expires and TTL are mutually exclusive.
+                          type: string
+                        usages:
+                          description: Usages describes the ways in which this token
+                            can be used. Can by default be used for establishing bidirectional
+                            trust, but that can be changed here.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - token
+                      type: object
+                    type: array
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  localAPIEndpoint:
+                    description: LocalAPIEndpoint represents the endpoint of the API
+                      server instance that's deployed on this control plane node In
+                      HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                      in the sense that ControlPlaneEndpoint is the global endpoint
+                      for the cluster, which then loadbalances the requests to each
+                      individual API server. This configuration object lets you customize
+                      what IP/DNS name and port the local API server advertises it's
+                      accessible on. By default, kubeadm tries to auto-detect the
+                      IP of the default interface and use that, but in case that process
+                      fails you may set the desired value here.
+                    properties:
+                      advertiseAddress:
+                        description: AdvertiseAddress sets the IP address for the
+                          API server to advertise.
+                        type: string
+                      bindPort:
+                        description: BindPort sets the secure port for the API Server
+                          to bind to. Defaults to 6443.
+                        format: int32
+                        type: integer
+                    required:
+                    - advertiseAddress
+                    - bindPort
+                    type: object
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: {}` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              joinConfiguration:
+                description: JoinConfiguration is the kubeadm configuration for the
+                  join command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  caCertPath:
+                    description: 'CACertPath is the path to the SSL certificate authority
+                      used to secure comunications between node and control-plane.
+                      Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+                      there is defaulting from k/k'
+                    type: string
+                  controlPlane:
+                    description: ControlPlane defines the additional control plane
+                      instance to be deployed on the joining node. If nil, no additional
+                      control plane instance will be deployed.
+                    properties:
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance to be deployed on this node.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        required:
+                        - advertiseAddress
+                        - bindPort
+                        type: object
+                    type: object
+                  discovery:
+                    description: 'Discovery specifies the options for the kubelet
+                      to use during the TLS Bootstrap process TODO: revisit when there
+                      is defaulting from k/k'
+                    properties:
+                      bootstrapToken:
+                        description: BootstrapToken is used to set the options for
+                          bootstrap token based discovery BootstrapToken and File
+                          are mutually exclusive
+                        properties:
+                          apiServerEndpoint:
+                            description: APIServerEndpoint is an IP or domain name
+                              to the API server from which info will be fetched.
+                            type: string
+                          caCertHashes:
+                            description: 'CACertHashes specifies a set of public key
+                              pins to verify when token-based discovery is used. The
+                              root CA found during discovery must match one of these
+                              values. Specifying an empty set disables root CA pinning,
+                              which can be unsafe. Each hash is specified as "<type>:<value>",
+                              where the only currently supported type is "sha256".
+                              This is a hex-encoded SHA-256 hash of the Subject Public
+                              Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+                              can be calculated using, for example, OpenSSL: openssl
+                              x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                              der 2>&/dev/null | openssl dgst -sha256 -hex'
+                            items:
+                              type: string
+                            type: array
+                          token:
+                            description: Token is a token used to validate cluster
+                              information fetched from the control-plane.
+                            type: string
+                          unsafeSkipCAVerification:
+                            description: UnsafeSkipCAVerification allows token-based
+                              discovery without CA verification via CACertHashes.
+                              This can weaken the security of kubeadm since other
+                              nodes can impersonate the control-plane.
+                            type: boolean
+                        required:
+                        - token
+                        - unsafeSkipCAVerification
+                        type: object
+                      file:
+                        description: File is used to specify a file or URL to a kubeconfig
+                          file from which to load cluster information BootstrapToken
+                          and File are mutually exclusive
+                        properties:
+                          kubeConfigPath:
+                            description: KubeConfigPath is used to specify the actual
+                              file path or URL to the kubeconfig file from which to
+                              load cluster information
+                            type: string
+                        required:
+                        - kubeConfigPath
+                        type: object
+                      timeout:
+                        description: Timeout modifies the discovery timeout
+                        type: string
+                      tlsBootstrapToken:
+                        description: 'TLSBootstrapToken is a token used for TLS bootstrapping.
+                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+                          but can be overridden. If .File is set, this field **must
+                          be set** in case the KubeConfigFile does not contain any
+                          other authentication information TODO: revisit when there
+                          is defaulting from k/k'
+                        type: string
+                    type: object
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: {}` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              mounts:
+                description: Mounts specifies a list of mount points to be setup.
+                items:
+                  description: MountPoints defines input for generated mounts in cloud-init.
+                  items:
+                    type: string
+                  type: array
+                type: array
+              ntp:
+                description: NTP specifies NTP configuration
+                properties:
+                  enabled:
+                    description: Enabled specifies whether NTP should be enabled
+                    type: boolean
+                  servers:
+                    description: Servers specifies which NTP servers to use
+                    items:
+                      type: string
+                    type: array
+                type: object
+              postKubeadmCommands:
+                description: PostKubeadmCommands specifies extra commands to run after
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              preKubeadmCommands:
+                description: PreKubeadmCommands specifies extra commands to run before
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              useExperimentalRetryJoin:
+                description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+                  with a shell script with retries for joins. \n This is meant to
+                  be an experimental temporary workaround on some environments where
+                  joins fail due to timing (and other issues). The long term goal
+                  is to add retries to kubeadm proper and use that functionality.
+                  \n This will add about 40KB to userdata \n For more information,
+                  refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                type: boolean
+              users:
+                description: Users specifies extra users to add
+                items:
+                  description: User defines the input for a generated user in cloud-init.
+                  properties:
+                    gecos:
+                      description: Gecos specifies the gecos to use for the user
+                      type: string
+                    groups:
+                      description: Groups specifies the additional groups for the
+                        user
+                      type: string
+                    homeDir:
+                      description: HomeDir specifies the home directory to use for
+                        the user
+                      type: string
+                    inactive:
+                      description: Inactive specifies whether to mark the user as
+                        inactive
+                      type: boolean
+                    lockPassword:
+                      description: LockPassword specifies if password login should
+                        be disabled
+                      type: boolean
+                    name:
+                      description: Name specifies the user name
+                      type: string
+                    passwd:
+                      description: Passwd specifies a hashed password for the user
+                      type: string
+                    primaryGroup:
+                      description: PrimaryGroup specifies the primary group for the
+                        user
+                      type: string
+                    shell:
+                      description: Shell specifies the user's shell
+                      type: string
+                    sshAuthorizedKeys:
+                      description: SSHAuthorizedKeys specifies a list of ssh authorized
+                        keys for the user
+                      items:
+                        type: string
+                      type: array
+                    sudo:
+                      description: Sudo specifies a sudo role for the user
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              verbosity:
+                description: Verbosity is the number for the kubeadm log level verbosity.
+                  It overrides the `--v` flag in kubeadm commands.
+                format: int32
+                type: integer
+            type: object
+          status:
+            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+            properties:
+              bootstrapData:
+                description: "BootstrapData will be a cloud-init script for now. \n
+                  Deprecated: Switch to DataSecretName."
+                format: byte
+                type: string
+              conditions:
+                description: Conditions defines current service state of the KubeadmConfig.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              dataSecretName:
+                description: DataSecretName is the name of the secret that stores
+                  the bootstrap data script.
+                type: string
+              failureMessage:
+                description: FailureMessage will be set on non-retryable errors
+                type: string
+              failureReason:
+                description: FailureReason will be set on non-retryable errors
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready indicates the BootstrapData field is ready to be
+                  consumed
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmConfig
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+              Either ClusterConfiguration and InitConfiguration should be defined
+              or the JoinConfiguration should be defined.
+            properties:
+              clusterConfiguration:
+                description: ClusterConfiguration along with InitConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiServer:
+                    description: APIServer contains extra settings for the API server
+                      control plane component
+                    properties:
+                      certSANs:
+                        description: CertSANs sets extra Subject Alternative Names
+                          for the API Server signing cert.
+                        items:
+                          type: string
+                        type: array
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                      timeoutForControlPlane:
+                        description: TimeoutForControlPlane controls the timeout that
+                          we use for API server to appear
+                        type: string
+                    type: object
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  certificatesDir:
+                    description: 'CertificatesDir specifies where to store or look
+                      for all required certificates. NB: if not provided, this will
+                      default to `/etc/kubernetes/pki`'
+                    type: string
+                  clusterName:
+                    description: The cluster name
+                    type: string
+                  controlPlaneEndpoint:
+                    description: 'ControlPlaneEndpoint sets a stable IP address or
+                      DNS name for the control plane; it can be a valid IP address
+                      or a RFC-1123 DNS subdomain, both with optional TCP port. In
+                      case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+                      + BindPort are used; in case the ControlPlaneEndpoint is specified
+                      but without a TCP port, the BindPort is used. Possible usages
+                      are: e.g. In a cluster with more than one control plane instances,
+                      this field should be assigned the address of the external load
+                      balancer in front of the control plane instances. e.g.  in environments
+                      with enforced node recycling, the ControlPlaneEndpoint could
+                      be used for assigning a stable DNS to the control plane. NB:
+                      This value defaults to the first value in the Cluster object
+                      status.apiEndpoints array.'
+                    type: string
+                  controllerManager:
+                    description: ControllerManager contains extra settings for the
+                      controller manager control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                  dns:
+                    description: DNS defines the options for the DNS add-on installed
+                      in the cluster.
+                    properties:
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. if not set, the ImageRepository defined
+                          in ClusterConfiguration will be used instead.
+                        type: string
+                      imageTag:
+                        description: ImageTag allows to specify a tag for the image.
+                          In case this value is set, kubeadm does not change automatically
+                          the version of the above components during upgrades.
+                        type: string
+                    type: object
+                  etcd:
+                    description: 'Etcd holds configuration for etcd. NB: This value
+                      defaults to a Local (stacked) etcd'
+                    properties:
+                      external:
+                        description: External describes how to connect to an external
+                          etcd cluster Local and External are mutually exclusive
+                        properties:
+                          caFile:
+                            description: CAFile is an SSL Certificate Authority file
+                              used to secure etcd communication. Required if using
+                              a TLS connection.
+                            type: string
+                          certFile:
+                            description: CertFile is an SSL certification file used
+                              to secure etcd communication. Required if using a TLS
+                              connection.
+                            type: string
+                          endpoints:
+                            description: Endpoints of etcd members. Required for ExternalEtcd.
+                            items:
+                              type: string
+                            type: array
+                          keyFile:
+                            description: KeyFile is an SSL key file used to secure
+                              etcd communication. Required if using a TLS connection.
+                            type: string
+                        required:
+                        - caFile
+                        - certFile
+                        - endpoints
+                        - keyFile
+                        type: object
+                      local:
+                        description: Local provides configuration knobs for configuring
+                          the local etcd instance Local and External are mutually
+                          exclusive
+                        properties:
+                          dataDir:
+                            description: DataDir is the directory etcd will place
+                              its data. Defaults to "/var/lib/etcd".
+                            type: string
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: ExtraArgs are extra arguments provided to
+                              the etcd binary when run inside a static pod.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                          peerCertSANs:
+                            description: PeerCertSANs sets extra Subject Alternative
+                              Names for the etcd peer signing cert.
+                            items:
+                              type: string
+                            type: array
+                          serverCertSANs:
+                            description: ServerCertSANs sets extra Subject Alternative
+                              Names for the etcd server signing cert.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    type: object
+                  featureGates:
+                    additionalProperties:
+                      type: boolean
+                    description: FeatureGates enabled by the user.
+                    type: object
+                  imageRepository:
+                    description: ImageRepository sets the container registry to pull
+                      images from. If empty, `registry.k8s.io` will be used by default;
+                      in case of kubernetes version is a CI build (kubernetes version
+                      starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                      will be used as a default for control plane components and for
+                      kube-proxy, while `registry.k8s.io` will be used for all the
+                      other images.
+                    type: string
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  kubernetesVersion:
+                    description: 'KubernetesVersion is the target version of the control
+                      plane. NB: This value defaults to the Machine object spec.version'
+                    type: string
+                  networking:
+                    description: 'Networking holds configuration for the networking
+                      topology of the cluster. NB: This value defaults to the Cluster
+                      object spec.clusterNetwork.'
+                    properties:
+                      dnsDomain:
+                        description: DNSDomain is the dns domain used by k8s services.
+                          Defaults to "cluster.local".
+                        type: string
+                      podSubnet:
+                        description: PodSubnet is the subnet used by pods. If unset,
+                          the API server will not allocate CIDR ranges for every node.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.services.cidrBlocks if that is set
+                        type: string
+                      serviceSubnet:
+                        description: ServiceSubnet is the subnet used by k8s services.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+                          if that's unset.
+                        type: string
+                    type: object
+                  scheduler:
+                    description: Scheduler contains extra settings for the scheduler
+                      control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              diskSetup:
+                description: DiskSetup specifies options for the creation of partition
+                  tables and file systems on devices.
+                properties:
+                  filesystems:
+                    description: Filesystems specifies the list of file systems to
+                      setup.
+                    items:
+                      description: Filesystem defines the file systems to be created.
+                      properties:
+                        device:
+                          description: Device specifies the device name
+                          type: string
+                        extraOpts:
+                          description: ExtraOpts defined extra options to add to the
+                            command for creating the file system.
+                          items:
+                            type: string
+                          type: array
+                        filesystem:
+                          description: Filesystem specifies the file system type.
+                          type: string
+                        label:
+                          description: Label specifies the file system label to be
+                            used. If set to None, no label is used.
+                          type: string
+                        overwrite:
+                          description: Overwrite defines whether or not to overwrite
+                            any existing filesystem. If true, any pre-existing file
+                            system will be destroyed. Use with Caution.
+                          type: boolean
+                        partition:
+                          description: 'Partition specifies the partition to use.
+                            The valid options are: "auto|any", "auto", "any", "none",
+                            and <NUM>, where NUM is the actual partition number.'
+                          type: string
+                        replaceFS:
+                          description: 'ReplaceFS is a special directive, used for
+                            Microsoft Azure that instructs cloud-init to replace a
+                            file system of <FS_TYPE>. NOTE: unless you define a label,
+                            this requires the use of the ''any'' partition directive.'
+                          type: string
+                      required:
+                      - device
+                      - filesystem
+                      - label
+                      type: object
+                    type: array
+                  partitions:
+                    description: Partitions specifies the list of the partitions to
+                      setup.
+                    items:
+                      description: Partition defines how to create and layout a partition.
+                      properties:
+                        device:
+                          description: Device is the name of the device.
+                          type: string
+                        layout:
+                          description: Layout specifies the device layout. If it is
+                            true, a single partition will be created for the entire
+                            device. When layout is false, it means don't partition
+                            or ignore existing partitioning.
+                          type: boolean
+                        overwrite:
+                          description: Overwrite describes whether to skip checks
+                            and create the partition if a partition or filesystem
+                            is found on the device. Use with caution. Default is 'false'.
+                          type: boolean
+                        tableType:
+                          description: 'TableType specifies the tupe of partition
+                            table. The following are supported: ''mbr'': default and
+                            setups a MS-DOS partition table ''gpt'': setups a GPT
+                            partition table'
+                          type: string
+                      required:
+                      - device
+                      - layout
+                      type: object
+                    type: array
+                type: object
+              files:
+                description: Files specifies extra files to be passed to user_data
+                  upon creation.
+                items:
+                  description: File defines the input for generating write_files in
+                    cloud-init.
+                  properties:
+                    content:
+                      description: Content is the actual content of the file.
+                      type: string
+                    contentFrom:
+                      description: ContentFrom is a referenced source of content to
+                        populate the file.
+                      properties:
+                        secret:
+                          description: Secret represents a secret that should populate
+                            this file.
+                          properties:
+                            key:
+                              description: Key is the key in the secret's data map
+                                for this value.
+                              type: string
+                            name:
+                              description: Name of the secret in the KubeadmBootstrapConfig's
+                                namespace to use.
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                      required:
+                      - secret
+                      type: object
+                    encoding:
+                      description: Encoding specifies the encoding of the file contents.
+                      enum:
+                      - base64
+                      - gzip
+                      - gzip+base64
+                      type: string
+                    owner:
+                      description: Owner specifies the ownership of the file, e.g.
+                        "root:root".
+                      type: string
+                    path:
+                      description: Path specifies the full path on disk where to store
+                        the file.
+                      type: string
+                    permissions:
+                      description: Permissions specifies the permissions to assign
+                        to the file, e.g. "0640".
+                      type: string
+                  required:
+                  - path
+                  type: object
+                type: array
+              format:
+                description: Format specifies the output format of the bootstrap data
+                enum:
+                - cloud-config
+                type: string
+              initConfiguration:
+                description: InitConfiguration along with ClusterConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  bootstrapTokens:
+                    description: BootstrapTokens is respected at `kubeadm init` time
+                      and describes a set of Bootstrap Tokens to create. This information
+                      IS NOT uploaded to the kubeadm cluster configmap, partly because
+                      of its sensitive nature
+                    items:
+                      description: BootstrapToken describes one bootstrap token, stored
+                        as a Secret in the cluster.
+                      properties:
+                        description:
+                          description: Description sets a human-friendly message why
+                            this token exists and what it's used for, so other administrators
+                            can know its purpose.
+                          type: string
+                        expires:
+                          description: Expires specifies the timestamp when this token
+                            expires. Defaults to being set dynamically at runtime
+                            based on the TTL. Expires and TTL are mutually exclusive.
+                          format: date-time
+                          type: string
+                        groups:
+                          description: Groups specifies the extra groups that this
+                            token will authenticate as when/if used for authentication
+                          items:
+                            type: string
+                          type: array
+                        token:
+                          description: Token is used for establishing bidirectional
+                            trust between nodes and control-planes. Used for joining
+                            nodes in the cluster.
+                          type: string
+                        ttl:
+                          description: TTL defines the time to live for this token.
+                            Defaults to 24h. Expires and TTL are mutually exclusive.
+                          type: string
+                        usages:
+                          description: Usages describes the ways in which this token
+                            can be used. Can by default be used for establishing bidirectional
+                            trust, but that can be changed here.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - token
+                      type: object
+                    type: array
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  localAPIEndpoint:
+                    description: LocalAPIEndpoint represents the endpoint of the API
+                      server instance that's deployed on this control plane node In
+                      HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                      in the sense that ControlPlaneEndpoint is the global endpoint
+                      for the cluster, which then loadbalances the requests to each
+                      individual API server. This configuration object lets you customize
+                      what IP/DNS name and port the local API server advertises it's
+                      accessible on. By default, kubeadm tries to auto-detect the
+                      IP of the default interface and use that, but in case that process
+                      fails you may set the desired value here.
+                    properties:
+                      advertiseAddress:
+                        description: AdvertiseAddress sets the IP address for the
+                          API server to advertise.
+                        type: string
+                      bindPort:
+                        description: BindPort sets the secure port for the API Server
+                          to bind to. Defaults to 6443.
+                        format: int32
+                        type: integer
+                    type: object
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      ignorePreflightErrors:
+                        description: IgnorePreflightErrors provides a slice of pre-flight
+                          errors to be ignored when the current node is registered.
+                        items:
+                          type: string
+                        type: array
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: {}` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              joinConfiguration:
+                description: JoinConfiguration is the kubeadm configuration for the
+                  join command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  caCertPath:
+                    description: 'CACertPath is the path to the SSL certificate authority
+                      used to secure comunications between node and control-plane.
+                      Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+                      there is defaulting from k/k'
+                    type: string
+                  controlPlane:
+                    description: ControlPlane defines the additional control plane
+                      instance to be deployed on the joining node. If nil, no additional
+                      control plane instance will be deployed.
+                    properties:
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance to be deployed on this node.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        type: object
+                    type: object
+                  discovery:
+                    description: 'Discovery specifies the options for the kubelet
+                      to use during the TLS Bootstrap process TODO: revisit when there
+                      is defaulting from k/k'
+                    properties:
+                      bootstrapToken:
+                        description: BootstrapToken is used to set the options for
+                          bootstrap token based discovery BootstrapToken and File
+                          are mutually exclusive
+                        properties:
+                          apiServerEndpoint:
+                            description: APIServerEndpoint is an IP or domain name
+                              to the API server from which info will be fetched.
+                            type: string
+                          caCertHashes:
+                            description: 'CACertHashes specifies a set of public key
+                              pins to verify when token-based discovery is used. The
+                              root CA found during discovery must match one of these
+                              values. Specifying an empty set disables root CA pinning,
+                              which can be unsafe. Each hash is specified as "<type>:<value>",
+                              where the only currently supported type is "sha256".
+                              This is a hex-encoded SHA-256 hash of the Subject Public
+                              Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+                              can be calculated using, for example, OpenSSL: openssl
+                              x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                              der 2>&/dev/null | openssl dgst -sha256 -hex'
+                            items:
+                              type: string
+                            type: array
+                          token:
+                            description: Token is a token used to validate cluster
+                              information fetched from the control-plane.
+                            type: string
+                          unsafeSkipCAVerification:
+                            description: UnsafeSkipCAVerification allows token-based
+                              discovery without CA verification via CACertHashes.
+                              This can weaken the security of kubeadm since other
+                              nodes can impersonate the control-plane.
+                            type: boolean
+                        required:
+                        - token
+                        type: object
+                      file:
+                        description: File is used to specify a file or URL to a kubeconfig
+                          file from which to load cluster information BootstrapToken
+                          and File are mutually exclusive
+                        properties:
+                          kubeConfigPath:
+                            description: KubeConfigPath is used to specify the actual
+                              file path or URL to the kubeconfig file from which to
+                              load cluster information
+                            type: string
+                        required:
+                        - kubeConfigPath
+                        type: object
+                      timeout:
+                        description: Timeout modifies the discovery timeout
+                        type: string
+                      tlsBootstrapToken:
+                        description: TLSBootstrapToken is a token used for TLS bootstrapping.
+                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+                          but can be overridden. If .File is set, this field **must
+                          be set** in case the KubeConfigFile does not contain any
+                          other authentication information
+                        type: string
+                    type: object
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      ignorePreflightErrors:
+                        description: IgnorePreflightErrors provides a slice of pre-flight
+                          errors to be ignored when the current node is registered.
+                        items:
+                          type: string
+                        type: array
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: {}` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              mounts:
+                description: Mounts specifies a list of mount points to be setup.
+                items:
+                  description: MountPoints defines input for generated mounts in cloud-init.
+                  items:
+                    type: string
+                  type: array
+                type: array
+              ntp:
+                description: NTP specifies NTP configuration
+                properties:
+                  enabled:
+                    description: Enabled specifies whether NTP should be enabled
+                    type: boolean
+                  servers:
+                    description: Servers specifies which NTP servers to use
+                    items:
+                      type: string
+                    type: array
+                type: object
+              postKubeadmCommands:
+                description: PostKubeadmCommands specifies extra commands to run after
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              preKubeadmCommands:
+                description: PreKubeadmCommands specifies extra commands to run before
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              useExperimentalRetryJoin:
+                description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+                  with a shell script with retries for joins. \n This is meant to
+                  be an experimental temporary workaround on some environments where
+                  joins fail due to timing (and other issues). The long term goal
+                  is to add retries to kubeadm proper and use that functionality.
+                  \n This will add about 40KB to userdata \n For more information,
+                  refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                type: boolean
+              users:
+                description: Users specifies extra users to add
+                items:
+                  description: User defines the input for a generated user in cloud-init.
+                  properties:
+                    gecos:
+                      description: Gecos specifies the gecos to use for the user
+                      type: string
+                    groups:
+                      description: Groups specifies the additional groups for the
+                        user
+                      type: string
+                    homeDir:
+                      description: HomeDir specifies the home directory to use for
+                        the user
+                      type: string
+                    inactive:
+                      description: Inactive specifies whether to mark the user as
+                        inactive
+                      type: boolean
+                    lockPassword:
+                      description: LockPassword specifies if password login should
+                        be disabled
+                      type: boolean
+                    name:
+                      description: Name specifies the user name
+                      type: string
+                    passwd:
+                      description: Passwd specifies a hashed password for the user
+                      type: string
+                    primaryGroup:
+                      description: PrimaryGroup specifies the primary group for the
+                        user
+                      type: string
+                    shell:
+                      description: Shell specifies the user's shell
+                      type: string
+                    sshAuthorizedKeys:
+                      description: SSHAuthorizedKeys specifies a list of ssh authorized
+                        keys for the user
+                      items:
+                        type: string
+                      type: array
+                    sudo:
+                      description: Sudo specifies a sudo role for the user
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              verbosity:
+                description: Verbosity is the number for the kubeadm log level verbosity.
+                  It overrides the `--v` flag in kubeadm commands.
+                format: int32
+                type: integer
+            type: object
+          status:
+            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the KubeadmConfig.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              dataSecretName:
+                description: DataSecretName is the name of the secret that stores
+                  the bootstrap data script.
+                type: string
+              failureMessage:
+                description: FailureMessage will be set on non-retryable errors
+                type: string
+              failureReason:
+                description: FailureReason will be set on non-retryable errors
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready indicates the BootstrapData field is ready to be
+                  consumed
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+      name: Cluster
+      type: string
+    - description: Time duration since creation of KubeadmConfig
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+              Either ClusterConfiguration and InitConfiguration should be defined
+              or the JoinConfiguration should be defined.
+            properties:
+              clusterConfiguration:
+                description: ClusterConfiguration along with InitConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiServer:
+                    description: APIServer contains extra settings for the API server
+                      control plane component
+                    properties:
+                      certSANs:
+                        description: CertSANs sets extra Subject Alternative Names
+                          for the API Server signing cert.
+                        items:
+                          type: string
+                        type: array
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                      timeoutForControlPlane:
+                        description: TimeoutForControlPlane controls the timeout that
+                          we use for API server to appear
+                        type: string
+                    type: object
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  certificatesDir:
+                    description: 'CertificatesDir specifies where to store or look
+                      for all required certificates. NB: if not provided, this will
+                      default to `/etc/kubernetes/pki`'
+                    type: string
+                  clusterName:
+                    description: The cluster name
+                    type: string
+                  controlPlaneEndpoint:
+                    description: 'ControlPlaneEndpoint sets a stable IP address or
+                      DNS name for the control plane; it can be a valid IP address
+                      or a RFC-1123 DNS subdomain, both with optional TCP port. In
+                      case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+                      + BindPort are used; in case the ControlPlaneEndpoint is specified
+                      but without a TCP port, the BindPort is used. Possible usages
+                      are: e.g. In a cluster with more than one control plane instances,
+                      this field should be assigned the address of the external load
+                      balancer in front of the control plane instances. e.g.  in environments
+                      with enforced node recycling, the ControlPlaneEndpoint could
+                      be used for assigning a stable DNS to the control plane. NB:
+                      This value defaults to the first value in the Cluster object
+                      status.apiEndpoints array.'
+                    type: string
+                  controllerManager:
+                    description: ControllerManager contains extra settings for the
+                      controller manager control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                  dns:
+                    description: DNS defines the options for the DNS add-on installed
+                      in the cluster.
+                    properties:
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. if not set, the ImageRepository defined
+                          in ClusterConfiguration will be used instead.
+                        type: string
+                      imageTag:
+                        description: ImageTag allows to specify a tag for the image.
+                          In case this value is set, kubeadm does not change automatically
+                          the version of the above components during upgrades.
+                        type: string
+                    type: object
+                  etcd:
+                    description: 'Etcd holds configuration for etcd. NB: This value
+                      defaults to a Local (stacked) etcd'
+                    properties:
+                      external:
+                        description: External describes how to connect to an external
+                          etcd cluster Local and External are mutually exclusive
+                        properties:
+                          caFile:
+                            description: CAFile is an SSL Certificate Authority file
+                              used to secure etcd communication. Required if using
+                              a TLS connection.
+                            type: string
+                          certFile:
+                            description: CertFile is an SSL certification file used
+                              to secure etcd communication. Required if using a TLS
+                              connection.
+                            type: string
+                          endpoints:
+                            description: Endpoints of etcd members. Required for ExternalEtcd.
+                            items:
+                              type: string
+                            type: array
+                          keyFile:
+                            description: KeyFile is an SSL key file used to secure
+                              etcd communication. Required if using a TLS connection.
+                            type: string
+                        required:
+                        - caFile
+                        - certFile
+                        - endpoints
+                        - keyFile
+                        type: object
+                      local:
+                        description: Local provides configuration knobs for configuring
+                          the local etcd instance Local and External are mutually
+                          exclusive
+                        properties:
+                          dataDir:
+                            description: DataDir is the directory etcd will place
+                              its data. Defaults to "/var/lib/etcd".
+                            type: string
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: ExtraArgs are extra arguments provided to
+                              the etcd binary when run inside a static pod.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                          peerCertSANs:
+                            description: PeerCertSANs sets extra Subject Alternative
+                              Names for the etcd peer signing cert.
+                            items:
+                              type: string
+                            type: array
+                          serverCertSANs:
+                            description: ServerCertSANs sets extra Subject Alternative
+                              Names for the etcd server signing cert.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    type: object
+                  featureGates:
+                    additionalProperties:
+                      type: boolean
+                    description: FeatureGates enabled by the user.
+                    type: object
+                  imageRepository:
+                    description: ImageRepository sets the container registry to pull
+                      images from. If empty, `registry.k8s.io` will be used by default;
+                      in case of kubernetes version is a CI build (kubernetes version
+                      starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                      will be used as a default for control plane components and for
+                      kube-proxy, while `registry.k8s.io` will be used for all the
+                      other images.
+                    type: string
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  kubernetesVersion:
+                    description: 'KubernetesVersion is the target version of the control
+                      plane. NB: This value defaults to the Machine object spec.version'
+                    type: string
+                  networking:
+                    description: 'Networking holds configuration for the networking
+                      topology of the cluster. NB: This value defaults to the Cluster
+                      object spec.clusterNetwork.'
+                    properties:
+                      dnsDomain:
+                        description: DNSDomain is the dns domain used by k8s services.
+                          Defaults to "cluster.local".
+                        type: string
+                      podSubnet:
+                        description: PodSubnet is the subnet used by pods. If unset,
+                          the API server will not allocate CIDR ranges for every node.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.services.cidrBlocks if that is set
+                        type: string
+                      serviceSubnet:
+                        description: ServiceSubnet is the subnet used by k8s services.
+                          Defaults to a comma-delimited string of the Cluster object's
+                          spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+                          if that's unset.
+                        type: string
+                    type: object
+                  scheduler:
+                    description: Scheduler contains extra settings for the scheduler
+                      control plane component
+                    properties:
+                      extraArgs:
+                        additionalProperties:
+                          type: string
+                        description: 'ExtraArgs is an extra set of flags to pass to
+                          the control plane component. TODO: This is temporary and
+                          ideally we would like to switch all components to use ComponentConfig
+                          + ConfigMaps.'
+                        type: object
+                      extraVolumes:
+                        description: ExtraVolumes is an extra set of host volumes,
+                          mounted to the control plane component.
+                        items:
+                          description: HostPathMount contains elements describing
+                            volumes that are mounted from the host.
+                          properties:
+                            hostPath:
+                              description: HostPath is the path in the host that will
+                                be mounted inside the pod.
+                              type: string
+                            mountPath:
+                              description: MountPath is the path inside the pod where
+                                hostPath will be mounted.
+                              type: string
+                            name:
+                              description: Name of the volume inside the pod template.
+                              type: string
+                            pathType:
+                              description: PathType is the type of the HostPath.
+                              type: string
+                            readOnly:
+                              description: ReadOnly controls write access to the volume
+                              type: boolean
+                          required:
+                          - hostPath
+                          - mountPath
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                type: object
+              diskSetup:
+                description: DiskSetup specifies options for the creation of partition
+                  tables and file systems on devices.
+                properties:
+                  filesystems:
+                    description: Filesystems specifies the list of file systems to
+                      setup.
+                    items:
+                      description: Filesystem defines the file systems to be created.
+                      properties:
+                        device:
+                          description: Device specifies the device name
+                          type: string
+                        extraOpts:
+                          description: ExtraOpts defined extra options to add to the
+                            command for creating the file system.
+                          items:
+                            type: string
+                          type: array
+                        filesystem:
+                          description: Filesystem specifies the file system type.
+                          type: string
+                        label:
+                          description: Label specifies the file system label to be
+                            used. If set to None, no label is used.
+                          type: string
+                        overwrite:
+                          description: Overwrite defines whether or not to overwrite
+                            any existing filesystem. If true, any pre-existing file
+                            system will be destroyed. Use with Caution.
+                          type: boolean
+                        partition:
+                          description: 'Partition specifies the partition to use.
+                            The valid options are: "auto|any", "auto", "any", "none",
+                            and <NUM>, where NUM is the actual partition number.'
+                          type: string
+                        replaceFS:
+                          description: 'ReplaceFS is a special directive, used for
+                            Microsoft Azure that instructs cloud-init to replace a
+                            file system of <FS_TYPE>. NOTE: unless you define a label,
+                            this requires the use of the ''any'' partition directive.'
+                          type: string
+                      required:
+                      - device
+                      - filesystem
+                      - label
+                      type: object
+                    type: array
+                  partitions:
+                    description: Partitions specifies the list of the partitions to
+                      setup.
+                    items:
+                      description: Partition defines how to create and layout a partition.
+                      properties:
+                        device:
+                          description: Device is the name of the device.
+                          type: string
+                        layout:
+                          description: Layout specifies the device layout. If it is
+                            true, a single partition will be created for the entire
+                            device. When layout is false, it means don't partition
+                            or ignore existing partitioning.
+                          type: boolean
+                        overwrite:
+                          description: Overwrite describes whether to skip checks
+                            and create the partition if a partition or filesystem
+                            is found on the device. Use with caution. Default is 'false'.
+                          type: boolean
+                        tableType:
+                          description: 'TableType specifies the tupe of partition
+                            table. The following are supported: ''mbr'': default and
+                            setups a MS-DOS partition table ''gpt'': setups a GPT
+                            partition table'
+                          type: string
+                      required:
+                      - device
+                      - layout
+                      type: object
+                    type: array
+                type: object
+              files:
+                description: Files specifies extra files to be passed to user_data
+                  upon creation.
+                items:
+                  description: File defines the input for generating write_files in
+                    cloud-init.
+                  properties:
+                    append:
+                      description: Append specifies whether to append Content to existing
+                        file if Path exists.
+                      type: boolean
+                    content:
+                      description: Content is the actual content of the file.
+                      type: string
+                    contentFrom:
+                      description: ContentFrom is a referenced source of content to
+                        populate the file.
+                      properties:
+                        secret:
+                          description: Secret represents a secret that should populate
+                            this file.
+                          properties:
+                            key:
+                              description: Key is the key in the secret's data map
+                                for this value.
+                              type: string
+                            name:
+                              description: Name of the secret in the KubeadmBootstrapConfig's
+                                namespace to use.
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                      required:
+                      - secret
+                      type: object
+                    encoding:
+                      description: Encoding specifies the encoding of the file contents.
+                      enum:
+                      - base64
+                      - gzip
+                      - gzip+base64
+                      type: string
+                    owner:
+                      description: Owner specifies the ownership of the file, e.g.
+                        "root:root".
+                      type: string
+                    path:
+                      description: Path specifies the full path on disk where to store
+                        the file.
+                      type: string
+                    permissions:
+                      description: Permissions specifies the permissions to assign
+                        to the file, e.g. "0640".
+                      type: string
+                  required:
+                  - path
+                  type: object
+                type: array
+              format:
+                description: Format specifies the output format of the bootstrap data
+                enum:
+                - cloud-config
+                - ignition
+                type: string
+              ignition:
+                description: Ignition contains Ignition specific configuration.
+                properties:
+                  containerLinuxConfig:
+                    description: ContainerLinuxConfig contains CLC specific configuration.
+                    properties:
+                      additionalConfig:
+                        description: "AdditionalConfig contains additional configuration
+                          to be merged with the Ignition configuration generated by
+                          the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+                          \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+                        type: string
+                      strict:
+                        description: Strict controls if AdditionalConfig should be
+                          strictly parsed. If so, warnings are treated as errors.
+                        type: boolean
+                    type: object
+                type: object
+              initConfiguration:
+                description: InitConfiguration along with ClusterConfiguration are
+                  the configurations necessary for the init command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  bootstrapTokens:
+                    description: BootstrapTokens is respected at `kubeadm init` time
+                      and describes a set of Bootstrap Tokens to create. This information
+                      IS NOT uploaded to the kubeadm cluster configmap, partly because
+                      of its sensitive nature
+                    items:
+                      description: BootstrapToken describes one bootstrap token, stored
+                        as a Secret in the cluster.
+                      properties:
+                        description:
+                          description: Description sets a human-friendly message why
+                            this token exists and what it's used for, so other administrators
+                            can know its purpose.
+                          type: string
+                        expires:
+                          description: Expires specifies the timestamp when this token
+                            expires. Defaults to being set dynamically at runtime
+                            based on the TTL. Expires and TTL are mutually exclusive.
+                          format: date-time
+                          type: string
+                        groups:
+                          description: Groups specifies the extra groups that this
+                            token will authenticate as when/if used for authentication
+                          items:
+                            type: string
+                          type: array
+                        token:
+                          description: Token is used for establishing bidirectional
+                            trust between nodes and control-planes. Used for joining
+                            nodes in the cluster.
+                          type: string
+                        ttl:
+                          description: TTL defines the time to live for this token.
+                            Defaults to 24h. Expires and TTL are mutually exclusive.
+                          type: string
+                        usages:
+                          description: Usages describes the ways in which this token
+                            can be used. Can by default be used for establishing bidirectional
+                            trust, but that can be changed here.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - token
+                      type: object
+                    type: array
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  localAPIEndpoint:
+                    description: LocalAPIEndpoint represents the endpoint of the API
+                      server instance that's deployed on this control plane node In
+                      HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                      in the sense that ControlPlaneEndpoint is the global endpoint
+                      for the cluster, which then loadbalances the requests to each
+                      individual API server. This configuration object lets you customize
+                      what IP/DNS name and port the local API server advertises it's
+                      accessible on. By default, kubeadm tries to auto-detect the
+                      IP of the default interface and use that, but in case that process
+                      fails you may set the desired value here.
+                    properties:
+                      advertiseAddress:
+                        description: AdvertiseAddress sets the IP address for the
+                          API server to advertise.
+                        type: string
+                      bindPort:
+                        description: BindPort sets the secure port for the API Server
+                          to bind to. Defaults to 6443.
+                        format: int32
+                        type: integer
+                    type: object
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      ignorePreflightErrors:
+                        description: IgnorePreflightErrors provides a slice of pre-flight
+                          errors to be ignored when the current node is registered.
+                        items:
+                          type: string
+                        type: array
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: []` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                  patches:
+                    description: Patches contains options related to applying patches
+                      to components deployed by kubeadm during "kubeadm init". The
+                      minimum kubernetes version needed to support Patches is v1.22
+                    properties:
+                      directory:
+                        description: Directory is a path to a directory that contains
+                          files named "target[suffix][+patchtype].extension". For
+                          example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+                          "target" can be one of "kube-apiserver", "kube-controller-manager",
+                          "kube-scheduler", "etcd". "patchtype" can be one of "strategic"
+                          "merge" or "json" and they match the patch formats supported
+                          by kubectl. The default "patchtype" is "strategic". "extension"
+                          must be either "json" or "yaml". "suffix" is an optional
+                          string that can be used to determine which patches are applied
+                          first alpha-numerically. These files can be written into
+                          the target directory via KubeadmConfig.Files which specifies
+                          additional files to be created on the machine, either with
+                          content inline or by referencing a secret.
+                        type: string
+                    type: object
+                  skipPhases:
+                    description: SkipPhases is a list of phases to skip during command
+                      execution. The list of phases can be obtained with the "kubeadm
+                      init --help" command. This option takes effect only on Kubernetes
+                      >=1.22.0.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              joinConfiguration:
+                description: JoinConfiguration is the kubeadm configuration for the
+                  join command
+                properties:
+                  apiVersion:
+                    description: 'APIVersion defines the versioned schema of this
+                      representation of an object. Servers should convert recognized
+                      schemas to the latest internal value, and may reject unrecognized
+                      values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                    type: string
+                  caCertPath:
+                    description: 'CACertPath is the path to the SSL certificate authority
+                      used to secure comunications between node and control-plane.
+                      Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+                      there is defaulting from k/k'
+                    type: string
+                  controlPlane:
+                    description: ControlPlane defines the additional control plane
+                      instance to be deployed on the joining node. If nil, no additional
+                      control plane instance will be deployed.
+                    properties:
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance to be deployed on this node.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        type: object
+                    type: object
+                  discovery:
+                    description: 'Discovery specifies the options for the kubelet
+                      to use during the TLS Bootstrap process TODO: revisit when there
+                      is defaulting from k/k'
+                    properties:
+                      bootstrapToken:
+                        description: BootstrapToken is used to set the options for
+                          bootstrap token based discovery BootstrapToken and File
+                          are mutually exclusive
+                        properties:
+                          apiServerEndpoint:
+                            description: APIServerEndpoint is an IP or domain name
+                              to the API server from which info will be fetched.
+                            type: string
+                          caCertHashes:
+                            description: 'CACertHashes specifies a set of public key
+                              pins to verify when token-based discovery is used. The
+                              root CA found during discovery must match one of these
+                              values. Specifying an empty set disables root CA pinning,
+                              which can be unsafe. Each hash is specified as "<type>:<value>",
+                              where the only currently supported type is "sha256".
+                              This is a hex-encoded SHA-256 hash of the Subject Public
+                              Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+                              can be calculated using, for example, OpenSSL: openssl
+                              x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                              der 2>&/dev/null | openssl dgst -sha256 -hex'
+                            items:
+                              type: string
+                            type: array
+                          token:
+                            description: Token is a token used to validate cluster
+                              information fetched from the control-plane.
+                            type: string
+                          unsafeSkipCAVerification:
+                            description: UnsafeSkipCAVerification allows token-based
+                              discovery without CA verification via CACertHashes.
+                              This can weaken the security of kubeadm since other
+                              nodes can impersonate the control-plane.
+                            type: boolean
+                        required:
+                        - token
+                        type: object
+                      file:
+                        description: File is used to specify a file or URL to a kubeconfig
+                          file from which to load cluster information BootstrapToken
+                          and File are mutually exclusive
+                        properties:
+                          kubeConfigPath:
+                            description: KubeConfigPath is used to specify the actual
+                              file path or URL to the kubeconfig file from which to
+                              load cluster information
+                            type: string
+                        required:
+                        - kubeConfigPath
+                        type: object
+                      timeout:
+                        description: Timeout modifies the discovery timeout
+                        type: string
+                      tlsBootstrapToken:
+                        description: TLSBootstrapToken is a token used for TLS bootstrapping.
+                          If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+                          but can be overridden. If .File is set, this field **must
+                          be set** in case the KubeConfigFile does not contain any
+                          other authentication information
+                        type: string
+                    type: object
+                  kind:
+                    description: 'Kind is a string value representing the REST resource
+                      this object represents. Servers may infer this from the endpoint
+                      the client submits requests to. Cannot be updated. In CamelCase.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  nodeRegistration:
+                    description: NodeRegistration holds fields that relate to registering
+                      the new control-plane node to the cluster. When used in the
+                      context of control plane nodes, NodeRegistration should remain
+                      consistent across both InitConfiguration and JoinConfiguration
+                    properties:
+                      criSocket:
+                        description: CRISocket is used to retrieve container runtime
+                          info. This information will be annotated to the Node API
+                          object, for later re-use
+                        type: string
+                      ignorePreflightErrors:
+                        description: IgnorePreflightErrors provides a slice of pre-flight
+                          errors to be ignored when the current node is registered.
+                        items:
+                          type: string
+                        type: array
+                      kubeletExtraArgs:
+                        additionalProperties:
+                          type: string
+                        description: KubeletExtraArgs passes through extra arguments
+                          to the kubelet. The arguments here are passed to the kubelet
+                          command line via the environment file kubeadm writes at
+                          runtime for the kubelet to source. This overrides the generic
+                          base-level configuration in the kubelet-config-1.X ConfigMap
+                          Flags have higher priority when parsing. These values are
+                          local and specific to the node kubeadm is executing on.
+                        type: object
+                      name:
+                        description: Name is the `.Metadata.Name` field of the Node
+                          API object that will be created in this `kubeadm init` or
+                          `kubeadm join` operation. This field is also used in the
+                          CommonName field of the kubelet's client certificate to
+                          the API server. Defaults to the hostname of the node if
+                          not provided.
+                        type: string
+                      taints:
+                        description: 'Taints specifies the taints the Node API object
+                          should be registered with. If this field is unset, i.e.
+                          nil, in the `kubeadm init` process it will be defaulted
+                          to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+                          you don''t want to taint your control-plane node, set this
+                          field to an empty slice, i.e. `taints: []` in the YAML file.
+                          This field is solely used for Node registration.'
+                        items:
+                          description: The node this Taint is attached to has the
+                            "effect" on any pod that does not tolerate the Taint.
+                          properties:
+                            effect:
+                              description: Required. The effect of the taint on pods
+                                that do not tolerate the taint. Valid effects are
+                                NoSchedule, PreferNoSchedule and NoExecute.
+                              type: string
+                            key:
+                              description: Required. The taint key to be applied to
+                                a node.
+                              type: string
+                            timeAdded:
+                              description: TimeAdded represents the time at which
+                                the taint was added. It is only written for NoExecute
+                                taints.
+                              format: date-time
+                              type: string
+                            value:
+                              description: The taint value corresponding to the taint
+                                key.
+                              type: string
+                          required:
+                          - effect
+                          - key
+                          type: object
+                        type: array
+                    type: object
+                  patches:
+                    description: Patches contains options related to applying patches
+                      to components deployed by kubeadm during "kubeadm join". The
+                      minimum kubernetes version needed to support Patches is v1.22
+                    properties:
+                      directory:
+                        description: Directory is a path to a directory that contains
+                          files named "target[suffix][+patchtype].extension". For
+                          example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+                          "target" can be one of "kube-apiserver", "kube-controller-manager",
+                          "kube-scheduler", "etcd". "patchtype" can be one of "strategic"
+                          "merge" or "json" and they match the patch formats supported
+                          by kubectl. The default "patchtype" is "strategic". "extension"
+                          must be either "json" or "yaml". "suffix" is an optional
+                          string that can be used to determine which patches are applied
+                          first alpha-numerically. These files can be written into
+                          the target directory via KubeadmConfig.Files which specifies
+                          additional files to be created on the machine, either with
+                          content inline or by referencing a secret.
+                        type: string
+                    type: object
+                  skipPhases:
+                    description: SkipPhases is a list of phases to skip during command
+                      execution. The list of phases can be obtained with the "kubeadm
+                      init --help" command. This option takes effect only on Kubernetes
+                      >=1.22.0.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              mounts:
+                description: Mounts specifies a list of mount points to be setup.
+                items:
+                  description: MountPoints defines input for generated mounts in cloud-init.
+                  items:
+                    type: string
+                  type: array
+                type: array
+              ntp:
+                description: NTP specifies NTP configuration
+                properties:
+                  enabled:
+                    description: Enabled specifies whether NTP should be enabled
+                    type: boolean
+                  servers:
+                    description: Servers specifies which NTP servers to use
+                    items:
+                      type: string
+                    type: array
+                type: object
+              postKubeadmCommands:
+                description: PostKubeadmCommands specifies extra commands to run after
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              preKubeadmCommands:
+                description: PreKubeadmCommands specifies extra commands to run before
+                  kubeadm runs
+                items:
+                  type: string
+                type: array
+              useExperimentalRetryJoin:
+                description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+                  with a shell script with retries for joins. \n This is meant to
+                  be an experimental temporary workaround on some environments where
+                  joins fail due to timing (and other issues). The long term goal
+                  is to add retries to kubeadm proper and use that functionality.
+                  \n This will add about 40KB to userdata \n For more information,
+                  refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+                  \n Deprecated: This experimental fix is no longer needed and this
+                  field will be removed in a future release. When removing also remove
+                  from staticcheck exclude-rules for SA1019 in golangci.yml"
+                type: boolean
+              users:
+                description: Users specifies extra users to add
+                items:
+                  description: User defines the input for a generated user in cloud-init.
+                  properties:
+                    gecos:
+                      description: Gecos specifies the gecos to use for the user
+                      type: string
+                    groups:
+                      description: Groups specifies the additional groups for the
+                        user
+                      type: string
+                    homeDir:
+                      description: HomeDir specifies the home directory to use for
+                        the user
+                      type: string
+                    inactive:
+                      description: Inactive specifies whether to mark the user as
+                        inactive
+                      type: boolean
+                    lockPassword:
+                      description: LockPassword specifies if password login should
+                        be disabled
+                      type: boolean
+                    name:
+                      description: Name specifies the user name
+                      type: string
+                    passwd:
+                      description: Passwd specifies a hashed password for the user
+                      type: string
+                    passwdFrom:
+                      description: PasswdFrom is a referenced source of passwd to
+                        populate the passwd.
+                      properties:
+                        secret:
+                          description: Secret represents a secret that should populate
+                            this password.
+                          properties:
+                            key:
+                              description: Key is the key in the secret's data map
+                                for this value.
+                              type: string
+                            name:
+                              description: Name of the secret in the KubeadmBootstrapConfig's
+                                namespace to use.
+                              type: string
+                          required:
+                          - key
+                          - name
+                          type: object
+                      required:
+                      - secret
+                      type: object
+                    primaryGroup:
+                      description: PrimaryGroup specifies the primary group for the
+                        user
+                      type: string
+                    shell:
+                      description: Shell specifies the user's shell
+                      type: string
+                    sshAuthorizedKeys:
+                      description: SSHAuthorizedKeys specifies a list of ssh authorized
+                        keys for the user
+                      items:
+                        type: string
+                      type: array
+                    sudo:
+                      description: Sudo specifies a sudo role for the user
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              verbosity:
+                description: Verbosity is the number for the kubeadm log level verbosity.
+                  It overrides the `--v` flag in kubeadm commands.
+                format: int32
+                type: integer
+            type: object
+          status:
+            description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the KubeadmConfig.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              dataSecretName:
+                description: DataSecretName is the name of the secret that stores
+                  the bootstrap data script.
+                type: string
+              failureMessage:
+                description: FailureMessage will be set on non-retryable errors
+                type: string
+              failureReason:
+                description: FailureReason will be set on non-retryable errors
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready indicates the BootstrapData field is ready to be
+                  consumed
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1alpha4: v1alpha4
+    cluster.x-k8s.io/v1beta1: v1beta1
+    clusterctl.cluster.x-k8s.io: ""
+  name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-kubeadm-bootstrap-webhook-service
+          namespace: capi-kubeadm-bootstrap-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: bootstrap.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: KubeadmConfigTemplate
+    listKind: KubeadmConfigTemplateList
+    plural: kubeadmconfigtemplates
+    singular: kubeadmconfigtemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+            properties:
+              template:
+                description: KubeadmConfigTemplateResource defines the Template structure.
+                properties:
+                  spec:
+                    description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+                      Either ClusterConfiguration and InitConfiguration should be
+                      defined or the JoinConfiguration should be defined.
+                    properties:
+                      clusterConfiguration:
+                        description: ClusterConfiguration along with InitConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiServer:
+                            description: APIServer contains extra settings for the
+                              API server control plane component
+                            properties:
+                              certSANs:
+                                description: CertSANs sets extra Subject Alternative
+                                  Names for the API Server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                              timeoutForControlPlane:
+                                description: TimeoutForControlPlane controls the timeout
+                                  that we use for API server to appear
+                                type: string
+                            type: object
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          certificatesDir:
+                            description: 'CertificatesDir specifies where to store
+                              or look for all required certificates. NB: if not provided,
+                              this will default to `/etc/kubernetes/pki`'
+                            type: string
+                          clusterName:
+                            description: The cluster name
+                            type: string
+                          controlPlaneEndpoint:
+                            description: 'ControlPlaneEndpoint sets a stable IP address
+                              or DNS name for the control plane; it can be a valid
+                              IP address or a RFC-1123 DNS subdomain, both with optional
+                              TCP port. In case the ControlPlaneEndpoint is not specified,
+                              the AdvertiseAddress + BindPort are used; in case the
+                              ControlPlaneEndpoint is specified but without a TCP
+                              port, the BindPort is used. Possible usages are: e.g.
+                              In a cluster with more than one control plane instances,
+                              this field should be assigned the address of the external
+                              load balancer in front of the control plane instances.
+                              e.g.  in environments with enforced node recycling,
+                              the ControlPlaneEndpoint could be used for assigning
+                              a stable DNS to the control plane. NB: This value defaults
+                              to the first value in the Cluster object status.apiEndpoints
+                              array.'
+                            type: string
+                          controllerManager:
+                            description: ControllerManager contains extra settings
+                              for the controller manager control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                          dns:
+                            description: DNS defines the options for the DNS add-on
+                              installed in the cluster.
+                            properties:
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                              type:
+                                description: Type defines the DNS add-on to be used
+                                type: string
+                            type: object
+                          etcd:
+                            description: 'Etcd holds configuration for etcd. NB: This
+                              value defaults to a Local (stacked) etcd'
+                            properties:
+                              external:
+                                description: External describes how to connect to
+                                  an external etcd cluster Local and External are
+                                  mutually exclusive
+                                properties:
+                                  caFile:
+                                    description: CAFile is an SSL Certificate Authority
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  certFile:
+                                    description: CertFile is an SSL certification
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  endpoints:
+                                    description: Endpoints of etcd members. Required
+                                      for ExternalEtcd.
+                                    items:
+                                      type: string
+                                    type: array
+                                  keyFile:
+                                    description: KeyFile is an SSL key file used to
+                                      secure etcd communication. Required if using
+                                      a TLS connection.
+                                    type: string
+                                required:
+                                - caFile
+                                - certFile
+                                - endpoints
+                                - keyFile
+                                type: object
+                              local:
+                                description: Local provides configuration knobs for
+                                  configuring the local etcd instance Local and External
+                                  are mutually exclusive
+                                properties:
+                                  dataDir:
+                                    description: DataDir is the directory etcd will
+                                      place its data. Defaults to "/var/lib/etcd".
+                                    type: string
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: ExtraArgs are extra arguments provided
+                                      to the etcd binary when run inside a static
+                                      pod.
+                                    type: object
+                                  imageRepository:
+                                    description: ImageRepository sets the container
+                                      registry to pull images from. if not set, the
+                                      ImageRepository defined in ClusterConfiguration
+                                      will be used instead.
+                                    type: string
+                                  imageTag:
+                                    description: ImageTag allows to specify a tag
+                                      for the image. In case this value is set, kubeadm
+                                      does not change automatically the version of
+                                      the above components during upgrades.
+                                    type: string
+                                  peerCertSANs:
+                                    description: PeerCertSANs sets extra Subject Alternative
+                                      Names for the etcd peer signing cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                  serverCertSANs:
+                                    description: ServerCertSANs sets extra Subject
+                                      Alternative Names for the etcd server signing
+                                      cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                            type: object
+                          featureGates:
+                            additionalProperties:
+                              type: boolean
+                            description: FeatureGates enabled by the user.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. If empty, `k8s.gcr.io` will be
+                              used by default; in case of kubernetes version is a
+                              CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+                              `gcr.io/k8s-staging-ci-images` will be used as a default
+                              for control plane components and for kube-proxy, while
+                              `k8s.gcr.io` will be used for all the other images.
+                            type: string
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          kubernetesVersion:
+                            description: 'KubernetesVersion is the target version
+                              of the control plane. NB: This value defaults to the
+                              Machine object spec.version'
+                            type: string
+                          networking:
+                            description: 'Networking holds configuration for the networking
+                              topology of the cluster. NB: This value defaults to
+                              the Cluster object spec.clusterNetwork.'
+                            properties:
+                              dnsDomain:
+                                description: DNSDomain is the dns domain used by k8s
+                                  services. Defaults to "cluster.local".
+                                type: string
+                              podSubnet:
+                                description: PodSubnet is the subnet used by pods.
+                                  If unset, the API server will not allocate CIDR
+                                  ranges for every node. Defaults to a comma-delimited
+                                  string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                                  if that is set
+                                type: string
+                              serviceSubnet:
+                                description: ServiceSubnet is the subnet used by k8s
+                                  services. Defaults to a comma-delimited string of
+                                  the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+                                  or to "10.96.0.0/12" if that's unset.
+                                type: string
+                            type: object
+                          scheduler:
+                            description: Scheduler contains extra settings for the
+                              scheduler control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                          useHyperKubeImage:
+                            description: UseHyperKubeImage controls if hyperkube should
+                              be used for Kubernetes components instead of their respective
+                              separate images
+                            type: boolean
+                        type: object
+                      diskSetup:
+                        description: DiskSetup specifies options for the creation
+                          of partition tables and file systems on devices.
+                        properties:
+                          filesystems:
+                            description: Filesystems specifies the list of file systems
+                              to setup.
+                            items:
+                              description: Filesystem defines the file systems to
+                                be created.
+                              properties:
+                                device:
+                                  description: Device specifies the device name
+                                  type: string
+                                extraOpts:
+                                  description: ExtraOpts defined extra options to
+                                    add to the command for creating the file system.
+                                  items:
+                                    type: string
+                                  type: array
+                                filesystem:
+                                  description: Filesystem specifies the file system
+                                    type.
+                                  type: string
+                                label:
+                                  description: Label specifies the file system label
+                                    to be used. If set to None, no label is used.
+                                  type: string
+                                overwrite:
+                                  description: Overwrite defines whether or not to
+                                    overwrite any existing filesystem. If true, any
+                                    pre-existing file system will be destroyed. Use
+                                    with Caution.
+                                  type: boolean
+                                partition:
+                                  description: 'Partition specifies the partition
+                                    to use. The valid options are: "auto|any", "auto",
+                                    "any", "none", and <NUM>, where NUM is the actual
+                                    partition number.'
+                                  type: string
+                                replaceFS:
+                                  description: 'ReplaceFS is a special directive,
+                                    used for Microsoft Azure that instructs cloud-init
+                                    to replace a file system of <FS_TYPE>. NOTE: unless
+                                    you define a label, this requires the use of the
+                                    ''any'' partition directive.'
+                                  type: string
+                              required:
+                              - device
+                              - filesystem
+                              - label
+                              type: object
+                            type: array
+                          partitions:
+                            description: Partitions specifies the list of the partitions
+                              to setup.
+                            items:
+                              description: Partition defines how to create and layout
+                                a partition.
+                              properties:
+                                device:
+                                  description: Device is the name of the device.
+                                  type: string
+                                layout:
+                                  description: Layout specifies the device layout.
+                                    If it is true, a single partition will be created
+                                    for the entire device. When layout is false, it
+                                    means don't partition or ignore existing partitioning.
+                                  type: boolean
+                                overwrite:
+                                  description: Overwrite describes whether to skip
+                                    checks and create the partition if a partition
+                                    or filesystem is found on the device. Use with
+                                    caution. Default is 'false'.
+                                  type: boolean
+                                tableType:
+                                  description: 'TableType specifies the tupe of partition
+                                    table. The following are supported: ''mbr'': default
+                                    and setups a MS-DOS partition table ''gpt'': setups
+                                    a GPT partition table'
+                                  type: string
+                              required:
+                              - device
+                              - layout
+                              type: object
+                            type: array
+                        type: object
+                      files:
+                        description: Files specifies extra files to be passed to user_data
+                          upon creation.
+                        items:
+                          description: File defines the input for generating write_files
+                            in cloud-init.
+                          properties:
+                            content:
+                              description: Content is the actual content of the file.
+                              type: string
+                            contentFrom:
+                              description: ContentFrom is a referenced source of content
+                                to populate the file.
+                              properties:
+                                secret:
+                                  description: Secret represents a secret that should
+                                    populate this file.
+                                  properties:
+                                    key:
+                                      description: Key is the key in the secret's
+                                        data map for this value.
+                                      type: string
+                                    name:
+                                      description: Name of the secret in the KubeadmBootstrapConfig's
+                                        namespace to use.
+                                      type: string
+                                  required:
+                                  - key
+                                  - name
+                                  type: object
+                              required:
+                              - secret
+                              type: object
+                            encoding:
+                              description: Encoding specifies the encoding of the
+                                file contents.
+                              enum:
+                              - base64
+                              - gzip
+                              - gzip+base64
+                              type: string
+                            owner:
+                              description: Owner specifies the ownership of the file,
+                                e.g. "root:root".
+                              type: string
+                            path:
+                              description: Path specifies the full path on disk where
+                                to store the file.
+                              type: string
+                            permissions:
+                              description: Permissions specifies the permissions to
+                                assign to the file, e.g. "0640".
+                              type: string
+                          required:
+                          - path
+                          type: object
+                        type: array
+                      format:
+                        description: Format specifies the output format of the bootstrap
+                          data
+                        enum:
+                        - cloud-config
+                        type: string
+                      initConfiguration:
+                        description: InitConfiguration along with ClusterConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          bootstrapTokens:
+                            description: BootstrapTokens is respected at `kubeadm
+                              init` time and describes a set of Bootstrap Tokens to
+                              create. This information IS NOT uploaded to the kubeadm
+                              cluster configmap, partly because of its sensitive nature
+                            items:
+                              description: BootstrapToken describes one bootstrap
+                                token, stored as a Secret in the cluster.
+                              properties:
+                                description:
+                                  description: Description sets a human-friendly message
+                                    why this token exists and what it's used for,
+                                    so other administrators can know its purpose.
+                                  type: string
+                                expires:
+                                  description: Expires specifies the timestamp when
+                                    this token expires. Defaults to being set dynamically
+                                    at runtime based on the TTL. Expires and TTL are
+                                    mutually exclusive.
+                                  format: date-time
+                                  type: string
+                                groups:
+                                  description: Groups specifies the extra groups that
+                                    this token will authenticate as when/if used for
+                                    authentication
+                                  items:
+                                    type: string
+                                  type: array
+                                token:
+                                  description: Token is used for establishing bidirectional
+                                    trust between nodes and control-planes. Used for
+                                    joining nodes in the cluster.
+                                  type: string
+                                ttl:
+                                  description: TTL defines the time to live for this
+                                    token. Defaults to 24h. Expires and TTL are mutually
+                                    exclusive.
+                                  type: string
+                                usages:
+                                  description: Usages describes the ways in which
+                                    this token can be used. Can by default be used
+                                    for establishing bidirectional trust, but that
+                                    can be changed here.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - token
+                              type: object
+                            type: array
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance that's deployed on this control
+                              plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                              in the sense that ControlPlaneEndpoint is the global
+                              endpoint for the cluster, which then loadbalances the
+                              requests to each individual API server. This configuration
+                              object lets you customize what IP/DNS name and port
+                              the local API server advertises it's accessible on.
+                              By default, kubeadm tries to auto-detect the IP of the
+                              default interface and use that, but in case that process
+                              fails you may set the desired value here.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            required:
+                            - advertiseAddress
+                            - bindPort
+                            type: object
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  {}` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      joinConfiguration:
+                        description: JoinConfiguration is the kubeadm configuration
+                          for the join command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          caCertPath:
+                            description: 'CACertPath is the path to the SSL certificate
+                              authority used to secure comunications between node
+                              and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                              TODO: revisit when there is defaulting from k/k'
+                            type: string
+                          controlPlane:
+                            description: ControlPlane defines the additional control
+                              plane instance to be deployed on the joining node. If
+                              nil, no additional control plane instance will be deployed.
+                            properties:
+                              localAPIEndpoint:
+                                description: LocalAPIEndpoint represents the endpoint
+                                  of the API server instance to be deployed on this
+                                  node.
+                                properties:
+                                  advertiseAddress:
+                                    description: AdvertiseAddress sets the IP address
+                                      for the API server to advertise.
+                                    type: string
+                                  bindPort:
+                                    description: BindPort sets the secure port for
+                                      the API Server to bind to. Defaults to 6443.
+                                    format: int32
+                                    type: integer
+                                required:
+                                - advertiseAddress
+                                - bindPort
+                                type: object
+                            type: object
+                          discovery:
+                            description: 'Discovery specifies the options for the
+                              kubelet to use during the TLS Bootstrap process TODO:
+                              revisit when there is defaulting from k/k'
+                            properties:
+                              bootstrapToken:
+                                description: BootstrapToken is used to set the options
+                                  for bootstrap token based discovery BootstrapToken
+                                  and File are mutually exclusive
+                                properties:
+                                  apiServerEndpoint:
+                                    description: APIServerEndpoint is an IP or domain
+                                      name to the API server from which info will
+                                      be fetched.
+                                    type: string
+                                  caCertHashes:
+                                    description: 'CACertHashes specifies a set of
+                                      public key pins to verify when token-based discovery
+                                      is used. The root CA found during discovery
+                                      must match one of these values. Specifying an
+                                      empty set disables root CA pinning, which can
+                                      be unsafe. Each hash is specified as "<type>:<value>",
+                                      where the only currently supported type is "sha256".
+                                      This is a hex-encoded SHA-256 hash of the Subject
+                                      Public Key Info (SPKI) object in DER-encoded
+                                      ASN.1. These hashes can be calculated using,
+                                      for example, OpenSSL: openssl x509 -pubkey -in
+                                      ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+                                      | openssl dgst -sha256 -hex'
+                                    items:
+                                      type: string
+                                    type: array
+                                  token:
+                                    description: Token is a token used to validate
+                                      cluster information fetched from the control-plane.
+                                    type: string
+                                  unsafeSkipCAVerification:
+                                    description: UnsafeSkipCAVerification allows token-based
+                                      discovery without CA verification via CACertHashes.
+                                      This can weaken the security of kubeadm since
+                                      other nodes can impersonate the control-plane.
+                                    type: boolean
+                                required:
+                                - token
+                                - unsafeSkipCAVerification
+                                type: object
+                              file:
+                                description: File is used to specify a file or URL
+                                  to a kubeconfig file from which to load cluster
+                                  information BootstrapToken and File are mutually
+                                  exclusive
+                                properties:
+                                  kubeConfigPath:
+                                    description: KubeConfigPath is used to specify
+                                      the actual file path or URL to the kubeconfig
+                                      file from which to load cluster information
+                                    type: string
+                                required:
+                                - kubeConfigPath
+                                type: object
+                              timeout:
+                                description: Timeout modifies the discovery timeout
+                                type: string
+                              tlsBootstrapToken:
+                                description: 'TLSBootstrapToken is a token used for
+                                  TLS bootstrapping. If .BootstrapToken is set, this
+                                  field is defaulted to .BootstrapToken.Token, but
+                                  can be overridden. If .File is set, this field **must
+                                  be set** in case the KubeConfigFile does not contain
+                                  any other authentication information TODO: revisit
+                                  when there is defaulting from k/k'
+                                type: string
+                            type: object
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  {}` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      mounts:
+                        description: Mounts specifies a list of mount points to be
+                          setup.
+                        items:
+                          description: MountPoints defines input for generated mounts
+                            in cloud-init.
+                          items:
+                            type: string
+                          type: array
+                        type: array
+                      ntp:
+                        description: NTP specifies NTP configuration
+                        properties:
+                          enabled:
+                            description: Enabled specifies whether NTP should be enabled
+                            type: boolean
+                          servers:
+                            description: Servers specifies which NTP servers to use
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      postKubeadmCommands:
+                        description: PostKubeadmCommands specifies extra commands
+                          to run after kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      preKubeadmCommands:
+                        description: PreKubeadmCommands specifies extra commands to
+                          run before kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      useExperimentalRetryJoin:
+                        description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                          command with a shell script with retries for joins. \n This
+                          is meant to be an experimental temporary workaround on some
+                          environments where joins fail due to timing (and other issues).
+                          The long term goal is to add retries to kubeadm proper and
+                          use that functionality. \n This will add about 40KB to userdata
+                          \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                        type: boolean
+                      users:
+                        description: Users specifies extra users to add
+                        items:
+                          description: User defines the input for a generated user
+                            in cloud-init.
+                          properties:
+                            gecos:
+                              description: Gecos specifies the gecos to use for the
+                                user
+                              type: string
+                            groups:
+                              description: Groups specifies the additional groups
+                                for the user
+                              type: string
+                            homeDir:
+                              description: HomeDir specifies the home directory to
+                                use for the user
+                              type: string
+                            inactive:
+                              description: Inactive specifies whether to mark the
+                                user as inactive
+                              type: boolean
+                            lockPassword:
+                              description: LockPassword specifies if password login
+                                should be disabled
+                              type: boolean
+                            name:
+                              description: Name specifies the user name
+                              type: string
+                            passwd:
+                              description: Passwd specifies a hashed password for
+                                the user
+                              type: string
+                            primaryGroup:
+                              description: PrimaryGroup specifies the primary group
+                                for the user
+                              type: string
+                            shell:
+                              description: Shell specifies the user's shell
+                              type: string
+                            sshAuthorizedKeys:
+                              description: SSHAuthorizedKeys specifies a list of ssh
+                                authorized keys for the user
+                              items:
+                                type: string
+                              type: array
+                            sudo:
+                              description: Sudo specifies a sudo role for the user
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      verbosity:
+                        description: Verbosity is the number for the kubeadm log level
+                          verbosity. It overrides the `--v` flag in kubeadm commands.
+                        format: int32
+                        type: integer
+                    type: object
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmConfigTemplate
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+            properties:
+              template:
+                description: KubeadmConfigTemplateResource defines the Template structure.
+                properties:
+                  spec:
+                    description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+                      Either ClusterConfiguration and InitConfiguration should be
+                      defined or the JoinConfiguration should be defined.
+                    properties:
+                      clusterConfiguration:
+                        description: ClusterConfiguration along with InitConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiServer:
+                            description: APIServer contains extra settings for the
+                              API server control plane component
+                            properties:
+                              certSANs:
+                                description: CertSANs sets extra Subject Alternative
+                                  Names for the API Server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                              timeoutForControlPlane:
+                                description: TimeoutForControlPlane controls the timeout
+                                  that we use for API server to appear
+                                type: string
+                            type: object
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          certificatesDir:
+                            description: 'CertificatesDir specifies where to store
+                              or look for all required certificates. NB: if not provided,
+                              this will default to `/etc/kubernetes/pki`'
+                            type: string
+                          clusterName:
+                            description: The cluster name
+                            type: string
+                          controlPlaneEndpoint:
+                            description: 'ControlPlaneEndpoint sets a stable IP address
+                              or DNS name for the control plane; it can be a valid
+                              IP address or a RFC-1123 DNS subdomain, both with optional
+                              TCP port. In case the ControlPlaneEndpoint is not specified,
+                              the AdvertiseAddress + BindPort are used; in case the
+                              ControlPlaneEndpoint is specified but without a TCP
+                              port, the BindPort is used. Possible usages are: e.g.
+                              In a cluster with more than one control plane instances,
+                              this field should be assigned the address of the external
+                              load balancer in front of the control plane instances.
+                              e.g.  in environments with enforced node recycling,
+                              the ControlPlaneEndpoint could be used for assigning
+                              a stable DNS to the control plane. NB: This value defaults
+                              to the first value in the Cluster object status.apiEndpoints
+                              array.'
+                            type: string
+                          controllerManager:
+                            description: ControllerManager contains extra settings
+                              for the controller manager control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                          dns:
+                            description: DNS defines the options for the DNS add-on
+                              installed in the cluster.
+                            properties:
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                            type: object
+                          etcd:
+                            description: 'Etcd holds configuration for etcd. NB: This
+                              value defaults to a Local (stacked) etcd'
+                            properties:
+                              external:
+                                description: External describes how to connect to
+                                  an external etcd cluster Local and External are
+                                  mutually exclusive
+                                properties:
+                                  caFile:
+                                    description: CAFile is an SSL Certificate Authority
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  certFile:
+                                    description: CertFile is an SSL certification
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  endpoints:
+                                    description: Endpoints of etcd members. Required
+                                      for ExternalEtcd.
+                                    items:
+                                      type: string
+                                    type: array
+                                  keyFile:
+                                    description: KeyFile is an SSL key file used to
+                                      secure etcd communication. Required if using
+                                      a TLS connection.
+                                    type: string
+                                required:
+                                - caFile
+                                - certFile
+                                - endpoints
+                                - keyFile
+                                type: object
+                              local:
+                                description: Local provides configuration knobs for
+                                  configuring the local etcd instance Local and External
+                                  are mutually exclusive
+                                properties:
+                                  dataDir:
+                                    description: DataDir is the directory etcd will
+                                      place its data. Defaults to "/var/lib/etcd".
+                                    type: string
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: ExtraArgs are extra arguments provided
+                                      to the etcd binary when run inside a static
+                                      pod.
+                                    type: object
+                                  imageRepository:
+                                    description: ImageRepository sets the container
+                                      registry to pull images from. if not set, the
+                                      ImageRepository defined in ClusterConfiguration
+                                      will be used instead.
+                                    type: string
+                                  imageTag:
+                                    description: ImageTag allows to specify a tag
+                                      for the image. In case this value is set, kubeadm
+                                      does not change automatically the version of
+                                      the above components during upgrades.
+                                    type: string
+                                  peerCertSANs:
+                                    description: PeerCertSANs sets extra Subject Alternative
+                                      Names for the etcd peer signing cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                  serverCertSANs:
+                                    description: ServerCertSANs sets extra Subject
+                                      Alternative Names for the etcd server signing
+                                      cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                            type: object
+                          featureGates:
+                            additionalProperties:
+                              type: boolean
+                            description: FeatureGates enabled by the user.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. If empty, `registry.k8s.io` will
+                              be used by default; in case of kubernetes version is
+                              a CI build (kubernetes version starts with `ci/` or
+                              `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be
+                              used as a default for control plane components and for
+                              kube-proxy, while `registry.k8s.io` will be used for
+                              all the other images.
+                            type: string
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          kubernetesVersion:
+                            description: 'KubernetesVersion is the target version
+                              of the control plane. NB: This value defaults to the
+                              Machine object spec.version'
+                            type: string
+                          networking:
+                            description: 'Networking holds configuration for the networking
+                              topology of the cluster. NB: This value defaults to
+                              the Cluster object spec.clusterNetwork.'
+                            properties:
+                              dnsDomain:
+                                description: DNSDomain is the dns domain used by k8s
+                                  services. Defaults to "cluster.local".
+                                type: string
+                              podSubnet:
+                                description: PodSubnet is the subnet used by pods.
+                                  If unset, the API server will not allocate CIDR
+                                  ranges for every node. Defaults to a comma-delimited
+                                  string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                                  if that is set
+                                type: string
+                              serviceSubnet:
+                                description: ServiceSubnet is the subnet used by k8s
+                                  services. Defaults to a comma-delimited string of
+                                  the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+                                  or to "10.96.0.0/12" if that's unset.
+                                type: string
+                            type: object
+                          scheduler:
+                            description: Scheduler contains extra settings for the
+                              scheduler control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      diskSetup:
+                        description: DiskSetup specifies options for the creation
+                          of partition tables and file systems on devices.
+                        properties:
+                          filesystems:
+                            description: Filesystems specifies the list of file systems
+                              to setup.
+                            items:
+                              description: Filesystem defines the file systems to
+                                be created.
+                              properties:
+                                device:
+                                  description: Device specifies the device name
+                                  type: string
+                                extraOpts:
+                                  description: ExtraOpts defined extra options to
+                                    add to the command for creating the file system.
+                                  items:
+                                    type: string
+                                  type: array
+                                filesystem:
+                                  description: Filesystem specifies the file system
+                                    type.
+                                  type: string
+                                label:
+                                  description: Label specifies the file system label
+                                    to be used. If set to None, no label is used.
+                                  type: string
+                                overwrite:
+                                  description: Overwrite defines whether or not to
+                                    overwrite any existing filesystem. If true, any
+                                    pre-existing file system will be destroyed. Use
+                                    with Caution.
+                                  type: boolean
+                                partition:
+                                  description: 'Partition specifies the partition
+                                    to use. The valid options are: "auto|any", "auto",
+                                    "any", "none", and <NUM>, where NUM is the actual
+                                    partition number.'
+                                  type: string
+                                replaceFS:
+                                  description: 'ReplaceFS is a special directive,
+                                    used for Microsoft Azure that instructs cloud-init
+                                    to replace a file system of <FS_TYPE>. NOTE: unless
+                                    you define a label, this requires the use of the
+                                    ''any'' partition directive.'
+                                  type: string
+                              required:
+                              - device
+                              - filesystem
+                              - label
+                              type: object
+                            type: array
+                          partitions:
+                            description: Partitions specifies the list of the partitions
+                              to setup.
+                            items:
+                              description: Partition defines how to create and layout
+                                a partition.
+                              properties:
+                                device:
+                                  description: Device is the name of the device.
+                                  type: string
+                                layout:
+                                  description: Layout specifies the device layout.
+                                    If it is true, a single partition will be created
+                                    for the entire device. When layout is false, it
+                                    means don't partition or ignore existing partitioning.
+                                  type: boolean
+                                overwrite:
+                                  description: Overwrite describes whether to skip
+                                    checks and create the partition if a partition
+                                    or filesystem is found on the device. Use with
+                                    caution. Default is 'false'.
+                                  type: boolean
+                                tableType:
+                                  description: 'TableType specifies the tupe of partition
+                                    table. The following are supported: ''mbr'': default
+                                    and setups a MS-DOS partition table ''gpt'': setups
+                                    a GPT partition table'
+                                  type: string
+                              required:
+                              - device
+                              - layout
+                              type: object
+                            type: array
+                        type: object
+                      files:
+                        description: Files specifies extra files to be passed to user_data
+                          upon creation.
+                        items:
+                          description: File defines the input for generating write_files
+                            in cloud-init.
+                          properties:
+                            content:
+                              description: Content is the actual content of the file.
+                              type: string
+                            contentFrom:
+                              description: ContentFrom is a referenced source of content
+                                to populate the file.
+                              properties:
+                                secret:
+                                  description: Secret represents a secret that should
+                                    populate this file.
+                                  properties:
+                                    key:
+                                      description: Key is the key in the secret's
+                                        data map for this value.
+                                      type: string
+                                    name:
+                                      description: Name of the secret in the KubeadmBootstrapConfig's
+                                        namespace to use.
+                                      type: string
+                                  required:
+                                  - key
+                                  - name
+                                  type: object
+                              required:
+                              - secret
+                              type: object
+                            encoding:
+                              description: Encoding specifies the encoding of the
+                                file contents.
+                              enum:
+                              - base64
+                              - gzip
+                              - gzip+base64
+                              type: string
+                            owner:
+                              description: Owner specifies the ownership of the file,
+                                e.g. "root:root".
+                              type: string
+                            path:
+                              description: Path specifies the full path on disk where
+                                to store the file.
+                              type: string
+                            permissions:
+                              description: Permissions specifies the permissions to
+                                assign to the file, e.g. "0640".
+                              type: string
+                          required:
+                          - path
+                          type: object
+                        type: array
+                      format:
+                        description: Format specifies the output format of the bootstrap
+                          data
+                        enum:
+                        - cloud-config
+                        type: string
+                      initConfiguration:
+                        description: InitConfiguration along with ClusterConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          bootstrapTokens:
+                            description: BootstrapTokens is respected at `kubeadm
+                              init` time and describes a set of Bootstrap Tokens to
+                              create. This information IS NOT uploaded to the kubeadm
+                              cluster configmap, partly because of its sensitive nature
+                            items:
+                              description: BootstrapToken describes one bootstrap
+                                token, stored as a Secret in the cluster.
+                              properties:
+                                description:
+                                  description: Description sets a human-friendly message
+                                    why this token exists and what it's used for,
+                                    so other administrators can know its purpose.
+                                  type: string
+                                expires:
+                                  description: Expires specifies the timestamp when
+                                    this token expires. Defaults to being set dynamically
+                                    at runtime based on the TTL. Expires and TTL are
+                                    mutually exclusive.
+                                  format: date-time
+                                  type: string
+                                groups:
+                                  description: Groups specifies the extra groups that
+                                    this token will authenticate as when/if used for
+                                    authentication
+                                  items:
+                                    type: string
+                                  type: array
+                                token:
+                                  description: Token is used for establishing bidirectional
+                                    trust between nodes and control-planes. Used for
+                                    joining nodes in the cluster.
+                                  type: string
+                                ttl:
+                                  description: TTL defines the time to live for this
+                                    token. Defaults to 24h. Expires and TTL are mutually
+                                    exclusive.
+                                  type: string
+                                usages:
+                                  description: Usages describes the ways in which
+                                    this token can be used. Can by default be used
+                                    for establishing bidirectional trust, but that
+                                    can be changed here.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - token
+                              type: object
+                            type: array
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance that's deployed on this control
+                              plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                              in the sense that ControlPlaneEndpoint is the global
+                              endpoint for the cluster, which then loadbalances the
+                              requests to each individual API server. This configuration
+                              object lets you customize what IP/DNS name and port
+                              the local API server advertises it's accessible on.
+                              By default, kubeadm tries to auto-detect the IP of the
+                              default interface and use that, but in case that process
+                              fails you may set the desired value here.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            type: object
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              ignorePreflightErrors:
+                                description: IgnorePreflightErrors provides a slice
+                                  of pre-flight errors to be ignored when the current
+                                  node is registered.
+                                items:
+                                  type: string
+                                type: array
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  {}` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      joinConfiguration:
+                        description: JoinConfiguration is the kubeadm configuration
+                          for the join command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          caCertPath:
+                            description: 'CACertPath is the path to the SSL certificate
+                              authority used to secure comunications between node
+                              and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                              TODO: revisit when there is defaulting from k/k'
+                            type: string
+                          controlPlane:
+                            description: ControlPlane defines the additional control
+                              plane instance to be deployed on the joining node. If
+                              nil, no additional control plane instance will be deployed.
+                            properties:
+                              localAPIEndpoint:
+                                description: LocalAPIEndpoint represents the endpoint
+                                  of the API server instance to be deployed on this
+                                  node.
+                                properties:
+                                  advertiseAddress:
+                                    description: AdvertiseAddress sets the IP address
+                                      for the API server to advertise.
+                                    type: string
+                                  bindPort:
+                                    description: BindPort sets the secure port for
+                                      the API Server to bind to. Defaults to 6443.
+                                    format: int32
+                                    type: integer
+                                type: object
+                            type: object
+                          discovery:
+                            description: 'Discovery specifies the options for the
+                              kubelet to use during the TLS Bootstrap process TODO:
+                              revisit when there is defaulting from k/k'
+                            properties:
+                              bootstrapToken:
+                                description: BootstrapToken is used to set the options
+                                  for bootstrap token based discovery BootstrapToken
+                                  and File are mutually exclusive
+                                properties:
+                                  apiServerEndpoint:
+                                    description: APIServerEndpoint is an IP or domain
+                                      name to the API server from which info will
+                                      be fetched.
+                                    type: string
+                                  caCertHashes:
+                                    description: 'CACertHashes specifies a set of
+                                      public key pins to verify when token-based discovery
+                                      is used. The root CA found during discovery
+                                      must match one of these values. Specifying an
+                                      empty set disables root CA pinning, which can
+                                      be unsafe. Each hash is specified as "<type>:<value>",
+                                      where the only currently supported type is "sha256".
+                                      This is a hex-encoded SHA-256 hash of the Subject
+                                      Public Key Info (SPKI) object in DER-encoded
+                                      ASN.1. These hashes can be calculated using,
+                                      for example, OpenSSL: openssl x509 -pubkey -in
+                                      ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+                                      | openssl dgst -sha256 -hex'
+                                    items:
+                                      type: string
+                                    type: array
+                                  token:
+                                    description: Token is a token used to validate
+                                      cluster information fetched from the control-plane.
+                                    type: string
+                                  unsafeSkipCAVerification:
+                                    description: UnsafeSkipCAVerification allows token-based
+                                      discovery without CA verification via CACertHashes.
+                                      This can weaken the security of kubeadm since
+                                      other nodes can impersonate the control-plane.
+                                    type: boolean
+                                required:
+                                - token
+                                type: object
+                              file:
+                                description: File is used to specify a file or URL
+                                  to a kubeconfig file from which to load cluster
+                                  information BootstrapToken and File are mutually
+                                  exclusive
+                                properties:
+                                  kubeConfigPath:
+                                    description: KubeConfigPath is used to specify
+                                      the actual file path or URL to the kubeconfig
+                                      file from which to load cluster information
+                                    type: string
+                                required:
+                                - kubeConfigPath
+                                type: object
+                              timeout:
+                                description: Timeout modifies the discovery timeout
+                                type: string
+                              tlsBootstrapToken:
+                                description: TLSBootstrapToken is a token used for
+                                  TLS bootstrapping. If .BootstrapToken is set, this
+                                  field is defaulted to .BootstrapToken.Token, but
+                                  can be overridden. If .File is set, this field **must
+                                  be set** in case the KubeConfigFile does not contain
+                                  any other authentication information
+                                type: string
+                            type: object
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              ignorePreflightErrors:
+                                description: IgnorePreflightErrors provides a slice
+                                  of pre-flight errors to be ignored when the current
+                                  node is registered.
+                                items:
+                                  type: string
+                                type: array
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  {}` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      mounts:
+                        description: Mounts specifies a list of mount points to be
+                          setup.
+                        items:
+                          description: MountPoints defines input for generated mounts
+                            in cloud-init.
+                          items:
+                            type: string
+                          type: array
+                        type: array
+                      ntp:
+                        description: NTP specifies NTP configuration
+                        properties:
+                          enabled:
+                            description: Enabled specifies whether NTP should be enabled
+                            type: boolean
+                          servers:
+                            description: Servers specifies which NTP servers to use
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      postKubeadmCommands:
+                        description: PostKubeadmCommands specifies extra commands
+                          to run after kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      preKubeadmCommands:
+                        description: PreKubeadmCommands specifies extra commands to
+                          run before kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      useExperimentalRetryJoin:
+                        description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                          command with a shell script with retries for joins. \n This
+                          is meant to be an experimental temporary workaround on some
+                          environments where joins fail due to timing (and other issues).
+                          The long term goal is to add retries to kubeadm proper and
+                          use that functionality. \n This will add about 40KB to userdata
+                          \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                        type: boolean
+                      users:
+                        description: Users specifies extra users to add
+                        items:
+                          description: User defines the input for a generated user
+                            in cloud-init.
+                          properties:
+                            gecos:
+                              description: Gecos specifies the gecos to use for the
+                                user
+                              type: string
+                            groups:
+                              description: Groups specifies the additional groups
+                                for the user
+                              type: string
+                            homeDir:
+                              description: HomeDir specifies the home directory to
+                                use for the user
+                              type: string
+                            inactive:
+                              description: Inactive specifies whether to mark the
+                                user as inactive
+                              type: boolean
+                            lockPassword:
+                              description: LockPassword specifies if password login
+                                should be disabled
+                              type: boolean
+                            name:
+                              description: Name specifies the user name
+                              type: string
+                            passwd:
+                              description: Passwd specifies a hashed password for
+                                the user
+                              type: string
+                            primaryGroup:
+                              description: PrimaryGroup specifies the primary group
+                                for the user
+                              type: string
+                            shell:
+                              description: Shell specifies the user's shell
+                              type: string
+                            sshAuthorizedKeys:
+                              description: SSHAuthorizedKeys specifies a list of ssh
+                                authorized keys for the user
+                              items:
+                                type: string
+                              type: array
+                            sudo:
+                              description: Sudo specifies a sudo role for the user
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      verbosity:
+                        description: Verbosity is the number for the kubeadm log level
+                          verbosity. It overrides the `--v` flag in kubeadm commands.
+                        format: int32
+                        type: integer
+                    type: object
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmConfigTemplate
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+            properties:
+              template:
+                description: KubeadmConfigTemplateResource defines the Template structure.
+                properties:
+                  spec:
+                    description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+                      Either ClusterConfiguration and InitConfiguration should be
+                      defined or the JoinConfiguration should be defined.
+                    properties:
+                      clusterConfiguration:
+                        description: ClusterConfiguration along with InitConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiServer:
+                            description: APIServer contains extra settings for the
+                              API server control plane component
+                            properties:
+                              certSANs:
+                                description: CertSANs sets extra Subject Alternative
+                                  Names for the API Server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                              timeoutForControlPlane:
+                                description: TimeoutForControlPlane controls the timeout
+                                  that we use for API server to appear
+                                type: string
+                            type: object
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          certificatesDir:
+                            description: 'CertificatesDir specifies where to store
+                              or look for all required certificates. NB: if not provided,
+                              this will default to `/etc/kubernetes/pki`'
+                            type: string
+                          clusterName:
+                            description: The cluster name
+                            type: string
+                          controlPlaneEndpoint:
+                            description: 'ControlPlaneEndpoint sets a stable IP address
+                              or DNS name for the control plane; it can be a valid
+                              IP address or a RFC-1123 DNS subdomain, both with optional
+                              TCP port. In case the ControlPlaneEndpoint is not specified,
+                              the AdvertiseAddress + BindPort are used; in case the
+                              ControlPlaneEndpoint is specified but without a TCP
+                              port, the BindPort is used. Possible usages are: e.g.
+                              In a cluster with more than one control plane instances,
+                              this field should be assigned the address of the external
+                              load balancer in front of the control plane instances.
+                              e.g.  in environments with enforced node recycling,
+                              the ControlPlaneEndpoint could be used for assigning
+                              a stable DNS to the control plane. NB: This value defaults
+                              to the first value in the Cluster object status.apiEndpoints
+                              array.'
+                            type: string
+                          controllerManager:
+                            description: ControllerManager contains extra settings
+                              for the controller manager control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                          dns:
+                            description: DNS defines the options for the DNS add-on
+                              installed in the cluster.
+                            properties:
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                            type: object
+                          etcd:
+                            description: 'Etcd holds configuration for etcd. NB: This
+                              value defaults to a Local (stacked) etcd'
+                            properties:
+                              external:
+                                description: External describes how to connect to
+                                  an external etcd cluster Local and External are
+                                  mutually exclusive
+                                properties:
+                                  caFile:
+                                    description: CAFile is an SSL Certificate Authority
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  certFile:
+                                    description: CertFile is an SSL certification
+                                      file used to secure etcd communication. Required
+                                      if using a TLS connection.
+                                    type: string
+                                  endpoints:
+                                    description: Endpoints of etcd members. Required
+                                      for ExternalEtcd.
+                                    items:
+                                      type: string
+                                    type: array
+                                  keyFile:
+                                    description: KeyFile is an SSL key file used to
+                                      secure etcd communication. Required if using
+                                      a TLS connection.
+                                    type: string
+                                required:
+                                - caFile
+                                - certFile
+                                - endpoints
+                                - keyFile
+                                type: object
+                              local:
+                                description: Local provides configuration knobs for
+                                  configuring the local etcd instance Local and External
+                                  are mutually exclusive
+                                properties:
+                                  dataDir:
+                                    description: DataDir is the directory etcd will
+                                      place its data. Defaults to "/var/lib/etcd".
+                                    type: string
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: ExtraArgs are extra arguments provided
+                                      to the etcd binary when run inside a static
+                                      pod.
+                                    type: object
+                                  imageRepository:
+                                    description: ImageRepository sets the container
+                                      registry to pull images from. if not set, the
+                                      ImageRepository defined in ClusterConfiguration
+                                      will be used instead.
+                                    type: string
+                                  imageTag:
+                                    description: ImageTag allows to specify a tag
+                                      for the image. In case this value is set, kubeadm
+                                      does not change automatically the version of
+                                      the above components during upgrades.
+                                    type: string
+                                  peerCertSANs:
+                                    description: PeerCertSANs sets extra Subject Alternative
+                                      Names for the etcd peer signing cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                  serverCertSANs:
+                                    description: ServerCertSANs sets extra Subject
+                                      Alternative Names for the etcd server signing
+                                      cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                            type: object
+                          featureGates:
+                            additionalProperties:
+                              type: boolean
+                            description: FeatureGates enabled by the user.
+                            type: object
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. If empty, `registry.k8s.io` will
+                              be used by default; in case of kubernetes version is
+                              a CI build (kubernetes version starts with `ci/` or
+                              `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be
+                              used as a default for control plane components and for
+                              kube-proxy, while `registry.k8s.io` will be used for
+                              all the other images.
+                            type: string
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          kubernetesVersion:
+                            description: 'KubernetesVersion is the target version
+                              of the control plane. NB: This value defaults to the
+                              Machine object spec.version'
+                            type: string
+                          networking:
+                            description: 'Networking holds configuration for the networking
+                              topology of the cluster. NB: This value defaults to
+                              the Cluster object spec.clusterNetwork.'
+                            properties:
+                              dnsDomain:
+                                description: DNSDomain is the dns domain used by k8s
+                                  services. Defaults to "cluster.local".
+                                type: string
+                              podSubnet:
+                                description: PodSubnet is the subnet used by pods.
+                                  If unset, the API server will not allocate CIDR
+                                  ranges for every node. Defaults to a comma-delimited
+                                  string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                                  if that is set
+                                type: string
+                              serviceSubnet:
+                                description: ServiceSubnet is the subnet used by k8s
+                                  services. Defaults to a comma-delimited string of
+                                  the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+                                  or to "10.96.0.0/12" if that's unset.
+                                type: string
+                            type: object
+                          scheduler:
+                            description: Scheduler contains extra settings for the
+                              scheduler control plane component
+                            properties:
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: 'ExtraArgs is an extra set of flags to
+                                  pass to the control plane component. TODO: This
+                                  is temporary and ideally we would like to switch
+                                  all components to use ComponentConfig + ConfigMaps.'
+                                type: object
+                              extraVolumes:
+                                description: ExtraVolumes is an extra set of host
+                                  volumes, mounted to the control plane component.
+                                items:
+                                  description: HostPathMount contains elements describing
+                                    volumes that are mounted from the host.
+                                  properties:
+                                    hostPath:
+                                      description: HostPath is the path in the host
+                                        that will be mounted inside the pod.
+                                      type: string
+                                    mountPath:
+                                      description: MountPath is the path inside the
+                                        pod where hostPath will be mounted.
+                                      type: string
+                                    name:
+                                      description: Name of the volume inside the pod
+                                        template.
+                                      type: string
+                                    pathType:
+                                      description: PathType is the type of the HostPath.
+                                      type: string
+                                    readOnly:
+                                      description: ReadOnly controls write access
+                                        to the volume
+                                      type: boolean
+                                  required:
+                                  - hostPath
+                                  - mountPath
+                                  - name
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      diskSetup:
+                        description: DiskSetup specifies options for the creation
+                          of partition tables and file systems on devices.
+                        properties:
+                          filesystems:
+                            description: Filesystems specifies the list of file systems
+                              to setup.
+                            items:
+                              description: Filesystem defines the file systems to
+                                be created.
+                              properties:
+                                device:
+                                  description: Device specifies the device name
+                                  type: string
+                                extraOpts:
+                                  description: ExtraOpts defined extra options to
+                                    add to the command for creating the file system.
+                                  items:
+                                    type: string
+                                  type: array
+                                filesystem:
+                                  description: Filesystem specifies the file system
+                                    type.
+                                  type: string
+                                label:
+                                  description: Label specifies the file system label
+                                    to be used. If set to None, no label is used.
+                                  type: string
+                                overwrite:
+                                  description: Overwrite defines whether or not to
+                                    overwrite any existing filesystem. If true, any
+                                    pre-existing file system will be destroyed. Use
+                                    with Caution.
+                                  type: boolean
+                                partition:
+                                  description: 'Partition specifies the partition
+                                    to use. The valid options are: "auto|any", "auto",
+                                    "any", "none", and <NUM>, where NUM is the actual
+                                    partition number.'
+                                  type: string
+                                replaceFS:
+                                  description: 'ReplaceFS is a special directive,
+                                    used for Microsoft Azure that instructs cloud-init
+                                    to replace a file system of <FS_TYPE>. NOTE: unless
+                                    you define a label, this requires the use of the
+                                    ''any'' partition directive.'
+                                  type: string
+                              required:
+                              - device
+                              - filesystem
+                              - label
+                              type: object
+                            type: array
+                          partitions:
+                            description: Partitions specifies the list of the partitions
+                              to setup.
+                            items:
+                              description: Partition defines how to create and layout
+                                a partition.
+                              properties:
+                                device:
+                                  description: Device is the name of the device.
+                                  type: string
+                                layout:
+                                  description: Layout specifies the device layout.
+                                    If it is true, a single partition will be created
+                                    for the entire device. When layout is false, it
+                                    means don't partition or ignore existing partitioning.
+                                  type: boolean
+                                overwrite:
+                                  description: Overwrite describes whether to skip
+                                    checks and create the partition if a partition
+                                    or filesystem is found on the device. Use with
+                                    caution. Default is 'false'.
+                                  type: boolean
+                                tableType:
+                                  description: 'TableType specifies the tupe of partition
+                                    table. The following are supported: ''mbr'': default
+                                    and setups a MS-DOS partition table ''gpt'': setups
+                                    a GPT partition table'
+                                  type: string
+                              required:
+                              - device
+                              - layout
+                              type: object
+                            type: array
+                        type: object
+                      files:
+                        description: Files specifies extra files to be passed to user_data
+                          upon creation.
+                        items:
+                          description: File defines the input for generating write_files
+                            in cloud-init.
+                          properties:
+                            append:
+                              description: Append specifies whether to append Content
+                                to existing file if Path exists.
+                              type: boolean
+                            content:
+                              description: Content is the actual content of the file.
+                              type: string
+                            contentFrom:
+                              description: ContentFrom is a referenced source of content
+                                to populate the file.
+                              properties:
+                                secret:
+                                  description: Secret represents a secret that should
+                                    populate this file.
+                                  properties:
+                                    key:
+                                      description: Key is the key in the secret's
+                                        data map for this value.
+                                      type: string
+                                    name:
+                                      description: Name of the secret in the KubeadmBootstrapConfig's
+                                        namespace to use.
+                                      type: string
+                                  required:
+                                  - key
+                                  - name
+                                  type: object
+                              required:
+                              - secret
+                              type: object
+                            encoding:
+                              description: Encoding specifies the encoding of the
+                                file contents.
+                              enum:
+                              - base64
+                              - gzip
+                              - gzip+base64
+                              type: string
+                            owner:
+                              description: Owner specifies the ownership of the file,
+                                e.g. "root:root".
+                              type: string
+                            path:
+                              description: Path specifies the full path on disk where
+                                to store the file.
+                              type: string
+                            permissions:
+                              description: Permissions specifies the permissions to
+                                assign to the file, e.g. "0640".
+                              type: string
+                          required:
+                          - path
+                          type: object
+                        type: array
+                      format:
+                        description: Format specifies the output format of the bootstrap
+                          data
+                        enum:
+                        - cloud-config
+                        - ignition
+                        type: string
+                      ignition:
+                        description: Ignition contains Ignition specific configuration.
+                        properties:
+                          containerLinuxConfig:
+                            description: ContainerLinuxConfig contains CLC specific
+                              configuration.
+                            properties:
+                              additionalConfig:
+                                description: "AdditionalConfig contains additional
+                                  configuration to be merged with the Ignition configuration
+                                  generated by the bootstrapper controller. More info:
+                                  https://coreos.github.io/ignition/operator-notes/#config-merging
+                                  \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+                                type: string
+                              strict:
+                                description: Strict controls if AdditionalConfig should
+                                  be strictly parsed. If so, warnings are treated
+                                  as errors.
+                                type: boolean
+                            type: object
+                        type: object
+                      initConfiguration:
+                        description: InitConfiguration along with ClusterConfiguration
+                          are the configurations necessary for the init command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          bootstrapTokens:
+                            description: BootstrapTokens is respected at `kubeadm
+                              init` time and describes a set of Bootstrap Tokens to
+                              create. This information IS NOT uploaded to the kubeadm
+                              cluster configmap, partly because of its sensitive nature
+                            items:
+                              description: BootstrapToken describes one bootstrap
+                                token, stored as a Secret in the cluster.
+                              properties:
+                                description:
+                                  description: Description sets a human-friendly message
+                                    why this token exists and what it's used for,
+                                    so other administrators can know its purpose.
+                                  type: string
+                                expires:
+                                  description: Expires specifies the timestamp when
+                                    this token expires. Defaults to being set dynamically
+                                    at runtime based on the TTL. Expires and TTL are
+                                    mutually exclusive.
+                                  format: date-time
+                                  type: string
+                                groups:
+                                  description: Groups specifies the extra groups that
+                                    this token will authenticate as when/if used for
+                                    authentication
+                                  items:
+                                    type: string
+                                  type: array
+                                token:
+                                  description: Token is used for establishing bidirectional
+                                    trust between nodes and control-planes. Used for
+                                    joining nodes in the cluster.
+                                  type: string
+                                ttl:
+                                  description: TTL defines the time to live for this
+                                    token. Defaults to 24h. Expires and TTL are mutually
+                                    exclusive.
+                                  type: string
+                                usages:
+                                  description: Usages describes the ways in which
+                                    this token can be used. Can by default be used
+                                    for establishing bidirectional trust, but that
+                                    can be changed here.
+                                  items:
+                                    type: string
+                                  type: array
+                              required:
+                              - token
+                              type: object
+                            type: array
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance that's deployed on this control
+                              plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                              in the sense that ControlPlaneEndpoint is the global
+                              endpoint for the cluster, which then loadbalances the
+                              requests to each individual API server. This configuration
+                              object lets you customize what IP/DNS name and port
+                              the local API server advertises it's accessible on.
+                              By default, kubeadm tries to auto-detect the IP of the
+                              default interface and use that, but in case that process
+                              fails you may set the desired value here.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            type: object
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              ignorePreflightErrors:
+                                description: IgnorePreflightErrors provides a slice
+                                  of pre-flight errors to be ignored when the current
+                                  node is registered.
+                                items:
+                                  type: string
+                                type: array
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  []` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                          patches:
+                            description: Patches contains options related to applying
+                              patches to components deployed by kubeadm during "kubeadm
+                              init". The minimum kubernetes version needed to support
+                              Patches is v1.22
+                            properties:
+                              directory:
+                                description: Directory is a path to a directory that
+                                  contains files named "target[suffix][+patchtype].extension".
+                                  For example, "kube-apiserver0+merge.yaml" or just
+                                  "etcd.json". "target" can be one of "kube-apiserver",
+                                  "kube-controller-manager", "kube-scheduler", "etcd".
+                                  "patchtype" can be one of "strategic" "merge" or
+                                  "json" and they match the patch formats supported
+                                  by kubectl. The default "patchtype" is "strategic".
+                                  "extension" must be either "json" or "yaml". "suffix"
+                                  is an optional string that can be used to determine
+                                  which patches are applied first alpha-numerically.
+                                  These files can be written into the target directory
+                                  via KubeadmConfig.Files which specifies additional
+                                  files to be created on the machine, either with
+                                  content inline or by referencing a secret.
+                                type: string
+                            type: object
+                          skipPhases:
+                            description: SkipPhases is a list of phases to skip during
+                              command execution. The list of phases can be obtained
+                              with the "kubeadm init --help" command. This option
+                              takes effect only on Kubernetes >=1.22.0.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      joinConfiguration:
+                        description: JoinConfiguration is the kubeadm configuration
+                          for the join command
+                        properties:
+                          apiVersion:
+                            description: 'APIVersion defines the versioned schema
+                              of this representation of an object. Servers should
+                              convert recognized schemas to the latest internal value,
+                              and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                            type: string
+                          caCertPath:
+                            description: 'CACertPath is the path to the SSL certificate
+                              authority used to secure comunications between node
+                              and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                              TODO: revisit when there is defaulting from k/k'
+                            type: string
+                          controlPlane:
+                            description: ControlPlane defines the additional control
+                              plane instance to be deployed on the joining node. If
+                              nil, no additional control plane instance will be deployed.
+                            properties:
+                              localAPIEndpoint:
+                                description: LocalAPIEndpoint represents the endpoint
+                                  of the API server instance to be deployed on this
+                                  node.
+                                properties:
+                                  advertiseAddress:
+                                    description: AdvertiseAddress sets the IP address
+                                      for the API server to advertise.
+                                    type: string
+                                  bindPort:
+                                    description: BindPort sets the secure port for
+                                      the API Server to bind to. Defaults to 6443.
+                                    format: int32
+                                    type: integer
+                                type: object
+                            type: object
+                          discovery:
+                            description: 'Discovery specifies the options for the
+                              kubelet to use during the TLS Bootstrap process TODO:
+                              revisit when there is defaulting from k/k'
+                            properties:
+                              bootstrapToken:
+                                description: BootstrapToken is used to set the options
+                                  for bootstrap token based discovery BootstrapToken
+                                  and File are mutually exclusive
+                                properties:
+                                  apiServerEndpoint:
+                                    description: APIServerEndpoint is an IP or domain
+                                      name to the API server from which info will
+                                      be fetched.
+                                    type: string
+                                  caCertHashes:
+                                    description: 'CACertHashes specifies a set of
+                                      public key pins to verify when token-based discovery
+                                      is used. The root CA found during discovery
+                                      must match one of these values. Specifying an
+                                      empty set disables root CA pinning, which can
+                                      be unsafe. Each hash is specified as "<type>:<value>",
+                                      where the only currently supported type is "sha256".
+                                      This is a hex-encoded SHA-256 hash of the Subject
+                                      Public Key Info (SPKI) object in DER-encoded
+                                      ASN.1. These hashes can be calculated using,
+                                      for example, OpenSSL: openssl x509 -pubkey -in
+                                      ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+                                      | openssl dgst -sha256 -hex'
+                                    items:
+                                      type: string
+                                    type: array
+                                  token:
+                                    description: Token is a token used to validate
+                                      cluster information fetched from the control-plane.
+                                    type: string
+                                  unsafeSkipCAVerification:
+                                    description: UnsafeSkipCAVerification allows token-based
+                                      discovery without CA verification via CACertHashes.
+                                      This can weaken the security of kubeadm since
+                                      other nodes can impersonate the control-plane.
+                                    type: boolean
+                                required:
+                                - token
+                                type: object
+                              file:
+                                description: File is used to specify a file or URL
+                                  to a kubeconfig file from which to load cluster
+                                  information BootstrapToken and File are mutually
+                                  exclusive
+                                properties:
+                                  kubeConfigPath:
+                                    description: KubeConfigPath is used to specify
+                                      the actual file path or URL to the kubeconfig
+                                      file from which to load cluster information
+                                    type: string
+                                required:
+                                - kubeConfigPath
+                                type: object
+                              timeout:
+                                description: Timeout modifies the discovery timeout
+                                type: string
+                              tlsBootstrapToken:
+                                description: TLSBootstrapToken is a token used for
+                                  TLS bootstrapping. If .BootstrapToken is set, this
+                                  field is defaulted to .BootstrapToken.Token, but
+                                  can be overridden. If .File is set, this field **must
+                                  be set** in case the KubeConfigFile does not contain
+                                  any other authentication information
+                                type: string
+                            type: object
+                          kind:
+                            description: 'Kind is a string value representing the
+                              REST resource this object represents. Servers may infer
+                              this from the endpoint the client submits requests to.
+                              Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          nodeRegistration:
+                            description: NodeRegistration holds fields that relate
+                              to registering the new control-plane node to the cluster.
+                              When used in the context of control plane nodes, NodeRegistration
+                              should remain consistent across both InitConfiguration
+                              and JoinConfiguration
+                            properties:
+                              criSocket:
+                                description: CRISocket is used to retrieve container
+                                  runtime info. This information will be annotated
+                                  to the Node API object, for later re-use
+                                type: string
+                              ignorePreflightErrors:
+                                description: IgnorePreflightErrors provides a slice
+                                  of pre-flight errors to be ignored when the current
+                                  node is registered.
+                                items:
+                                  type: string
+                                type: array
+                              kubeletExtraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: KubeletExtraArgs passes through extra
+                                  arguments to the kubelet. The arguments here are
+                                  passed to the kubelet command line via the environment
+                                  file kubeadm writes at runtime for the kubelet to
+                                  source. This overrides the generic base-level configuration
+                                  in the kubelet-config-1.X ConfigMap Flags have higher
+                                  priority when parsing. These values are local and
+                                  specific to the node kubeadm is executing on.
+                                type: object
+                              name:
+                                description: Name is the `.Metadata.Name` field of
+                                  the Node API object that will be created in this
+                                  `kubeadm init` or `kubeadm join` operation. This
+                                  field is also used in the CommonName field of the
+                                  kubelet's client certificate to the API server.
+                                  Defaults to the hostname of the node if not provided.
+                                type: string
+                              taints:
+                                description: 'Taints specifies the taints the Node
+                                  API object should be registered with. If this field
+                                  is unset, i.e. nil, in the `kubeadm init` process
+                                  it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                  If you don''t want to taint your control-plane node,
+                                  set this field to an empty slice, i.e. `taints:
+                                  []` in the YAML file. This field is solely used
+                                  for Node registration.'
+                                items:
+                                  description: The node this Taint is attached to
+                                    has the "effect" on any pod that does not tolerate
+                                    the Taint.
+                                  properties:
+                                    effect:
+                                      description: Required. The effect of the taint
+                                        on pods that do not tolerate the taint. Valid
+                                        effects are NoSchedule, PreferNoSchedule and
+                                        NoExecute.
+                                      type: string
+                                    key:
+                                      description: Required. The taint key to be applied
+                                        to a node.
+                                      type: string
+                                    timeAdded:
+                                      description: TimeAdded represents the time at
+                                        which the taint was added. It is only written
+                                        for NoExecute taints.
+                                      format: date-time
+                                      type: string
+                                    value:
+                                      description: The taint value corresponding to
+                                        the taint key.
+                                      type: string
+                                  required:
+                                  - effect
+                                  - key
+                                  type: object
+                                type: array
+                            type: object
+                          patches:
+                            description: Patches contains options related to applying
+                              patches to components deployed by kubeadm during "kubeadm
+                              join". The minimum kubernetes version needed to support
+                              Patches is v1.22
+                            properties:
+                              directory:
+                                description: Directory is a path to a directory that
+                                  contains files named "target[suffix][+patchtype].extension".
+                                  For example, "kube-apiserver0+merge.yaml" or just
+                                  "etcd.json". "target" can be one of "kube-apiserver",
+                                  "kube-controller-manager", "kube-scheduler", "etcd".
+                                  "patchtype" can be one of "strategic" "merge" or
+                                  "json" and they match the patch formats supported
+                                  by kubectl. The default "patchtype" is "strategic".
+                                  "extension" must be either "json" or "yaml". "suffix"
+                                  is an optional string that can be used to determine
+                                  which patches are applied first alpha-numerically.
+                                  These files can be written into the target directory
+                                  via KubeadmConfig.Files which specifies additional
+                                  files to be created on the machine, either with
+                                  content inline or by referencing a secret.
+                                type: string
+                            type: object
+                          skipPhases:
+                            description: SkipPhases is a list of phases to skip during
+                              command execution. The list of phases can be obtained
+                              with the "kubeadm init --help" command. This option
+                              takes effect only on Kubernetes >=1.22.0.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      mounts:
+                        description: Mounts specifies a list of mount points to be
+                          setup.
+                        items:
+                          description: MountPoints defines input for generated mounts
+                            in cloud-init.
+                          items:
+                            type: string
+                          type: array
+                        type: array
+                      ntp:
+                        description: NTP specifies NTP configuration
+                        properties:
+                          enabled:
+                            description: Enabled specifies whether NTP should be enabled
+                            type: boolean
+                          servers:
+                            description: Servers specifies which NTP servers to use
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      postKubeadmCommands:
+                        description: PostKubeadmCommands specifies extra commands
+                          to run after kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      preKubeadmCommands:
+                        description: PreKubeadmCommands specifies extra commands to
+                          run before kubeadm runs
+                        items:
+                          type: string
+                        type: array
+                      useExperimentalRetryJoin:
+                        description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                          command with a shell script with retries for joins. \n This
+                          is meant to be an experimental temporary workaround on some
+                          environments where joins fail due to timing (and other issues).
+                          The long term goal is to add retries to kubeadm proper and
+                          use that functionality. \n This will add about 40KB to userdata
+                          \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+                          \n Deprecated: This experimental fix is no longer needed
+                          and this field will be removed in a future release. When
+                          removing also remove from staticcheck exclude-rules for
+                          SA1019 in golangci.yml"
+                        type: boolean
+                      users:
+                        description: Users specifies extra users to add
+                        items:
+                          description: User defines the input for a generated user
+                            in cloud-init.
+                          properties:
+                            gecos:
+                              description: Gecos specifies the gecos to use for the
+                                user
+                              type: string
+                            groups:
+                              description: Groups specifies the additional groups
+                                for the user
+                              type: string
+                            homeDir:
+                              description: HomeDir specifies the home directory to
+                                use for the user
+                              type: string
+                            inactive:
+                              description: Inactive specifies whether to mark the
+                                user as inactive
+                              type: boolean
+                            lockPassword:
+                              description: LockPassword specifies if password login
+                                should be disabled
+                              type: boolean
+                            name:
+                              description: Name specifies the user name
+                              type: string
+                            passwd:
+                              description: Passwd specifies a hashed password for
+                                the user
+                              type: string
+                            passwdFrom:
+                              description: PasswdFrom is a referenced source of passwd
+                                to populate the passwd.
+                              properties:
+                                secret:
+                                  description: Secret represents a secret that should
+                                    populate this password.
+                                  properties:
+                                    key:
+                                      description: Key is the key in the secret's
+                                        data map for this value.
+                                      type: string
+                                    name:
+                                      description: Name of the secret in the KubeadmBootstrapConfig's
+                                        namespace to use.
+                                      type: string
+                                  required:
+                                  - key
+                                  - name
+                                  type: object
+                              required:
+                              - secret
+                              type: object
+                            primaryGroup:
+                              description: PrimaryGroup specifies the primary group
+                                for the user
+                              type: string
+                            shell:
+                              description: Shell specifies the user's shell
+                              type: string
+                            sshAuthorizedKeys:
+                              description: SSHAuthorizedKeys specifies a list of ssh
+                                authorized keys for the user
+                              items:
+                                type: string
+                              type: array
+                            sudo:
+                              description: Sudo specifies a sudo role for the user
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      verbosity:
+                        description: Verbosity is the number for the kubeadm log level
+                          verbosity. It overrides the `--v` flag in kubeadm commands.
+                        format: int32
+                        type: integer
+                    type: object
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-manager
+  namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-leader-election-role
+  namespace: capi-kubeadm-bootstrap-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - events
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  resources:
+  - kubeadmconfigs
+  - kubeadmconfigs/finalizers
+  - kubeadmconfigs/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  - machinepools
+  - machinepools/status
+  - machines
+  - machines/status
+  - machinesets
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-leader-election-rolebinding
+  namespace: capi-kubeadm-bootstrap-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capi-kubeadm-bootstrap-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: capi-kubeadm-bootstrap-manager
+  namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role
+subjects:
+- kind: ServiceAccount
+  name: capi-kubeadm-bootstrap-manager
+  namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-webhook-service
+  namespace: capi-kubeadm-bootstrap-system
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-kubeadm-bootstrap-controller-manager
+  namespace: capi-kubeadm-bootstrap-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: bootstrap-kubeadm
+      control-plane: controller-manager
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        cluster.x-k8s.io/provider: bootstrap-kubeadm
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        - --metrics-bind-addr=localhost:8080
+        - --feature-gates=MachinePool=false,KubeadmBootstrapFormatIgnition=false
+        - --bootstrap-token-ttl=15m
+        command:
+        - /manager
+        image: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.3.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: healthz
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: healthz
+        resources: {}
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: capi-kubeadm-bootstrap-manager
+      terminationGracePeriodSeconds: 10
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+      volumes:
+      - name: cert
+        secret:
+          secretName: capi-kubeadm-bootstrap-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-serving-cert
+  namespace: capi-kubeadm-bootstrap-system
+spec:
+  dnsNames:
+  - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc
+  - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: capi-kubeadm-bootstrap-selfsigned-issuer
+  secretName: capi-kubeadm-bootstrap-webhook-service-cert
+  subject:
+    organizations:
+    - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-selfsigned-issuer
+  namespace: capi-kubeadm-bootstrap-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-bootstrap-webhook-service
+      namespace: capi-kubeadm-bootstrap-system
+      path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+  failurePolicy: Fail
+  name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - bootstrap.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmconfigs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-bootstrap-webhook-service
+      namespace: capi-kubeadm-bootstrap-system
+      path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+  failurePolicy: Fail
+  name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - bootstrap.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmconfigtemplates
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: bootstrap-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-bootstrap-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-bootstrap-webhook-service
+      namespace: capi-kubeadm-bootstrap-system
+      path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - bootstrap.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmconfigs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-bootstrap-webhook-service
+      namespace: capi-kubeadm-bootstrap-system
+      path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - bootstrap.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmconfigtemplates
+  sideEffects: None
diff --git a/atmosphere/operator/manifests/capi-control-plane.yml b/atmosphere/operator/manifests/capi-control-plane.yml
new file mode 100644
index 0000000..624401d
--- /dev/null
+++ b/atmosphere/operator/manifests/capi-control-plane.yml
@@ -0,0 +1,6645 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-kubeadm-control-plane-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1alpha4: v1alpha4
+    cluster.x-k8s.io/v1beta1: v1beta1
+    clusterctl.cluster.x-k8s.io: ""
+  name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-kubeadm-control-plane-webhook-service
+          namespace: capi-kubeadm-control-plane-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: controlplane.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: KubeadmControlPlane
+    listKind: KubeadmControlPlaneList
+    plural: kubeadmcontrolplanes
+    shortNames:
+    - kcp
+    singular: kubeadmcontrolplane
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: This denotes whether or not the control plane has the uploaded
+        kubeadm-config configmap
+      jsonPath: .status.initialized
+      name: Initialized
+      type: boolean
+    - description: KubeadmControlPlane API Server is ready to receive requests
+      jsonPath: .status.ready
+      name: API Server Available
+      type: boolean
+    - description: Kubernetes version associated with this control plane
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    - description: Total number of non-terminated machines targeted by this control
+        plane
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of fully running and ready control plane machines
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this control
+        plane that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this control plane
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+            properties:
+              infrastructureTemplate:
+                description: InfrastructureTemplate is a required reference to a custom
+                  resource offered by an infrastructure provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              kubeadmConfigSpec:
+                description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+                  and joining machines to the control plane.
+                properties:
+                  clusterConfiguration:
+                    description: ClusterConfiguration along with InitConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiServer:
+                        description: APIServer contains extra settings for the API
+                          server control plane component
+                        properties:
+                          certSANs:
+                            description: CertSANs sets extra Subject Alternative Names
+                              for the API Server signing cert.
+                            items:
+                              type: string
+                            type: array
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                          timeoutForControlPlane:
+                            description: TimeoutForControlPlane controls the timeout
+                              that we use for API server to appear
+                            type: string
+                        type: object
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      certificatesDir:
+                        description: 'CertificatesDir specifies where to store or
+                          look for all required certificates. NB: if not provided,
+                          this will default to `/etc/kubernetes/pki`'
+                        type: string
+                      clusterName:
+                        description: The cluster name
+                        type: string
+                      controlPlaneEndpoint:
+                        description: 'ControlPlaneEndpoint sets a stable IP address
+                          or DNS name for the control plane; it can be a valid IP
+                          address or a RFC-1123 DNS subdomain, both with optional
+                          TCP port. In case the ControlPlaneEndpoint is not specified,
+                          the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+                          is specified but without a TCP port, the BindPort is used.
+                          Possible usages are: e.g. In a cluster with more than one
+                          control plane instances, this field should be assigned the
+                          address of the external load balancer in front of the control
+                          plane instances. e.g.  in environments with enforced node
+                          recycling, the ControlPlaneEndpoint could be used for assigning
+                          a stable DNS to the control plane. NB: This value defaults
+                          to the first value in the Cluster object status.apiEndpoints
+                          array.'
+                        type: string
+                      controllerManager:
+                        description: ControllerManager contains extra settings for
+                          the controller manager control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                      dns:
+                        description: DNS defines the options for the DNS add-on installed
+                          in the cluster.
+                        properties:
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                          type:
+                            description: Type defines the DNS add-on to be used
+                            type: string
+                        type: object
+                      etcd:
+                        description: 'Etcd holds configuration for etcd. NB: This
+                          value defaults to a Local (stacked) etcd'
+                        properties:
+                          external:
+                            description: External describes how to connect to an external
+                              etcd cluster Local and External are mutually exclusive
+                            properties:
+                              caFile:
+                                description: CAFile is an SSL Certificate Authority
+                                  file used to secure etcd communication. Required
+                                  if using a TLS connection.
+                                type: string
+                              certFile:
+                                description: CertFile is an SSL certification file
+                                  used to secure etcd communication. Required if using
+                                  a TLS connection.
+                                type: string
+                              endpoints:
+                                description: Endpoints of etcd members. Required for
+                                  ExternalEtcd.
+                                items:
+                                  type: string
+                                type: array
+                              keyFile:
+                                description: KeyFile is an SSL key file used to secure
+                                  etcd communication. Required if using a TLS connection.
+                                type: string
+                            required:
+                            - caFile
+                            - certFile
+                            - endpoints
+                            - keyFile
+                            type: object
+                          local:
+                            description: Local provides configuration knobs for configuring
+                              the local etcd instance Local and External are mutually
+                              exclusive
+                            properties:
+                              dataDir:
+                                description: DataDir is the directory etcd will place
+                                  its data. Defaults to "/var/lib/etcd".
+                                type: string
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: ExtraArgs are extra arguments provided
+                                  to the etcd binary when run inside a static pod.
+                                type: object
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                              peerCertSANs:
+                                description: PeerCertSANs sets extra Subject Alternative
+                                  Names for the etcd peer signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              serverCertSANs:
+                                description: ServerCertSANs sets extra Subject Alternative
+                                  Names for the etcd server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                        type: object
+                      featureGates:
+                        additionalProperties:
+                          type: boolean
+                        description: FeatureGates enabled by the user.
+                        type: object
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. If empty, `k8s.gcr.io` will be used by
+                          default; in case of kubernetes version is a CI build (kubernetes
+                          version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                          will be used as a default for control plane components and
+                          for kube-proxy, while `k8s.gcr.io` will be used for all
+                          the other images.
+                        type: string
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      kubernetesVersion:
+                        description: 'KubernetesVersion is the target version of the
+                          control plane. NB: This value defaults to the Machine object
+                          spec.version'
+                        type: string
+                      networking:
+                        description: 'Networking holds configuration for the networking
+                          topology of the cluster. NB: This value defaults to the
+                          Cluster object spec.clusterNetwork.'
+                        properties:
+                          dnsDomain:
+                            description: DNSDomain is the dns domain used by k8s services.
+                              Defaults to "cluster.local".
+                            type: string
+                          podSubnet:
+                            description: PodSubnet is the subnet used by pods. If
+                              unset, the API server will not allocate CIDR ranges
+                              for every node. Defaults to a comma-delimited string
+                              of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                              if that is set
+                            type: string
+                          serviceSubnet:
+                            description: ServiceSubnet is the subnet used by k8s services.
+                              Defaults to a comma-delimited string of the Cluster
+                              object's spec.clusterNetwork.pods.cidrBlocks, or to
+                              "10.96.0.0/12" if that's unset.
+                            type: string
+                        type: object
+                      scheduler:
+                        description: Scheduler contains extra settings for the scheduler
+                          control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                      useHyperKubeImage:
+                        description: UseHyperKubeImage controls if hyperkube should
+                          be used for Kubernetes components instead of their respective
+                          separate images
+                        type: boolean
+                    type: object
+                  diskSetup:
+                    description: DiskSetup specifies options for the creation of partition
+                      tables and file systems on devices.
+                    properties:
+                      filesystems:
+                        description: Filesystems specifies the list of file systems
+                          to setup.
+                        items:
+                          description: Filesystem defines the file systems to be created.
+                          properties:
+                            device:
+                              description: Device specifies the device name
+                              type: string
+                            extraOpts:
+                              description: ExtraOpts defined extra options to add
+                                to the command for creating the file system.
+                              items:
+                                type: string
+                              type: array
+                            filesystem:
+                              description: Filesystem specifies the file system type.
+                              type: string
+                            label:
+                              description: Label specifies the file system label to
+                                be used. If set to None, no label is used.
+                              type: string
+                            overwrite:
+                              description: Overwrite defines whether or not to overwrite
+                                any existing filesystem. If true, any pre-existing
+                                file system will be destroyed. Use with Caution.
+                              type: boolean
+                            partition:
+                              description: 'Partition specifies the partition to use.
+                                The valid options are: "auto|any", "auto", "any",
+                                "none", and <NUM>, where NUM is the actual partition
+                                number.'
+                              type: string
+                            replaceFS:
+                              description: 'ReplaceFS is a special directive, used
+                                for Microsoft Azure that instructs cloud-init to replace
+                                a file system of <FS_TYPE>. NOTE: unless you define
+                                a label, this requires the use of the ''any'' partition
+                                directive.'
+                              type: string
+                          required:
+                          - device
+                          - filesystem
+                          - label
+                          type: object
+                        type: array
+                      partitions:
+                        description: Partitions specifies the list of the partitions
+                          to setup.
+                        items:
+                          description: Partition defines how to create and layout
+                            a partition.
+                          properties:
+                            device:
+                              description: Device is the name of the device.
+                              type: string
+                            layout:
+                              description: Layout specifies the device layout. If
+                                it is true, a single partition will be created for
+                                the entire device. When layout is false, it means
+                                don't partition or ignore existing partitioning.
+                              type: boolean
+                            overwrite:
+                              description: Overwrite describes whether to skip checks
+                                and create the partition if a partition or filesystem
+                                is found on the device. Use with caution. Default
+                                is 'false'.
+                              type: boolean
+                            tableType:
+                              description: 'TableType specifies the tupe of partition
+                                table. The following are supported: ''mbr'': default
+                                and setups a MS-DOS partition table ''gpt'': setups
+                                a GPT partition table'
+                              type: string
+                          required:
+                          - device
+                          - layout
+                          type: object
+                        type: array
+                    type: object
+                  files:
+                    description: Files specifies extra files to be passed to user_data
+                      upon creation.
+                    items:
+                      description: File defines the input for generating write_files
+                        in cloud-init.
+                      properties:
+                        content:
+                          description: Content is the actual content of the file.
+                          type: string
+                        contentFrom:
+                          description: ContentFrom is a referenced source of content
+                            to populate the file.
+                          properties:
+                            secret:
+                              description: Secret represents a secret that should
+                                populate this file.
+                              properties:
+                                key:
+                                  description: Key is the key in the secret's data
+                                    map for this value.
+                                  type: string
+                                name:
+                                  description: Name of the secret in the KubeadmBootstrapConfig's
+                                    namespace to use.
+                                  type: string
+                              required:
+                              - key
+                              - name
+                              type: object
+                          required:
+                          - secret
+                          type: object
+                        encoding:
+                          description: Encoding specifies the encoding of the file
+                            contents.
+                          enum:
+                          - base64
+                          - gzip
+                          - gzip+base64
+                          type: string
+                        owner:
+                          description: Owner specifies the ownership of the file,
+                            e.g. "root:root".
+                          type: string
+                        path:
+                          description: Path specifies the full path on disk where
+                            to store the file.
+                          type: string
+                        permissions:
+                          description: Permissions specifies the permissions to assign
+                            to the file, e.g. "0640".
+                          type: string
+                      required:
+                      - path
+                      type: object
+                    type: array
+                  format:
+                    description: Format specifies the output format of the bootstrap
+                      data
+                    enum:
+                    - cloud-config
+                    type: string
+                  initConfiguration:
+                    description: InitConfiguration along with ClusterConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      bootstrapTokens:
+                        description: BootstrapTokens is respected at `kubeadm init`
+                          time and describes a set of Bootstrap Tokens to create.
+                          This information IS NOT uploaded to the kubeadm cluster
+                          configmap, partly because of its sensitive nature
+                        items:
+                          description: BootstrapToken describes one bootstrap token,
+                            stored as a Secret in the cluster.
+                          properties:
+                            description:
+                              description: Description sets a human-friendly message
+                                why this token exists and what it's used for, so other
+                                administrators can know its purpose.
+                              type: string
+                            expires:
+                              description: Expires specifies the timestamp when this
+                                token expires. Defaults to being set dynamically at
+                                runtime based on the TTL. Expires and TTL are mutually
+                                exclusive.
+                              format: date-time
+                              type: string
+                            groups:
+                              description: Groups specifies the extra groups that
+                                this token will authenticate as when/if used for authentication
+                              items:
+                                type: string
+                              type: array
+                            token:
+                              description: Token is used for establishing bidirectional
+                                trust between nodes and control-planes. Used for joining
+                                nodes in the cluster.
+                              type: string
+                            ttl:
+                              description: TTL defines the time to live for this token.
+                                Defaults to 24h. Expires and TTL are mutually exclusive.
+                              type: string
+                            usages:
+                              description: Usages describes the ways in which this
+                                token can be used. Can by default be used for establishing
+                                bidirectional trust, but that can be changed here.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - token
+                          type: object
+                        type: array
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance that's deployed on this control plane
+                          node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                          in the sense that ControlPlaneEndpoint is the global endpoint
+                          for the cluster, which then loadbalances the requests to
+                          each individual API server. This configuration object lets
+                          you customize what IP/DNS name and port the local API server
+                          advertises it's accessible on. By default, kubeadm tries
+                          to auto-detect the IP of the default interface and use that,
+                          but in case that process fails you may set the desired value
+                          here.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        required:
+                        - advertiseAddress
+                        - bindPort
+                        type: object
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: {}`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  joinConfiguration:
+                    description: JoinConfiguration is the kubeadm configuration for
+                      the join command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      caCertPath:
+                        description: 'CACertPath is the path to the SSL certificate
+                          authority used to secure comunications between node and
+                          control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                          TODO: revisit when there is defaulting from k/k'
+                        type: string
+                      controlPlane:
+                        description: ControlPlane defines the additional control plane
+                          instance to be deployed on the joining node. If nil, no
+                          additional control plane instance will be deployed.
+                        properties:
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance to be deployed on this node.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            required:
+                            - advertiseAddress
+                            - bindPort
+                            type: object
+                        type: object
+                      discovery:
+                        description: 'Discovery specifies the options for the kubelet
+                          to use during the TLS Bootstrap process TODO: revisit when
+                          there is defaulting from k/k'
+                        properties:
+                          bootstrapToken:
+                            description: BootstrapToken is used to set the options
+                              for bootstrap token based discovery BootstrapToken and
+                              File are mutually exclusive
+                            properties:
+                              apiServerEndpoint:
+                                description: APIServerEndpoint is an IP or domain
+                                  name to the API server from which info will be fetched.
+                                type: string
+                              caCertHashes:
+                                description: 'CACertHashes specifies a set of public
+                                  key pins to verify when token-based discovery is
+                                  used. The root CA found during discovery must match
+                                  one of these values. Specifying an empty set disables
+                                  root CA pinning, which can be unsafe. Each hash
+                                  is specified as "<type>:<value>", where the only
+                                  currently supported type is "sha256". This is a
+                                  hex-encoded SHA-256 hash of the Subject Public Key
+                                  Info (SPKI) object in DER-encoded ASN.1. These hashes
+                                  can be calculated using, for example, OpenSSL: openssl
+                                  x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                                  der 2>&/dev/null | openssl dgst -sha256 -hex'
+                                items:
+                                  type: string
+                                type: array
+                              token:
+                                description: Token is a token used to validate cluster
+                                  information fetched from the control-plane.
+                                type: string
+                              unsafeSkipCAVerification:
+                                description: UnsafeSkipCAVerification allows token-based
+                                  discovery without CA verification via CACertHashes.
+                                  This can weaken the security of kubeadm since other
+                                  nodes can impersonate the control-plane.
+                                type: boolean
+                            required:
+                            - token
+                            - unsafeSkipCAVerification
+                            type: object
+                          file:
+                            description: File is used to specify a file or URL to
+                              a kubeconfig file from which to load cluster information
+                              BootstrapToken and File are mutually exclusive
+                            properties:
+                              kubeConfigPath:
+                                description: KubeConfigPath is used to specify the
+                                  actual file path or URL to the kubeconfig file from
+                                  which to load cluster information
+                                type: string
+                            required:
+                            - kubeConfigPath
+                            type: object
+                          timeout:
+                            description: Timeout modifies the discovery timeout
+                            type: string
+                          tlsBootstrapToken:
+                            description: 'TLSBootstrapToken is a token used for TLS
+                              bootstrapping. If .BootstrapToken is set, this field
+                              is defaulted to .BootstrapToken.Token, but can be overridden.
+                              If .File is set, this field **must be set** in case
+                              the KubeConfigFile does not contain any other authentication
+                              information TODO: revisit when there is defaulting from
+                              k/k'
+                            type: string
+                        type: object
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: {}`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  mounts:
+                    description: Mounts specifies a list of mount points to be setup.
+                    items:
+                      description: MountPoints defines input for generated mounts
+                        in cloud-init.
+                      items:
+                        type: string
+                      type: array
+                    type: array
+                  ntp:
+                    description: NTP specifies NTP configuration
+                    properties:
+                      enabled:
+                        description: Enabled specifies whether NTP should be enabled
+                        type: boolean
+                      servers:
+                        description: Servers specifies which NTP servers to use
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  postKubeadmCommands:
+                    description: PostKubeadmCommands specifies extra commands to run
+                      after kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  preKubeadmCommands:
+                    description: PreKubeadmCommands specifies extra commands to run
+                      before kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  useExperimentalRetryJoin:
+                    description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                      command with a shell script with retries for joins. \n This
+                      is meant to be an experimental temporary workaround on some
+                      environments where joins fail due to timing (and other issues).
+                      The long term goal is to add retries to kubeadm proper and use
+                      that functionality. \n This will add about 40KB to userdata
+                      \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                    type: boolean
+                  users:
+                    description: Users specifies extra users to add
+                    items:
+                      description: User defines the input for a generated user in
+                        cloud-init.
+                      properties:
+                        gecos:
+                          description: Gecos specifies the gecos to use for the user
+                          type: string
+                        groups:
+                          description: Groups specifies the additional groups for
+                            the user
+                          type: string
+                        homeDir:
+                          description: HomeDir specifies the home directory to use
+                            for the user
+                          type: string
+                        inactive:
+                          description: Inactive specifies whether to mark the user
+                            as inactive
+                          type: boolean
+                        lockPassword:
+                          description: LockPassword specifies if password login should
+                            be disabled
+                          type: boolean
+                        name:
+                          description: Name specifies the user name
+                          type: string
+                        passwd:
+                          description: Passwd specifies a hashed password for the
+                            user
+                          type: string
+                        primaryGroup:
+                          description: PrimaryGroup specifies the primary group for
+                            the user
+                          type: string
+                        shell:
+                          description: Shell specifies the user's shell
+                          type: string
+                        sshAuthorizedKeys:
+                          description: SSHAuthorizedKeys specifies a list of ssh authorized
+                            keys for the user
+                          items:
+                            type: string
+                          type: array
+                        sudo:
+                          description: Sudo specifies a sudo role for the user
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  verbosity:
+                    description: Verbosity is the number for the kubeadm log level
+                      verbosity. It overrides the `--v` flag in kubeadm commands.
+                    format: int32
+                    type: integer
+                type: object
+              nodeDrainTimeout:
+                description: 'NodeDrainTimeout is the total amount of time that the
+                  controller will spend on draining a controlplane node The default
+                  value is 0, meaning that the node can be drained without any time
+                  limitations. NOTE: NodeDrainTimeout is different from `kubectl drain
+                  --timeout`'
+                type: string
+              replicas:
+                description: Number of desired machines. Defaults to 1. When stacked
+                  etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+                  This is a pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              rolloutStrategy:
+                description: The RolloutStrategy to use to replace control plane machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if RolloutStrategyType
+                      = RollingUpdate.
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of control planes that can
+                          be scheduled above or under the desired number of control
+                          planes. Value can be an absolute number 1 or 0. Defaults
+                          to 1. Example: when this is set to 1, the control plane
+                          can be scaled up immediately when the rolling update starts.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of rollout. Currently the only supported strategy
+                      is "RollingUpdate". Default is RollingUpdate.
+                    type: string
+                type: object
+              upgradeAfter:
+                description: UpgradeAfter is a field to indicate an upgrade should
+                  be performed after the specified time even if no changes have been
+                  made to the KubeadmControlPlane
+                format: date-time
+                type: string
+              version:
+                description: Version defines the desired Kubernetes version.
+                type: string
+            required:
+            - infrastructureTemplate
+            - kubeadmConfigSpec
+            - version
+            type: object
+          status:
+            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the KubeadmControlPlane.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: ErrorMessage indicates that there is a terminal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a terminal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              initialized:
+                description: Initialized denotes whether or not the control plane
+                  has the uploaded kubeadm-config configmap.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready denotes that the KubeadmControlPlane API Server
+                  is ready to receive requests.
+                type: boolean
+              readyReplicas:
+                description: Total number of fully running and ready control plane
+                  machines.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the label selector in string format to avoid
+                  introspection by clients, and is used to provide the CRD-based integration
+                  for the scale subresource and additional integrations for things
+                  like kubectl describe.. The string will be in the same format as
+                  the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  control plane. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet ready or machines
+                  that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane that have the desired template spec.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmControlPlane
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: This denotes whether or not the control plane has the uploaded
+        kubeadm-config configmap
+      jsonPath: .status.initialized
+      name: Initialized
+      type: boolean
+    - description: KubeadmControlPlane API Server is ready to receive requests
+      jsonPath: .status.ready
+      name: API Server Available
+      type: boolean
+    - description: Kubernetes version associated with this control plane
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    - description: Total number of non-terminated machines targeted by this control
+        plane
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of fully running and ready control plane machines
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this control
+        plane that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this control plane
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+            properties:
+              kubeadmConfigSpec:
+                description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+                  and joining machines to the control plane.
+                properties:
+                  clusterConfiguration:
+                    description: ClusterConfiguration along with InitConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiServer:
+                        description: APIServer contains extra settings for the API
+                          server control plane component
+                        properties:
+                          certSANs:
+                            description: CertSANs sets extra Subject Alternative Names
+                              for the API Server signing cert.
+                            items:
+                              type: string
+                            type: array
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                          timeoutForControlPlane:
+                            description: TimeoutForControlPlane controls the timeout
+                              that we use for API server to appear
+                            type: string
+                        type: object
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      certificatesDir:
+                        description: 'CertificatesDir specifies where to store or
+                          look for all required certificates. NB: if not provided,
+                          this will default to `/etc/kubernetes/pki`'
+                        type: string
+                      clusterName:
+                        description: The cluster name
+                        type: string
+                      controlPlaneEndpoint:
+                        description: 'ControlPlaneEndpoint sets a stable IP address
+                          or DNS name for the control plane; it can be a valid IP
+                          address or a RFC-1123 DNS subdomain, both with optional
+                          TCP port. In case the ControlPlaneEndpoint is not specified,
+                          the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+                          is specified but without a TCP port, the BindPort is used.
+                          Possible usages are: e.g. In a cluster with more than one
+                          control plane instances, this field should be assigned the
+                          address of the external load balancer in front of the control
+                          plane instances. e.g.  in environments with enforced node
+                          recycling, the ControlPlaneEndpoint could be used for assigning
+                          a stable DNS to the control plane. NB: This value defaults
+                          to the first value in the Cluster object status.apiEndpoints
+                          array.'
+                        type: string
+                      controllerManager:
+                        description: ControllerManager contains extra settings for
+                          the controller manager control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                      dns:
+                        description: DNS defines the options for the DNS add-on installed
+                          in the cluster.
+                        properties:
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                        type: object
+                      etcd:
+                        description: 'Etcd holds configuration for etcd. NB: This
+                          value defaults to a Local (stacked) etcd'
+                        properties:
+                          external:
+                            description: External describes how to connect to an external
+                              etcd cluster Local and External are mutually exclusive
+                            properties:
+                              caFile:
+                                description: CAFile is an SSL Certificate Authority
+                                  file used to secure etcd communication. Required
+                                  if using a TLS connection.
+                                type: string
+                              certFile:
+                                description: CertFile is an SSL certification file
+                                  used to secure etcd communication. Required if using
+                                  a TLS connection.
+                                type: string
+                              endpoints:
+                                description: Endpoints of etcd members. Required for
+                                  ExternalEtcd.
+                                items:
+                                  type: string
+                                type: array
+                              keyFile:
+                                description: KeyFile is an SSL key file used to secure
+                                  etcd communication. Required if using a TLS connection.
+                                type: string
+                            required:
+                            - caFile
+                            - certFile
+                            - endpoints
+                            - keyFile
+                            type: object
+                          local:
+                            description: Local provides configuration knobs for configuring
+                              the local etcd instance Local and External are mutually
+                              exclusive
+                            properties:
+                              dataDir:
+                                description: DataDir is the directory etcd will place
+                                  its data. Defaults to "/var/lib/etcd".
+                                type: string
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: ExtraArgs are extra arguments provided
+                                  to the etcd binary when run inside a static pod.
+                                type: object
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                              peerCertSANs:
+                                description: PeerCertSANs sets extra Subject Alternative
+                                  Names for the etcd peer signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              serverCertSANs:
+                                description: ServerCertSANs sets extra Subject Alternative
+                                  Names for the etcd server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                        type: object
+                      featureGates:
+                        additionalProperties:
+                          type: boolean
+                        description: FeatureGates enabled by the user.
+                        type: object
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. If empty, `registry.k8s.io` will be used
+                          by default; in case of kubernetes version is a CI build
+                          (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                          will be used as a default for control plane components and
+                          for kube-proxy, while `registry.k8s.io` will be used for
+                          all the other images.
+                        type: string
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      kubernetesVersion:
+                        description: 'KubernetesVersion is the target version of the
+                          control plane. NB: This value defaults to the Machine object
+                          spec.version'
+                        type: string
+                      networking:
+                        description: 'Networking holds configuration for the networking
+                          topology of the cluster. NB: This value defaults to the
+                          Cluster object spec.clusterNetwork.'
+                        properties:
+                          dnsDomain:
+                            description: DNSDomain is the dns domain used by k8s services.
+                              Defaults to "cluster.local".
+                            type: string
+                          podSubnet:
+                            description: PodSubnet is the subnet used by pods. If
+                              unset, the API server will not allocate CIDR ranges
+                              for every node. Defaults to a comma-delimited string
+                              of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                              if that is set
+                            type: string
+                          serviceSubnet:
+                            description: ServiceSubnet is the subnet used by k8s services.
+                              Defaults to a comma-delimited string of the Cluster
+                              object's spec.clusterNetwork.pods.cidrBlocks, or to
+                              "10.96.0.0/12" if that's unset.
+                            type: string
+                        type: object
+                      scheduler:
+                        description: Scheduler contains extra settings for the scheduler
+                          control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  diskSetup:
+                    description: DiskSetup specifies options for the creation of partition
+                      tables and file systems on devices.
+                    properties:
+                      filesystems:
+                        description: Filesystems specifies the list of file systems
+                          to setup.
+                        items:
+                          description: Filesystem defines the file systems to be created.
+                          properties:
+                            device:
+                              description: Device specifies the device name
+                              type: string
+                            extraOpts:
+                              description: ExtraOpts defined extra options to add
+                                to the command for creating the file system.
+                              items:
+                                type: string
+                              type: array
+                            filesystem:
+                              description: Filesystem specifies the file system type.
+                              type: string
+                            label:
+                              description: Label specifies the file system label to
+                                be used. If set to None, no label is used.
+                              type: string
+                            overwrite:
+                              description: Overwrite defines whether or not to overwrite
+                                any existing filesystem. If true, any pre-existing
+                                file system will be destroyed. Use with Caution.
+                              type: boolean
+                            partition:
+                              description: 'Partition specifies the partition to use.
+                                The valid options are: "auto|any", "auto", "any",
+                                "none", and <NUM>, where NUM is the actual partition
+                                number.'
+                              type: string
+                            replaceFS:
+                              description: 'ReplaceFS is a special directive, used
+                                for Microsoft Azure that instructs cloud-init to replace
+                                a file system of <FS_TYPE>. NOTE: unless you define
+                                a label, this requires the use of the ''any'' partition
+                                directive.'
+                              type: string
+                          required:
+                          - device
+                          - filesystem
+                          - label
+                          type: object
+                        type: array
+                      partitions:
+                        description: Partitions specifies the list of the partitions
+                          to setup.
+                        items:
+                          description: Partition defines how to create and layout
+                            a partition.
+                          properties:
+                            device:
+                              description: Device is the name of the device.
+                              type: string
+                            layout:
+                              description: Layout specifies the device layout. If
+                                it is true, a single partition will be created for
+                                the entire device. When layout is false, it means
+                                don't partition or ignore existing partitioning.
+                              type: boolean
+                            overwrite:
+                              description: Overwrite describes whether to skip checks
+                                and create the partition if a partition or filesystem
+                                is found on the device. Use with caution. Default
+                                is 'false'.
+                              type: boolean
+                            tableType:
+                              description: 'TableType specifies the tupe of partition
+                                table. The following are supported: ''mbr'': default
+                                and setups a MS-DOS partition table ''gpt'': setups
+                                a GPT partition table'
+                              type: string
+                          required:
+                          - device
+                          - layout
+                          type: object
+                        type: array
+                    type: object
+                  files:
+                    description: Files specifies extra files to be passed to user_data
+                      upon creation.
+                    items:
+                      description: File defines the input for generating write_files
+                        in cloud-init.
+                      properties:
+                        content:
+                          description: Content is the actual content of the file.
+                          type: string
+                        contentFrom:
+                          description: ContentFrom is a referenced source of content
+                            to populate the file.
+                          properties:
+                            secret:
+                              description: Secret represents a secret that should
+                                populate this file.
+                              properties:
+                                key:
+                                  description: Key is the key in the secret's data
+                                    map for this value.
+                                  type: string
+                                name:
+                                  description: Name of the secret in the KubeadmBootstrapConfig's
+                                    namespace to use.
+                                  type: string
+                              required:
+                              - key
+                              - name
+                              type: object
+                          required:
+                          - secret
+                          type: object
+                        encoding:
+                          description: Encoding specifies the encoding of the file
+                            contents.
+                          enum:
+                          - base64
+                          - gzip
+                          - gzip+base64
+                          type: string
+                        owner:
+                          description: Owner specifies the ownership of the file,
+                            e.g. "root:root".
+                          type: string
+                        path:
+                          description: Path specifies the full path on disk where
+                            to store the file.
+                          type: string
+                        permissions:
+                          description: Permissions specifies the permissions to assign
+                            to the file, e.g. "0640".
+                          type: string
+                      required:
+                      - path
+                      type: object
+                    type: array
+                  format:
+                    description: Format specifies the output format of the bootstrap
+                      data
+                    enum:
+                    - cloud-config
+                    type: string
+                  initConfiguration:
+                    description: InitConfiguration along with ClusterConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      bootstrapTokens:
+                        description: BootstrapTokens is respected at `kubeadm init`
+                          time and describes a set of Bootstrap Tokens to create.
+                          This information IS NOT uploaded to the kubeadm cluster
+                          configmap, partly because of its sensitive nature
+                        items:
+                          description: BootstrapToken describes one bootstrap token,
+                            stored as a Secret in the cluster.
+                          properties:
+                            description:
+                              description: Description sets a human-friendly message
+                                why this token exists and what it's used for, so other
+                                administrators can know its purpose.
+                              type: string
+                            expires:
+                              description: Expires specifies the timestamp when this
+                                token expires. Defaults to being set dynamically at
+                                runtime based on the TTL. Expires and TTL are mutually
+                                exclusive.
+                              format: date-time
+                              type: string
+                            groups:
+                              description: Groups specifies the extra groups that
+                                this token will authenticate as when/if used for authentication
+                              items:
+                                type: string
+                              type: array
+                            token:
+                              description: Token is used for establishing bidirectional
+                                trust between nodes and control-planes. Used for joining
+                                nodes in the cluster.
+                              type: string
+                            ttl:
+                              description: TTL defines the time to live for this token.
+                                Defaults to 24h. Expires and TTL are mutually exclusive.
+                              type: string
+                            usages:
+                              description: Usages describes the ways in which this
+                                token can be used. Can by default be used for establishing
+                                bidirectional trust, but that can be changed here.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - token
+                          type: object
+                        type: array
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance that's deployed on this control plane
+                          node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                          in the sense that ControlPlaneEndpoint is the global endpoint
+                          for the cluster, which then loadbalances the requests to
+                          each individual API server. This configuration object lets
+                          you customize what IP/DNS name and port the local API server
+                          advertises it's accessible on. By default, kubeadm tries
+                          to auto-detect the IP of the default interface and use that,
+                          but in case that process fails you may set the desired value
+                          here.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        type: object
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          ignorePreflightErrors:
+                            description: IgnorePreflightErrors provides a slice of
+                              pre-flight errors to be ignored when the current node
+                              is registered.
+                            items:
+                              type: string
+                            type: array
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: {}`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  joinConfiguration:
+                    description: JoinConfiguration is the kubeadm configuration for
+                      the join command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      caCertPath:
+                        description: 'CACertPath is the path to the SSL certificate
+                          authority used to secure comunications between node and
+                          control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                          TODO: revisit when there is defaulting from k/k'
+                        type: string
+                      controlPlane:
+                        description: ControlPlane defines the additional control plane
+                          instance to be deployed on the joining node. If nil, no
+                          additional control plane instance will be deployed.
+                        properties:
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance to be deployed on this node.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            type: object
+                        type: object
+                      discovery:
+                        description: 'Discovery specifies the options for the kubelet
+                          to use during the TLS Bootstrap process TODO: revisit when
+                          there is defaulting from k/k'
+                        properties:
+                          bootstrapToken:
+                            description: BootstrapToken is used to set the options
+                              for bootstrap token based discovery BootstrapToken and
+                              File are mutually exclusive
+                            properties:
+                              apiServerEndpoint:
+                                description: APIServerEndpoint is an IP or domain
+                                  name to the API server from which info will be fetched.
+                                type: string
+                              caCertHashes:
+                                description: 'CACertHashes specifies a set of public
+                                  key pins to verify when token-based discovery is
+                                  used. The root CA found during discovery must match
+                                  one of these values. Specifying an empty set disables
+                                  root CA pinning, which can be unsafe. Each hash
+                                  is specified as "<type>:<value>", where the only
+                                  currently supported type is "sha256". This is a
+                                  hex-encoded SHA-256 hash of the Subject Public Key
+                                  Info (SPKI) object in DER-encoded ASN.1. These hashes
+                                  can be calculated using, for example, OpenSSL: openssl
+                                  x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                                  der 2>&/dev/null | openssl dgst -sha256 -hex'
+                                items:
+                                  type: string
+                                type: array
+                              token:
+                                description: Token is a token used to validate cluster
+                                  information fetched from the control-plane.
+                                type: string
+                              unsafeSkipCAVerification:
+                                description: UnsafeSkipCAVerification allows token-based
+                                  discovery without CA verification via CACertHashes.
+                                  This can weaken the security of kubeadm since other
+                                  nodes can impersonate the control-plane.
+                                type: boolean
+                            required:
+                            - token
+                            type: object
+                          file:
+                            description: File is used to specify a file or URL to
+                              a kubeconfig file from which to load cluster information
+                              BootstrapToken and File are mutually exclusive
+                            properties:
+                              kubeConfigPath:
+                                description: KubeConfigPath is used to specify the
+                                  actual file path or URL to the kubeconfig file from
+                                  which to load cluster information
+                                type: string
+                            required:
+                            - kubeConfigPath
+                            type: object
+                          timeout:
+                            description: Timeout modifies the discovery timeout
+                            type: string
+                          tlsBootstrapToken:
+                            description: TLSBootstrapToken is a token used for TLS
+                              bootstrapping. If .BootstrapToken is set, this field
+                              is defaulted to .BootstrapToken.Token, but can be overridden.
+                              If .File is set, this field **must be set** in case
+                              the KubeConfigFile does not contain any other authentication
+                              information
+                            type: string
+                        type: object
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          ignorePreflightErrors:
+                            description: IgnorePreflightErrors provides a slice of
+                              pre-flight errors to be ignored when the current node
+                              is registered.
+                            items:
+                              type: string
+                            type: array
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: {}`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  mounts:
+                    description: Mounts specifies a list of mount points to be setup.
+                    items:
+                      description: MountPoints defines input for generated mounts
+                        in cloud-init.
+                      items:
+                        type: string
+                      type: array
+                    type: array
+                  ntp:
+                    description: NTP specifies NTP configuration
+                    properties:
+                      enabled:
+                        description: Enabled specifies whether NTP should be enabled
+                        type: boolean
+                      servers:
+                        description: Servers specifies which NTP servers to use
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  postKubeadmCommands:
+                    description: PostKubeadmCommands specifies extra commands to run
+                      after kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  preKubeadmCommands:
+                    description: PreKubeadmCommands specifies extra commands to run
+                      before kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  useExperimentalRetryJoin:
+                    description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                      command with a shell script with retries for joins. \n This
+                      is meant to be an experimental temporary workaround on some
+                      environments where joins fail due to timing (and other issues).
+                      The long term goal is to add retries to kubeadm proper and use
+                      that functionality. \n This will add about 40KB to userdata
+                      \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                    type: boolean
+                  users:
+                    description: Users specifies extra users to add
+                    items:
+                      description: User defines the input for a generated user in
+                        cloud-init.
+                      properties:
+                        gecos:
+                          description: Gecos specifies the gecos to use for the user
+                          type: string
+                        groups:
+                          description: Groups specifies the additional groups for
+                            the user
+                          type: string
+                        homeDir:
+                          description: HomeDir specifies the home directory to use
+                            for the user
+                          type: string
+                        inactive:
+                          description: Inactive specifies whether to mark the user
+                            as inactive
+                          type: boolean
+                        lockPassword:
+                          description: LockPassword specifies if password login should
+                            be disabled
+                          type: boolean
+                        name:
+                          description: Name specifies the user name
+                          type: string
+                        passwd:
+                          description: Passwd specifies a hashed password for the
+                            user
+                          type: string
+                        primaryGroup:
+                          description: PrimaryGroup specifies the primary group for
+                            the user
+                          type: string
+                        shell:
+                          description: Shell specifies the user's shell
+                          type: string
+                        sshAuthorizedKeys:
+                          description: SSHAuthorizedKeys specifies a list of ssh authorized
+                            keys for the user
+                          items:
+                            type: string
+                          type: array
+                        sudo:
+                          description: Sudo specifies a sudo role for the user
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  verbosity:
+                    description: Verbosity is the number for the kubeadm log level
+                      verbosity. It overrides the `--v` flag in kubeadm commands.
+                    format: int32
+                    type: integer
+                type: object
+              machineTemplate:
+                description: MachineTemplate contains information about how machines
+                  should be shaped when creating or updating a control plane.
+                properties:
+                  infrastructureRef:
+                    description: InfrastructureRef is a required reference to a custom
+                      resource offered by an infrastructure provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  nodeDrainTimeout:
+                    description: 'NodeDrainTimeout is the total amount of time that
+                      the controller will spend on draining a controlplane node The
+                      default value is 0, meaning that the node can be drained without
+                      any time limitations. NOTE: NodeDrainTimeout is different from
+                      `kubectl drain --timeout`'
+                    type: string
+                required:
+                - infrastructureRef
+                type: object
+              replicas:
+                description: Number of desired machines. Defaults to 1. When stacked
+                  etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+                  This is a pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              rolloutAfter:
+                description: RolloutAfter is a field to indicate a rollout should
+                  be performed after the specified time even if no changes have been
+                  made to the KubeadmControlPlane.
+                format: date-time
+                type: string
+              rolloutStrategy:
+                default:
+                  rollingUpdate:
+                    maxSurge: 1
+                  type: RollingUpdate
+                description: The RolloutStrategy to use to replace control plane machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if RolloutStrategyType
+                      = RollingUpdate.
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of control planes that can
+                          be scheduled above or under the desired number of control
+                          planes. Value can be an absolute number 1 or 0. Defaults
+                          to 1. Example: when this is set to 1, the control plane
+                          can be scaled up immediately when the rolling update starts.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of rollout. Currently the only supported strategy
+                      is "RollingUpdate". Default is RollingUpdate.
+                    type: string
+                type: object
+              version:
+                description: Version defines the desired Kubernetes version.
+                type: string
+            required:
+            - kubeadmConfigSpec
+            - machineTemplate
+            - version
+            type: object
+          status:
+            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the KubeadmControlPlane.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: ErrorMessage indicates that there is a terminal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a terminal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              initialized:
+                description: Initialized denotes whether or not the control plane
+                  has the uploaded kubeadm-config configmap.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready denotes that the KubeadmControlPlane API Server
+                  is ready to receive requests.
+                type: boolean
+              readyReplicas:
+                description: Total number of fully running and ready control plane
+                  machines.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the label selector in string format to avoid
+                  introspection by clients, and is used to provide the CRD-based integration
+                  for the scale subresource and additional integrations for things
+                  like kubectl describe.. The string will be in the same format as
+                  the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  control plane. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet ready or machines
+                  that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane that have the desired template spec.
+                format: int32
+                type: integer
+              version:
+                description: Version represents the minimum Kubernetes version for
+                  the control plane machines in the cluster.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+      name: Cluster
+      type: string
+    - description: This denotes whether or not the control plane has the uploaded
+        kubeadm-config configmap
+      jsonPath: .status.initialized
+      name: Initialized
+      type: boolean
+    - description: KubeadmControlPlane API Server is ready to receive requests
+      jsonPath: .status.ready
+      name: API Server Available
+      type: boolean
+    - description: Total number of machines desired by this control plane
+      jsonPath: .spec.replicas
+      name: Desired
+      priority: 10
+      type: integer
+    - description: Total number of non-terminated machines targeted by this control
+        plane
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of fully running and ready control plane machines
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this control
+        plane that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this control plane
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    - description: Time duration since creation of KubeadmControlPlane
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this control plane
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+            properties:
+              kubeadmConfigSpec:
+                description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+                  and joining machines to the control plane.
+                properties:
+                  clusterConfiguration:
+                    description: ClusterConfiguration along with InitConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiServer:
+                        description: APIServer contains extra settings for the API
+                          server control plane component
+                        properties:
+                          certSANs:
+                            description: CertSANs sets extra Subject Alternative Names
+                              for the API Server signing cert.
+                            items:
+                              type: string
+                            type: array
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                          timeoutForControlPlane:
+                            description: TimeoutForControlPlane controls the timeout
+                              that we use for API server to appear
+                            type: string
+                        type: object
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      certificatesDir:
+                        description: 'CertificatesDir specifies where to store or
+                          look for all required certificates. NB: if not provided,
+                          this will default to `/etc/kubernetes/pki`'
+                        type: string
+                      clusterName:
+                        description: The cluster name
+                        type: string
+                      controlPlaneEndpoint:
+                        description: 'ControlPlaneEndpoint sets a stable IP address
+                          or DNS name for the control plane; it can be a valid IP
+                          address or a RFC-1123 DNS subdomain, both with optional
+                          TCP port. In case the ControlPlaneEndpoint is not specified,
+                          the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+                          is specified but without a TCP port, the BindPort is used.
+                          Possible usages are: e.g. In a cluster with more than one
+                          control plane instances, this field should be assigned the
+                          address of the external load balancer in front of the control
+                          plane instances. e.g.  in environments with enforced node
+                          recycling, the ControlPlaneEndpoint could be used for assigning
+                          a stable DNS to the control plane. NB: This value defaults
+                          to the first value in the Cluster object status.apiEndpoints
+                          array.'
+                        type: string
+                      controllerManager:
+                        description: ControllerManager contains extra settings for
+                          the controller manager control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                      dns:
+                        description: DNS defines the options for the DNS add-on installed
+                          in the cluster.
+                        properties:
+                          imageRepository:
+                            description: ImageRepository sets the container registry
+                              to pull images from. if not set, the ImageRepository
+                              defined in ClusterConfiguration will be used instead.
+                            type: string
+                          imageTag:
+                            description: ImageTag allows to specify a tag for the
+                              image. In case this value is set, kubeadm does not change
+                              automatically the version of the above components during
+                              upgrades.
+                            type: string
+                        type: object
+                      etcd:
+                        description: 'Etcd holds configuration for etcd. NB: This
+                          value defaults to a Local (stacked) etcd'
+                        properties:
+                          external:
+                            description: External describes how to connect to an external
+                              etcd cluster Local and External are mutually exclusive
+                            properties:
+                              caFile:
+                                description: CAFile is an SSL Certificate Authority
+                                  file used to secure etcd communication. Required
+                                  if using a TLS connection.
+                                type: string
+                              certFile:
+                                description: CertFile is an SSL certification file
+                                  used to secure etcd communication. Required if using
+                                  a TLS connection.
+                                type: string
+                              endpoints:
+                                description: Endpoints of etcd members. Required for
+                                  ExternalEtcd.
+                                items:
+                                  type: string
+                                type: array
+                              keyFile:
+                                description: KeyFile is an SSL key file used to secure
+                                  etcd communication. Required if using a TLS connection.
+                                type: string
+                            required:
+                            - caFile
+                            - certFile
+                            - endpoints
+                            - keyFile
+                            type: object
+                          local:
+                            description: Local provides configuration knobs for configuring
+                              the local etcd instance Local and External are mutually
+                              exclusive
+                            properties:
+                              dataDir:
+                                description: DataDir is the directory etcd will place
+                                  its data. Defaults to "/var/lib/etcd".
+                                type: string
+                              extraArgs:
+                                additionalProperties:
+                                  type: string
+                                description: ExtraArgs are extra arguments provided
+                                  to the etcd binary when run inside a static pod.
+                                type: object
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. if not set, the ImageRepository
+                                  defined in ClusterConfiguration will be used instead.
+                                type: string
+                              imageTag:
+                                description: ImageTag allows to specify a tag for
+                                  the image. In case this value is set, kubeadm does
+                                  not change automatically the version of the above
+                                  components during upgrades.
+                                type: string
+                              peerCertSANs:
+                                description: PeerCertSANs sets extra Subject Alternative
+                                  Names for the etcd peer signing cert.
+                                items:
+                                  type: string
+                                type: array
+                              serverCertSANs:
+                                description: ServerCertSANs sets extra Subject Alternative
+                                  Names for the etcd server signing cert.
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                        type: object
+                      featureGates:
+                        additionalProperties:
+                          type: boolean
+                        description: FeatureGates enabled by the user.
+                        type: object
+                      imageRepository:
+                        description: ImageRepository sets the container registry to
+                          pull images from. If empty, `registry.k8s.io` will be used
+                          by default; in case of kubernetes version is a CI build
+                          (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+                          will be used as a default for control plane components and
+                          for kube-proxy, while `registry.k8s.io` will be used for
+                          all the other images.
+                        type: string
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      kubernetesVersion:
+                        description: 'KubernetesVersion is the target version of the
+                          control plane. NB: This value defaults to the Machine object
+                          spec.version'
+                        type: string
+                      networking:
+                        description: 'Networking holds configuration for the networking
+                          topology of the cluster. NB: This value defaults to the
+                          Cluster object spec.clusterNetwork.'
+                        properties:
+                          dnsDomain:
+                            description: DNSDomain is the dns domain used by k8s services.
+                              Defaults to "cluster.local".
+                            type: string
+                          podSubnet:
+                            description: PodSubnet is the subnet used by pods. If
+                              unset, the API server will not allocate CIDR ranges
+                              for every node. Defaults to a comma-delimited string
+                              of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                              if that is set
+                            type: string
+                          serviceSubnet:
+                            description: ServiceSubnet is the subnet used by k8s services.
+                              Defaults to a comma-delimited string of the Cluster
+                              object's spec.clusterNetwork.pods.cidrBlocks, or to
+                              "10.96.0.0/12" if that's unset.
+                            type: string
+                        type: object
+                      scheduler:
+                        description: Scheduler contains extra settings for the scheduler
+                          control plane component
+                        properties:
+                          extraArgs:
+                            additionalProperties:
+                              type: string
+                            description: 'ExtraArgs is an extra set of flags to pass
+                              to the control plane component. TODO: This is temporary
+                              and ideally we would like to switch all components to
+                              use ComponentConfig + ConfigMaps.'
+                            type: object
+                          extraVolumes:
+                            description: ExtraVolumes is an extra set of host volumes,
+                              mounted to the control plane component.
+                            items:
+                              description: HostPathMount contains elements describing
+                                volumes that are mounted from the host.
+                              properties:
+                                hostPath:
+                                  description: HostPath is the path in the host that
+                                    will be mounted inside the pod.
+                                  type: string
+                                mountPath:
+                                  description: MountPath is the path inside the pod
+                                    where hostPath will be mounted.
+                                  type: string
+                                name:
+                                  description: Name of the volume inside the pod template.
+                                  type: string
+                                pathType:
+                                  description: PathType is the type of the HostPath.
+                                  type: string
+                                readOnly:
+                                  description: ReadOnly controls write access to the
+                                    volume
+                                  type: boolean
+                              required:
+                              - hostPath
+                              - mountPath
+                              - name
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  diskSetup:
+                    description: DiskSetup specifies options for the creation of partition
+                      tables and file systems on devices.
+                    properties:
+                      filesystems:
+                        description: Filesystems specifies the list of file systems
+                          to setup.
+                        items:
+                          description: Filesystem defines the file systems to be created.
+                          properties:
+                            device:
+                              description: Device specifies the device name
+                              type: string
+                            extraOpts:
+                              description: ExtraOpts defined extra options to add
+                                to the command for creating the file system.
+                              items:
+                                type: string
+                              type: array
+                            filesystem:
+                              description: Filesystem specifies the file system type.
+                              type: string
+                            label:
+                              description: Label specifies the file system label to
+                                be used. If set to None, no label is used.
+                              type: string
+                            overwrite:
+                              description: Overwrite defines whether or not to overwrite
+                                any existing filesystem. If true, any pre-existing
+                                file system will be destroyed. Use with Caution.
+                              type: boolean
+                            partition:
+                              description: 'Partition specifies the partition to use.
+                                The valid options are: "auto|any", "auto", "any",
+                                "none", and <NUM>, where NUM is the actual partition
+                                number.'
+                              type: string
+                            replaceFS:
+                              description: 'ReplaceFS is a special directive, used
+                                for Microsoft Azure that instructs cloud-init to replace
+                                a file system of <FS_TYPE>. NOTE: unless you define
+                                a label, this requires the use of the ''any'' partition
+                                directive.'
+                              type: string
+                          required:
+                          - device
+                          - filesystem
+                          - label
+                          type: object
+                        type: array
+                      partitions:
+                        description: Partitions specifies the list of the partitions
+                          to setup.
+                        items:
+                          description: Partition defines how to create and layout
+                            a partition.
+                          properties:
+                            device:
+                              description: Device is the name of the device.
+                              type: string
+                            layout:
+                              description: Layout specifies the device layout. If
+                                it is true, a single partition will be created for
+                                the entire device. When layout is false, it means
+                                don't partition or ignore existing partitioning.
+                              type: boolean
+                            overwrite:
+                              description: Overwrite describes whether to skip checks
+                                and create the partition if a partition or filesystem
+                                is found on the device. Use with caution. Default
+                                is 'false'.
+                              type: boolean
+                            tableType:
+                              description: 'TableType specifies the tupe of partition
+                                table. The following are supported: ''mbr'': default
+                                and setups a MS-DOS partition table ''gpt'': setups
+                                a GPT partition table'
+                              type: string
+                          required:
+                          - device
+                          - layout
+                          type: object
+                        type: array
+                    type: object
+                  files:
+                    description: Files specifies extra files to be passed to user_data
+                      upon creation.
+                    items:
+                      description: File defines the input for generating write_files
+                        in cloud-init.
+                      properties:
+                        append:
+                          description: Append specifies whether to append Content
+                            to existing file if Path exists.
+                          type: boolean
+                        content:
+                          description: Content is the actual content of the file.
+                          type: string
+                        contentFrom:
+                          description: ContentFrom is a referenced source of content
+                            to populate the file.
+                          properties:
+                            secret:
+                              description: Secret represents a secret that should
+                                populate this file.
+                              properties:
+                                key:
+                                  description: Key is the key in the secret's data
+                                    map for this value.
+                                  type: string
+                                name:
+                                  description: Name of the secret in the KubeadmBootstrapConfig's
+                                    namespace to use.
+                                  type: string
+                              required:
+                              - key
+                              - name
+                              type: object
+                          required:
+                          - secret
+                          type: object
+                        encoding:
+                          description: Encoding specifies the encoding of the file
+                            contents.
+                          enum:
+                          - base64
+                          - gzip
+                          - gzip+base64
+                          type: string
+                        owner:
+                          description: Owner specifies the ownership of the file,
+                            e.g. "root:root".
+                          type: string
+                        path:
+                          description: Path specifies the full path on disk where
+                            to store the file.
+                          type: string
+                        permissions:
+                          description: Permissions specifies the permissions to assign
+                            to the file, e.g. "0640".
+                          type: string
+                      required:
+                      - path
+                      type: object
+                    type: array
+                  format:
+                    description: Format specifies the output format of the bootstrap
+                      data
+                    enum:
+                    - cloud-config
+                    - ignition
+                    type: string
+                  ignition:
+                    description: Ignition contains Ignition specific configuration.
+                    properties:
+                      containerLinuxConfig:
+                        description: ContainerLinuxConfig contains CLC specific configuration.
+                        properties:
+                          additionalConfig:
+                            description: "AdditionalConfig contains additional configuration
+                              to be merged with the Ignition configuration generated
+                              by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+                              \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+                            type: string
+                          strict:
+                            description: Strict controls if AdditionalConfig should
+                              be strictly parsed. If so, warnings are treated as errors.
+                            type: boolean
+                        type: object
+                    type: object
+                  initConfiguration:
+                    description: InitConfiguration along with ClusterConfiguration
+                      are the configurations necessary for the init command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      bootstrapTokens:
+                        description: BootstrapTokens is respected at `kubeadm init`
+                          time and describes a set of Bootstrap Tokens to create.
+                          This information IS NOT uploaded to the kubeadm cluster
+                          configmap, partly because of its sensitive nature
+                        items:
+                          description: BootstrapToken describes one bootstrap token,
+                            stored as a Secret in the cluster.
+                          properties:
+                            description:
+                              description: Description sets a human-friendly message
+                                why this token exists and what it's used for, so other
+                                administrators can know its purpose.
+                              type: string
+                            expires:
+                              description: Expires specifies the timestamp when this
+                                token expires. Defaults to being set dynamically at
+                                runtime based on the TTL. Expires and TTL are mutually
+                                exclusive.
+                              format: date-time
+                              type: string
+                            groups:
+                              description: Groups specifies the extra groups that
+                                this token will authenticate as when/if used for authentication
+                              items:
+                                type: string
+                              type: array
+                            token:
+                              description: Token is used for establishing bidirectional
+                                trust between nodes and control-planes. Used for joining
+                                nodes in the cluster.
+                              type: string
+                            ttl:
+                              description: TTL defines the time to live for this token.
+                                Defaults to 24h. Expires and TTL are mutually exclusive.
+                              type: string
+                            usages:
+                              description: Usages describes the ways in which this
+                                token can be used. Can by default be used for establishing
+                                bidirectional trust, but that can be changed here.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - token
+                          type: object
+                        type: array
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      localAPIEndpoint:
+                        description: LocalAPIEndpoint represents the endpoint of the
+                          API server instance that's deployed on this control plane
+                          node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+                          in the sense that ControlPlaneEndpoint is the global endpoint
+                          for the cluster, which then loadbalances the requests to
+                          each individual API server. This configuration object lets
+                          you customize what IP/DNS name and port the local API server
+                          advertises it's accessible on. By default, kubeadm tries
+                          to auto-detect the IP of the default interface and use that,
+                          but in case that process fails you may set the desired value
+                          here.
+                        properties:
+                          advertiseAddress:
+                            description: AdvertiseAddress sets the IP address for
+                              the API server to advertise.
+                            type: string
+                          bindPort:
+                            description: BindPort sets the secure port for the API
+                              Server to bind to. Defaults to 6443.
+                            format: int32
+                            type: integer
+                        type: object
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          ignorePreflightErrors:
+                            description: IgnorePreflightErrors provides a slice of
+                              pre-flight errors to be ignored when the current node
+                              is registered.
+                            items:
+                              type: string
+                            type: array
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: []`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                      patches:
+                        description: Patches contains options related to applying
+                          patches to components deployed by kubeadm during "kubeadm
+                          init". The minimum kubernetes version needed to support
+                          Patches is v1.22
+                        properties:
+                          directory:
+                            description: Directory is a path to a directory that contains
+                              files named "target[suffix][+patchtype].extension".
+                              For example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+                              "target" can be one of "kube-apiserver", "kube-controller-manager",
+                              "kube-scheduler", "etcd". "patchtype" can be one of
+                              "strategic" "merge" or "json" and they match the patch
+                              formats supported by kubectl. The default "patchtype"
+                              is "strategic". "extension" must be either "json" or
+                              "yaml". "suffix" is an optional string that can be used
+                              to determine which patches are applied first alpha-numerically.
+                              These files can be written into the target directory
+                              via KubeadmConfig.Files which specifies additional files
+                              to be created on the machine, either with content inline
+                              or by referencing a secret.
+                            type: string
+                        type: object
+                      skipPhases:
+                        description: SkipPhases is a list of phases to skip during
+                          command execution. The list of phases can be obtained with
+                          the "kubeadm init --help" command. This option takes effect
+                          only on Kubernetes >=1.22.0.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  joinConfiguration:
+                    description: JoinConfiguration is the kubeadm configuration for
+                      the join command
+                    properties:
+                      apiVersion:
+                        description: 'APIVersion defines the versioned schema of this
+                          representation of an object. Servers should convert recognized
+                          schemas to the latest internal value, and may reject unrecognized
+                          values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                      caCertPath:
+                        description: 'CACertPath is the path to the SSL certificate
+                          authority used to secure comunications between node and
+                          control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                          TODO: revisit when there is defaulting from k/k'
+                        type: string
+                      controlPlane:
+                        description: ControlPlane defines the additional control plane
+                          instance to be deployed on the joining node. If nil, no
+                          additional control plane instance will be deployed.
+                        properties:
+                          localAPIEndpoint:
+                            description: LocalAPIEndpoint represents the endpoint
+                              of the API server instance to be deployed on this node.
+                            properties:
+                              advertiseAddress:
+                                description: AdvertiseAddress sets the IP address
+                                  for the API server to advertise.
+                                type: string
+                              bindPort:
+                                description: BindPort sets the secure port for the
+                                  API Server to bind to. Defaults to 6443.
+                                format: int32
+                                type: integer
+                            type: object
+                        type: object
+                      discovery:
+                        description: 'Discovery specifies the options for the kubelet
+                          to use during the TLS Bootstrap process TODO: revisit when
+                          there is defaulting from k/k'
+                        properties:
+                          bootstrapToken:
+                            description: BootstrapToken is used to set the options
+                              for bootstrap token based discovery BootstrapToken and
+                              File are mutually exclusive
+                            properties:
+                              apiServerEndpoint:
+                                description: APIServerEndpoint is an IP or domain
+                                  name to the API server from which info will be fetched.
+                                type: string
+                              caCertHashes:
+                                description: 'CACertHashes specifies a set of public
+                                  key pins to verify when token-based discovery is
+                                  used. The root CA found during discovery must match
+                                  one of these values. Specifying an empty set disables
+                                  root CA pinning, which can be unsafe. Each hash
+                                  is specified as "<type>:<value>", where the only
+                                  currently supported type is "sha256". This is a
+                                  hex-encoded SHA-256 hash of the Subject Public Key
+                                  Info (SPKI) object in DER-encoded ASN.1. These hashes
+                                  can be calculated using, for example, OpenSSL: openssl
+                                  x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+                                  der 2>&/dev/null | openssl dgst -sha256 -hex'
+                                items:
+                                  type: string
+                                type: array
+                              token:
+                                description: Token is a token used to validate cluster
+                                  information fetched from the control-plane.
+                                type: string
+                              unsafeSkipCAVerification:
+                                description: UnsafeSkipCAVerification allows token-based
+                                  discovery without CA verification via CACertHashes.
+                                  This can weaken the security of kubeadm since other
+                                  nodes can impersonate the control-plane.
+                                type: boolean
+                            required:
+                            - token
+                            type: object
+                          file:
+                            description: File is used to specify a file or URL to
+                              a kubeconfig file from which to load cluster information
+                              BootstrapToken and File are mutually exclusive
+                            properties:
+                              kubeConfigPath:
+                                description: KubeConfigPath is used to specify the
+                                  actual file path or URL to the kubeconfig file from
+                                  which to load cluster information
+                                type: string
+                            required:
+                            - kubeConfigPath
+                            type: object
+                          timeout:
+                            description: Timeout modifies the discovery timeout
+                            type: string
+                          tlsBootstrapToken:
+                            description: TLSBootstrapToken is a token used for TLS
+                              bootstrapping. If .BootstrapToken is set, this field
+                              is defaulted to .BootstrapToken.Token, but can be overridden.
+                              If .File is set, this field **must be set** in case
+                              the KubeConfigFile does not contain any other authentication
+                              information
+                            type: string
+                        type: object
+                      kind:
+                        description: 'Kind is a string value representing the REST
+                          resource this object represents. Servers may infer this
+                          from the endpoint the client submits requests to. Cannot
+                          be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      nodeRegistration:
+                        description: NodeRegistration holds fields that relate to
+                          registering the new control-plane node to the cluster. When
+                          used in the context of control plane nodes, NodeRegistration
+                          should remain consistent across both InitConfiguration and
+                          JoinConfiguration
+                        properties:
+                          criSocket:
+                            description: CRISocket is used to retrieve container runtime
+                              info. This information will be annotated to the Node
+                              API object, for later re-use
+                            type: string
+                          ignorePreflightErrors:
+                            description: IgnorePreflightErrors provides a slice of
+                              pre-flight errors to be ignored when the current node
+                              is registered.
+                            items:
+                              type: string
+                            type: array
+                          kubeletExtraArgs:
+                            additionalProperties:
+                              type: string
+                            description: KubeletExtraArgs passes through extra arguments
+                              to the kubelet. The arguments here are passed to the
+                              kubelet command line via the environment file kubeadm
+                              writes at runtime for the kubelet to source. This overrides
+                              the generic base-level configuration in the kubelet-config-1.X
+                              ConfigMap Flags have higher priority when parsing. These
+                              values are local and specific to the node kubeadm is
+                              executing on.
+                            type: object
+                          name:
+                            description: Name is the `.Metadata.Name` field of the
+                              Node API object that will be created in this `kubeadm
+                              init` or `kubeadm join` operation. This field is also
+                              used in the CommonName field of the kubelet's client
+                              certificate to the API server. Defaults to the hostname
+                              of the node if not provided.
+                            type: string
+                          taints:
+                            description: 'Taints specifies the taints the Node API
+                              object should be registered with. If this field is unset,
+                              i.e. nil, in the `kubeadm init` process it will be defaulted
+                              to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                              If you don''t want to taint your control-plane node,
+                              set this field to an empty slice, i.e. `taints: []`
+                              in the YAML file. This field is solely used for Node
+                              registration.'
+                            items:
+                              description: The node this Taint is attached to has
+                                the "effect" on any pod that does not tolerate the
+                                Taint.
+                              properties:
+                                effect:
+                                  description: Required. The effect of the taint on
+                                    pods that do not tolerate the taint. Valid effects
+                                    are NoSchedule, PreferNoSchedule and NoExecute.
+                                  type: string
+                                key:
+                                  description: Required. The taint key to be applied
+                                    to a node.
+                                  type: string
+                                timeAdded:
+                                  description: TimeAdded represents the time at which
+                                    the taint was added. It is only written for NoExecute
+                                    taints.
+                                  format: date-time
+                                  type: string
+                                value:
+                                  description: The taint value corresponding to the
+                                    taint key.
+                                  type: string
+                              required:
+                              - effect
+                              - key
+                              type: object
+                            type: array
+                        type: object
+                      patches:
+                        description: Patches contains options related to applying
+                          patches to components deployed by kubeadm during "kubeadm
+                          join". The minimum kubernetes version needed to support
+                          Patches is v1.22
+                        properties:
+                          directory:
+                            description: Directory is a path to a directory that contains
+                              files named "target[suffix][+patchtype].extension".
+                              For example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+                              "target" can be one of "kube-apiserver", "kube-controller-manager",
+                              "kube-scheduler", "etcd". "patchtype" can be one of
+                              "strategic" "merge" or "json" and they match the patch
+                              formats supported by kubectl. The default "patchtype"
+                              is "strategic". "extension" must be either "json" or
+                              "yaml". "suffix" is an optional string that can be used
+                              to determine which patches are applied first alpha-numerically.
+                              These files can be written into the target directory
+                              via KubeadmConfig.Files which specifies additional files
+                              to be created on the machine, either with content inline
+                              or by referencing a secret.
+                            type: string
+                        type: object
+                      skipPhases:
+                        description: SkipPhases is a list of phases to skip during
+                          command execution. The list of phases can be obtained with
+                          the "kubeadm init --help" command. This option takes effect
+                          only on Kubernetes >=1.22.0.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  mounts:
+                    description: Mounts specifies a list of mount points to be setup.
+                    items:
+                      description: MountPoints defines input for generated mounts
+                        in cloud-init.
+                      items:
+                        type: string
+                      type: array
+                    type: array
+                  ntp:
+                    description: NTP specifies NTP configuration
+                    properties:
+                      enabled:
+                        description: Enabled specifies whether NTP should be enabled
+                        type: boolean
+                      servers:
+                        description: Servers specifies which NTP servers to use
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  postKubeadmCommands:
+                    description: PostKubeadmCommands specifies extra commands to run
+                      after kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  preKubeadmCommands:
+                    description: PreKubeadmCommands specifies extra commands to run
+                      before kubeadm runs
+                    items:
+                      type: string
+                    type: array
+                  useExperimentalRetryJoin:
+                    description: "UseExperimentalRetryJoin replaces a basic kubeadm
+                      command with a shell script with retries for joins. \n This
+                      is meant to be an experimental temporary workaround on some
+                      environments where joins fail due to timing (and other issues).
+                      The long term goal is to add retries to kubeadm proper and use
+                      that functionality. \n This will add about 40KB to userdata
+                      \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+                      \n Deprecated: This experimental fix is no longer needed and
+                      this field will be removed in a future release. When removing
+                      also remove from staticcheck exclude-rules for SA1019 in golangci.yml"
+                    type: boolean
+                  users:
+                    description: Users specifies extra users to add
+                    items:
+                      description: User defines the input for a generated user in
+                        cloud-init.
+                      properties:
+                        gecos:
+                          description: Gecos specifies the gecos to use for the user
+                          type: string
+                        groups:
+                          description: Groups specifies the additional groups for
+                            the user
+                          type: string
+                        homeDir:
+                          description: HomeDir specifies the home directory to use
+                            for the user
+                          type: string
+                        inactive:
+                          description: Inactive specifies whether to mark the user
+                            as inactive
+                          type: boolean
+                        lockPassword:
+                          description: LockPassword specifies if password login should
+                            be disabled
+                          type: boolean
+                        name:
+                          description: Name specifies the user name
+                          type: string
+                        passwd:
+                          description: Passwd specifies a hashed password for the
+                            user
+                          type: string
+                        passwdFrom:
+                          description: PasswdFrom is a referenced source of passwd
+                            to populate the passwd.
+                          properties:
+                            secret:
+                              description: Secret represents a secret that should
+                                populate this password.
+                              properties:
+                                key:
+                                  description: Key is the key in the secret's data
+                                    map for this value.
+                                  type: string
+                                name:
+                                  description: Name of the secret in the KubeadmBootstrapConfig's
+                                    namespace to use.
+                                  type: string
+                              required:
+                              - key
+                              - name
+                              type: object
+                          required:
+                          - secret
+                          type: object
+                        primaryGroup:
+                          description: PrimaryGroup specifies the primary group for
+                            the user
+                          type: string
+                        shell:
+                          description: Shell specifies the user's shell
+                          type: string
+                        sshAuthorizedKeys:
+                          description: SSHAuthorizedKeys specifies a list of ssh authorized
+                            keys for the user
+                          items:
+                            type: string
+                          type: array
+                        sudo:
+                          description: Sudo specifies a sudo role for the user
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  verbosity:
+                    description: Verbosity is the number for the kubeadm log level
+                      verbosity. It overrides the `--v` flag in kubeadm commands.
+                    format: int32
+                    type: integer
+                type: object
+              machineTemplate:
+                description: MachineTemplate contains information about how machines
+                  should be shaped when creating or updating a control plane.
+                properties:
+                  infrastructureRef:
+                    description: InfrastructureRef is a required reference to a custom
+                      resource offered by an infrastructure provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  nodeDeletionTimeout:
+                    description: NodeDeletionTimeout defines how long the machine
+                      controller will attempt to delete the Node that the Machine
+                      hosts after the Machine is marked for deletion. A duration of
+                      0 will retry deletion indefinitely. If no value is provided,
+                      the default value for this property of the Machine resource
+                      will be used.
+                    type: string
+                  nodeDrainTimeout:
+                    description: 'NodeDrainTimeout is the total amount of time that
+                      the controller will spend on draining a controlplane node The
+                      default value is 0, meaning that the node can be drained without
+                      any time limitations. NOTE: NodeDrainTimeout is different from
+                      `kubectl drain --timeout`'
+                    type: string
+                  nodeVolumeDetachTimeout:
+                    description: NodeVolumeDetachTimeout is the total amount of time
+                      that the controller will spend on waiting for all volumes to
+                      be detached. The default value is 0, meaning that the volumes
+                      can be detached without any time limitations.
+                    type: string
+                required:
+                - infrastructureRef
+                type: object
+              replicas:
+                description: Number of desired machines. Defaults to 1. When stacked
+                  etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+                  This is a pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              rolloutAfter:
+                description: RolloutAfter is a field to indicate a rollout should
+                  be performed after the specified time even if no changes have been
+                  made to the KubeadmControlPlane.
+                format: date-time
+                type: string
+              rolloutBefore:
+                description: RolloutBefore is a field to indicate a rollout should
+                  be performed if the specified criteria is met.
+                properties:
+                  certificatesExpiryDays:
+                    description: CertificatesExpiryDays indicates a rollout needs
+                      to be performed if the certificates of the machine will expire
+                      within the specified days.
+                    format: int32
+                    type: integer
+                type: object
+              rolloutStrategy:
+                default:
+                  rollingUpdate:
+                    maxSurge: 1
+                  type: RollingUpdate
+                description: The RolloutStrategy to use to replace control plane machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if RolloutStrategyType
+                      = RollingUpdate.
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of control planes that can
+                          be scheduled above or under the desired number of control
+                          planes. Value can be an absolute number 1 or 0. Defaults
+                          to 1. Example: when this is set to 1, the control plane
+                          can be scaled up immediately when the rolling update starts.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of rollout. Currently the only supported strategy
+                      is "RollingUpdate". Default is RollingUpdate.
+                    type: string
+                type: object
+              version:
+                description: Version defines the desired Kubernetes version.
+                type: string
+            required:
+            - kubeadmConfigSpec
+            - machineTemplate
+            - version
+            type: object
+          status:
+            description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the KubeadmControlPlane.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: ErrorMessage indicates that there is a terminal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a terminal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              initialized:
+                description: Initialized denotes whether or not the control plane
+                  has the uploaded kubeadm-config configmap.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              ready:
+                description: Ready denotes that the KubeadmControlPlane API Server
+                  is ready to receive requests.
+                type: boolean
+              readyReplicas:
+                description: Total number of fully running and ready control plane
+                  machines.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the label selector in string format to avoid
+                  introspection by clients, and is used to provide the CRD-based integration
+                  for the scale subresource and additional integrations for things
+                  like kubectl describe.. The string will be in the same format as
+                  the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  control plane. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet ready or machines
+                  that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  control plane that have the desired template spec.
+                format: int32
+                type: integer
+              version:
+                description: Version represents the minimum Kubernetes version for
+                  the control plane machines in the cluster.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1alpha4: v1alpha4
+    cluster.x-k8s.io/v1beta1: v1beta1
+    clusterctl.cluster.x-k8s.io: ""
+  name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-kubeadm-control-plane-webhook-service
+          namespace: capi-kubeadm-control-plane-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: controlplane.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: KubeadmControlPlaneTemplate
+    listKind: KubeadmControlPlaneTemplateList
+    plural: kubeadmcontrolplanetemplates
+    singular: kubeadmcontrolplanetemplate
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmControlPlaneTemplate
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmControlPlaneTemplateSpec defines the desired state
+              of KubeadmControlPlaneTemplate.
+            properties:
+              template:
+                description: KubeadmControlPlaneTemplateResource describes the data
+                  needed to create a KubeadmControlPlane from a template.
+                properties:
+                  spec:
+                    description: KubeadmControlPlaneSpec defines the desired state
+                      of KubeadmControlPlane.
+                    properties:
+                      kubeadmConfigSpec:
+                        description: KubeadmConfigSpec is a KubeadmConfigSpec to use
+                          for initializing and joining machines to the control plane.
+                        properties:
+                          clusterConfiguration:
+                            description: ClusterConfiguration along with InitConfiguration
+                              are the configurations necessary for the init command
+                            properties:
+                              apiServer:
+                                description: APIServer contains extra settings for
+                                  the API server control plane component
+                                properties:
+                                  certSANs:
+                                    description: CertSANs sets extra Subject Alternative
+                                      Names for the API Server signing cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  timeoutForControlPlane:
+                                    description: TimeoutForControlPlane controls the
+                                      timeout that we use for API server to appear
+                                    type: string
+                                type: object
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              certificatesDir:
+                                description: 'CertificatesDir specifies where to store
+                                  or look for all required certificates. NB: if not
+                                  provided, this will default to `/etc/kubernetes/pki`'
+                                type: string
+                              clusterName:
+                                description: The cluster name
+                                type: string
+                              controlPlaneEndpoint:
+                                description: 'ControlPlaneEndpoint sets a stable IP
+                                  address or DNS name for the control plane; it can
+                                  be a valid IP address or a RFC-1123 DNS subdomain,
+                                  both with optional TCP port. In case the ControlPlaneEndpoint
+                                  is not specified, the AdvertiseAddress + BindPort
+                                  are used; in case the ControlPlaneEndpoint is specified
+                                  but without a TCP port, the BindPort is used. Possible
+                                  usages are: e.g. In a cluster with more than one
+                                  control plane instances, this field should be assigned
+                                  the address of the external load balancer in front
+                                  of the control plane instances. e.g.  in environments
+                                  with enforced node recycling, the ControlPlaneEndpoint
+                                  could be used for assigning a stable DNS to the
+                                  control plane. NB: This value defaults to the first
+                                  value in the Cluster object status.apiEndpoints
+                                  array.'
+                                type: string
+                              controllerManager:
+                                description: ControllerManager contains extra settings
+                                  for the controller manager control plane component
+                                properties:
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                type: object
+                              dns:
+                                description: DNS defines the options for the DNS add-on
+                                  installed in the cluster.
+                                properties:
+                                  imageRepository:
+                                    description: ImageRepository sets the container
+                                      registry to pull images from. if not set, the
+                                      ImageRepository defined in ClusterConfiguration
+                                      will be used instead.
+                                    type: string
+                                  imageTag:
+                                    description: ImageTag allows to specify a tag
+                                      for the image. In case this value is set, kubeadm
+                                      does not change automatically the version of
+                                      the above components during upgrades.
+                                    type: string
+                                type: object
+                              etcd:
+                                description: 'Etcd holds configuration for etcd. NB:
+                                  This value defaults to a Local (stacked) etcd'
+                                properties:
+                                  external:
+                                    description: External describes how to connect
+                                      to an external etcd cluster Local and External
+                                      are mutually exclusive
+                                    properties:
+                                      caFile:
+                                        description: CAFile is an SSL Certificate
+                                          Authority file used to secure etcd communication.
+                                          Required if using a TLS connection.
+                                        type: string
+                                      certFile:
+                                        description: CertFile is an SSL certification
+                                          file used to secure etcd communication.
+                                          Required if using a TLS connection.
+                                        type: string
+                                      endpoints:
+                                        description: Endpoints of etcd members. Required
+                                          for ExternalEtcd.
+                                        items:
+                                          type: string
+                                        type: array
+                                      keyFile:
+                                        description: KeyFile is an SSL key file used
+                                          to secure etcd communication. Required if
+                                          using a TLS connection.
+                                        type: string
+                                    required:
+                                    - caFile
+                                    - certFile
+                                    - endpoints
+                                    - keyFile
+                                    type: object
+                                  local:
+                                    description: Local provides configuration knobs
+                                      for configuring the local etcd instance Local
+                                      and External are mutually exclusive
+                                    properties:
+                                      dataDir:
+                                        description: DataDir is the directory etcd
+                                          will place its data. Defaults to "/var/lib/etcd".
+                                        type: string
+                                      extraArgs:
+                                        additionalProperties:
+                                          type: string
+                                        description: ExtraArgs are extra arguments
+                                          provided to the etcd binary when run inside
+                                          a static pod.
+                                        type: object
+                                      imageRepository:
+                                        description: ImageRepository sets the container
+                                          registry to pull images from. if not set,
+                                          the ImageRepository defined in ClusterConfiguration
+                                          will be used instead.
+                                        type: string
+                                      imageTag:
+                                        description: ImageTag allows to specify a
+                                          tag for the image. In case this value is
+                                          set, kubeadm does not change automatically
+                                          the version of the above components during
+                                          upgrades.
+                                        type: string
+                                      peerCertSANs:
+                                        description: PeerCertSANs sets extra Subject
+                                          Alternative Names for the etcd peer signing
+                                          cert.
+                                        items:
+                                          type: string
+                                        type: array
+                                      serverCertSANs:
+                                        description: ServerCertSANs sets extra Subject
+                                          Alternative Names for the etcd server signing
+                                          cert.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                type: object
+                              featureGates:
+                                additionalProperties:
+                                  type: boolean
+                                description: FeatureGates enabled by the user.
+                                type: object
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. If empty, `registry.k8s.io`
+                                  will be used by default; in case of kubernetes version
+                                  is a CI build (kubernetes version starts with `ci/`
+                                  or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will
+                                  be used as a default for control plane components
+                                  and for kube-proxy, while `registry.k8s.io` will
+                                  be used for all the other images.
+                                type: string
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              kubernetesVersion:
+                                description: 'KubernetesVersion is the target version
+                                  of the control plane. NB: This value defaults to
+                                  the Machine object spec.version'
+                                type: string
+                              networking:
+                                description: 'Networking holds configuration for the
+                                  networking topology of the cluster. NB: This value
+                                  defaults to the Cluster object spec.clusterNetwork.'
+                                properties:
+                                  dnsDomain:
+                                    description: DNSDomain is the dns domain used
+                                      by k8s services. Defaults to "cluster.local".
+                                    type: string
+                                  podSubnet:
+                                    description: PodSubnet is the subnet used by pods.
+                                      If unset, the API server will not allocate CIDR
+                                      ranges for every node. Defaults to a comma-delimited
+                                      string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                                      if that is set
+                                    type: string
+                                  serviceSubnet:
+                                    description: ServiceSubnet is the subnet used
+                                      by k8s services. Defaults to a comma-delimited
+                                      string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+                                      or to "10.96.0.0/12" if that's unset.
+                                    type: string
+                                type: object
+                              scheduler:
+                                description: Scheduler contains extra settings for
+                                  the scheduler control plane component
+                                properties:
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                          diskSetup:
+                            description: DiskSetup specifies options for the creation
+                              of partition tables and file systems on devices.
+                            properties:
+                              filesystems:
+                                description: Filesystems specifies the list of file
+                                  systems to setup.
+                                items:
+                                  description: Filesystem defines the file systems
+                                    to be created.
+                                  properties:
+                                    device:
+                                      description: Device specifies the device name
+                                      type: string
+                                    extraOpts:
+                                      description: ExtraOpts defined extra options
+                                        to add to the command for creating the file
+                                        system.
+                                      items:
+                                        type: string
+                                      type: array
+                                    filesystem:
+                                      description: Filesystem specifies the file system
+                                        type.
+                                      type: string
+                                    label:
+                                      description: Label specifies the file system
+                                        label to be used. If set to None, no label
+                                        is used.
+                                      type: string
+                                    overwrite:
+                                      description: Overwrite defines whether or not
+                                        to overwrite any existing filesystem. If true,
+                                        any pre-existing file system will be destroyed.
+                                        Use with Caution.
+                                      type: boolean
+                                    partition:
+                                      description: 'Partition specifies the partition
+                                        to use. The valid options are: "auto|any",
+                                        "auto", "any", "none", and <NUM>, where NUM
+                                        is the actual partition number.'
+                                      type: string
+                                    replaceFS:
+                                      description: 'ReplaceFS is a special directive,
+                                        used for Microsoft Azure that instructs cloud-init
+                                        to replace a file system of <FS_TYPE>. NOTE:
+                                        unless you define a label, this requires the
+                                        use of the ''any'' partition directive.'
+                                      type: string
+                                  required:
+                                  - device
+                                  - filesystem
+                                  - label
+                                  type: object
+                                type: array
+                              partitions:
+                                description: Partitions specifies the list of the
+                                  partitions to setup.
+                                items:
+                                  description: Partition defines how to create and
+                                    layout a partition.
+                                  properties:
+                                    device:
+                                      description: Device is the name of the device.
+                                      type: string
+                                    layout:
+                                      description: Layout specifies the device layout.
+                                        If it is true, a single partition will be
+                                        created for the entire device. When layout
+                                        is false, it means don't partition or ignore
+                                        existing partitioning.
+                                      type: boolean
+                                    overwrite:
+                                      description: Overwrite describes whether to
+                                        skip checks and create the partition if a
+                                        partition or filesystem is found on the device.
+                                        Use with caution. Default is 'false'.
+                                      type: boolean
+                                    tableType:
+                                      description: 'TableType specifies the tupe of
+                                        partition table. The following are supported:
+                                        ''mbr'': default and setups a MS-DOS partition
+                                        table ''gpt'': setups a GPT partition table'
+                                      type: string
+                                  required:
+                                  - device
+                                  - layout
+                                  type: object
+                                type: array
+                            type: object
+                          files:
+                            description: Files specifies extra files to be passed
+                              to user_data upon creation.
+                            items:
+                              description: File defines the input for generating write_files
+                                in cloud-init.
+                              properties:
+                                content:
+                                  description: Content is the actual content of the
+                                    file.
+                                  type: string
+                                contentFrom:
+                                  description: ContentFrom is a referenced source
+                                    of content to populate the file.
+                                  properties:
+                                    secret:
+                                      description: Secret represents a secret that
+                                        should populate this file.
+                                      properties:
+                                        key:
+                                          description: Key is the key in the secret's
+                                            data map for this value.
+                                          type: string
+                                        name:
+                                          description: Name of the secret in the KubeadmBootstrapConfig's
+                                            namespace to use.
+                                          type: string
+                                      required:
+                                      - key
+                                      - name
+                                      type: object
+                                  required:
+                                  - secret
+                                  type: object
+                                encoding:
+                                  description: Encoding specifies the encoding of
+                                    the file contents.
+                                  enum:
+                                  - base64
+                                  - gzip
+                                  - gzip+base64
+                                  type: string
+                                owner:
+                                  description: Owner specifies the ownership of the
+                                    file, e.g. "root:root".
+                                  type: string
+                                path:
+                                  description: Path specifies the full path on disk
+                                    where to store the file.
+                                  type: string
+                                permissions:
+                                  description: Permissions specifies the permissions
+                                    to assign to the file, e.g. "0640".
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            type: array
+                          format:
+                            description: Format specifies the output format of the
+                              bootstrap data
+                            enum:
+                            - cloud-config
+                            type: string
+                          initConfiguration:
+                            description: InitConfiguration along with ClusterConfiguration
+                              are the configurations necessary for the init command
+                            properties:
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              bootstrapTokens:
+                                description: BootstrapTokens is respected at `kubeadm
+                                  init` time and describes a set of Bootstrap Tokens
+                                  to create. This information IS NOT uploaded to the
+                                  kubeadm cluster configmap, partly because of its
+                                  sensitive nature
+                                items:
+                                  description: BootstrapToken describes one bootstrap
+                                    token, stored as a Secret in the cluster.
+                                  properties:
+                                    description:
+                                      description: Description sets a human-friendly
+                                        message why this token exists and what it's
+                                        used for, so other administrators can know
+                                        its purpose.
+                                      type: string
+                                    expires:
+                                      description: Expires specifies the timestamp
+                                        when this token expires. Defaults to being
+                                        set dynamically at runtime based on the TTL.
+                                        Expires and TTL are mutually exclusive.
+                                      format: date-time
+                                      type: string
+                                    groups:
+                                      description: Groups specifies the extra groups
+                                        that this token will authenticate as when/if
+                                        used for authentication
+                                      items:
+                                        type: string
+                                      type: array
+                                    token:
+                                      description: Token is used for establishing
+                                        bidirectional trust between nodes and control-planes.
+                                        Used for joining nodes in the cluster.
+                                      type: string
+                                    ttl:
+                                      description: TTL defines the time to live for
+                                        this token. Defaults to 24h. Expires and TTL
+                                        are mutually exclusive.
+                                      type: string
+                                    usages:
+                                      description: Usages describes the ways in which
+                                        this token can be used. Can by default be
+                                        used for establishing bidirectional trust,
+                                        but that can be changed here.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - token
+                                  type: object
+                                type: array
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              localAPIEndpoint:
+                                description: LocalAPIEndpoint represents the endpoint
+                                  of the API server instance that's deployed on this
+                                  control plane node In HA setups, this differs from
+                                  ClusterConfiguration.ControlPlaneEndpoint in the
+                                  sense that ControlPlaneEndpoint is the global endpoint
+                                  for the cluster, which then loadbalances the requests
+                                  to each individual API server. This configuration
+                                  object lets you customize what IP/DNS name and port
+                                  the local API server advertises it's accessible
+                                  on. By default, kubeadm tries to auto-detect the
+                                  IP of the default interface and use that, but in
+                                  case that process fails you may set the desired
+                                  value here.
+                                properties:
+                                  advertiseAddress:
+                                    description: AdvertiseAddress sets the IP address
+                                      for the API server to advertise.
+                                    type: string
+                                  bindPort:
+                                    description: BindPort sets the secure port for
+                                      the API Server to bind to. Defaults to 6443.
+                                    format: int32
+                                    type: integer
+                                type: object
+                              nodeRegistration:
+                                description: NodeRegistration holds fields that relate
+                                  to registering the new control-plane node to the
+                                  cluster. When used in the context of control plane
+                                  nodes, NodeRegistration should remain consistent
+                                  across both InitConfiguration and JoinConfiguration
+                                properties:
+                                  criSocket:
+                                    description: CRISocket is used to retrieve container
+                                      runtime info. This information will be annotated
+                                      to the Node API object, for later re-use
+                                    type: string
+                                  ignorePreflightErrors:
+                                    description: IgnorePreflightErrors provides a
+                                      slice of pre-flight errors to be ignored when
+                                      the current node is registered.
+                                    items:
+                                      type: string
+                                    type: array
+                                  kubeletExtraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: KubeletExtraArgs passes through extra
+                                      arguments to the kubelet. The arguments here
+                                      are passed to the kubelet command line via the
+                                      environment file kubeadm writes at runtime for
+                                      the kubelet to source. This overrides the generic
+                                      base-level configuration in the kubelet-config-1.X
+                                      ConfigMap Flags have higher priority when parsing.
+                                      These values are local and specific to the node
+                                      kubeadm is executing on.
+                                    type: object
+                                  name:
+                                    description: Name is the `.Metadata.Name` field
+                                      of the Node API object that will be created
+                                      in this `kubeadm init` or `kubeadm join` operation.
+                                      This field is also used in the CommonName field
+                                      of the kubelet's client certificate to the API
+                                      server. Defaults to the hostname of the node
+                                      if not provided.
+                                    type: string
+                                  taints:
+                                    description: 'Taints specifies the taints the
+                                      Node API object should be registered with. If
+                                      this field is unset, i.e. nil, in the `kubeadm
+                                      init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                      If you don''t want to taint your control-plane
+                                      node, set this field to an empty slice, i.e.
+                                      `taints: {}` in the YAML file. This field is
+                                      solely used for Node registration.'
+                                    items:
+                                      description: The node this Taint is attached
+                                        to has the "effect" on any pod that does not
+                                        tolerate the Taint.
+                                      properties:
+                                        effect:
+                                          description: Required. The effect of the
+                                            taint on pods that do not tolerate the
+                                            taint. Valid effects are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Required. The taint key to
+                                            be applied to a node.
+                                          type: string
+                                        timeAdded:
+                                          description: TimeAdded represents the time
+                                            at which the taint was added. It is only
+                                            written for NoExecute taints.
+                                          format: date-time
+                                          type: string
+                                        value:
+                                          description: The taint value corresponding
+                                            to the taint key.
+                                          type: string
+                                      required:
+                                      - effect
+                                      - key
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                          joinConfiguration:
+                            description: JoinConfiguration is the kubeadm configuration
+                              for the join command
+                            properties:
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              caCertPath:
+                                description: 'CACertPath is the path to the SSL certificate
+                                  authority used to secure comunications between node
+                                  and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                                  TODO: revisit when there is defaulting from k/k'
+                                type: string
+                              controlPlane:
+                                description: ControlPlane defines the additional control
+                                  plane instance to be deployed on the joining node.
+                                  If nil, no additional control plane instance will
+                                  be deployed.
+                                properties:
+                                  localAPIEndpoint:
+                                    description: LocalAPIEndpoint represents the endpoint
+                                      of the API server instance to be deployed on
+                                      this node.
+                                    properties:
+                                      advertiseAddress:
+                                        description: AdvertiseAddress sets the IP
+                                          address for the API server to advertise.
+                                        type: string
+                                      bindPort:
+                                        description: BindPort sets the secure port
+                                          for the API Server to bind to. Defaults
+                                          to 6443.
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                type: object
+                              discovery:
+                                description: 'Discovery specifies the options for
+                                  the kubelet to use during the TLS Bootstrap process
+                                  TODO: revisit when there is defaulting from k/k'
+                                properties:
+                                  bootstrapToken:
+                                    description: BootstrapToken is used to set the
+                                      options for bootstrap token based discovery
+                                      BootstrapToken and File are mutually exclusive
+                                    properties:
+                                      apiServerEndpoint:
+                                        description: APIServerEndpoint is an IP or
+                                          domain name to the API server from which
+                                          info will be fetched.
+                                        type: string
+                                      caCertHashes:
+                                        description: 'CACertHashes specifies a set
+                                          of public key pins to verify when token-based
+                                          discovery is used. The root CA found during
+                                          discovery must match one of these values.
+                                          Specifying an empty set disables root CA
+                                          pinning, which can be unsafe. Each hash
+                                          is specified as "<type>:<value>", where
+                                          the only currently supported type is "sha256".
+                                          This is a hex-encoded SHA-256 hash of the
+                                          Subject Public Key Info (SPKI) object in
+                                          DER-encoded ASN.1. These hashes can be calculated
+                                          using, for example, OpenSSL: openssl x509
+                                          -pubkey -in ca.crt openssl rsa -pubin -outform
+                                          der 2>&/dev/null | openssl dgst -sha256
+                                          -hex'
+                                        items:
+                                          type: string
+                                        type: array
+                                      token:
+                                        description: Token is a token used to validate
+                                          cluster information fetched from the control-plane.
+                                        type: string
+                                      unsafeSkipCAVerification:
+                                        description: UnsafeSkipCAVerification allows
+                                          token-based discovery without CA verification
+                                          via CACertHashes. This can weaken the security
+                                          of kubeadm since other nodes can impersonate
+                                          the control-plane.
+                                        type: boolean
+                                    required:
+                                    - token
+                                    type: object
+                                  file:
+                                    description: File is used to specify a file or
+                                      URL to a kubeconfig file from which to load
+                                      cluster information BootstrapToken and File
+                                      are mutually exclusive
+                                    properties:
+                                      kubeConfigPath:
+                                        description: KubeConfigPath is used to specify
+                                          the actual file path or URL to the kubeconfig
+                                          file from which to load cluster information
+                                        type: string
+                                    required:
+                                    - kubeConfigPath
+                                    type: object
+                                  timeout:
+                                    description: Timeout modifies the discovery timeout
+                                    type: string
+                                  tlsBootstrapToken:
+                                    description: TLSBootstrapToken is a token used
+                                      for TLS bootstrapping. If .BootstrapToken is
+                                      set, this field is defaulted to .BootstrapToken.Token,
+                                      but can be overridden. If .File is set, this
+                                      field **must be set** in case the KubeConfigFile
+                                      does not contain any other authentication information
+                                    type: string
+                                type: object
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              nodeRegistration:
+                                description: NodeRegistration holds fields that relate
+                                  to registering the new control-plane node to the
+                                  cluster. When used in the context of control plane
+                                  nodes, NodeRegistration should remain consistent
+                                  across both InitConfiguration and JoinConfiguration
+                                properties:
+                                  criSocket:
+                                    description: CRISocket is used to retrieve container
+                                      runtime info. This information will be annotated
+                                      to the Node API object, for later re-use
+                                    type: string
+                                  ignorePreflightErrors:
+                                    description: IgnorePreflightErrors provides a
+                                      slice of pre-flight errors to be ignored when
+                                      the current node is registered.
+                                    items:
+                                      type: string
+                                    type: array
+                                  kubeletExtraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: KubeletExtraArgs passes through extra
+                                      arguments to the kubelet. The arguments here
+                                      are passed to the kubelet command line via the
+                                      environment file kubeadm writes at runtime for
+                                      the kubelet to source. This overrides the generic
+                                      base-level configuration in the kubelet-config-1.X
+                                      ConfigMap Flags have higher priority when parsing.
+                                      These values are local and specific to the node
+                                      kubeadm is executing on.
+                                    type: object
+                                  name:
+                                    description: Name is the `.Metadata.Name` field
+                                      of the Node API object that will be created
+                                      in this `kubeadm init` or `kubeadm join` operation.
+                                      This field is also used in the CommonName field
+                                      of the kubelet's client certificate to the API
+                                      server. Defaults to the hostname of the node
+                                      if not provided.
+                                    type: string
+                                  taints:
+                                    description: 'Taints specifies the taints the
+                                      Node API object should be registered with. If
+                                      this field is unset, i.e. nil, in the `kubeadm
+                                      init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                      If you don''t want to taint your control-plane
+                                      node, set this field to an empty slice, i.e.
+                                      `taints: {}` in the YAML file. This field is
+                                      solely used for Node registration.'
+                                    items:
+                                      description: The node this Taint is attached
+                                        to has the "effect" on any pod that does not
+                                        tolerate the Taint.
+                                      properties:
+                                        effect:
+                                          description: Required. The effect of the
+                                            taint on pods that do not tolerate the
+                                            taint. Valid effects are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Required. The taint key to
+                                            be applied to a node.
+                                          type: string
+                                        timeAdded:
+                                          description: TimeAdded represents the time
+                                            at which the taint was added. It is only
+                                            written for NoExecute taints.
+                                          format: date-time
+                                          type: string
+                                        value:
+                                          description: The taint value corresponding
+                                            to the taint key.
+                                          type: string
+                                      required:
+                                      - effect
+                                      - key
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                          mounts:
+                            description: Mounts specifies a list of mount points to
+                              be setup.
+                            items:
+                              description: MountPoints defines input for generated
+                                mounts in cloud-init.
+                              items:
+                                type: string
+                              type: array
+                            type: array
+                          ntp:
+                            description: NTP specifies NTP configuration
+                            properties:
+                              enabled:
+                                description: Enabled specifies whether NTP should
+                                  be enabled
+                                type: boolean
+                              servers:
+                                description: Servers specifies which NTP servers to
+                                  use
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          postKubeadmCommands:
+                            description: PostKubeadmCommands specifies extra commands
+                              to run after kubeadm runs
+                            items:
+                              type: string
+                            type: array
+                          preKubeadmCommands:
+                            description: PreKubeadmCommands specifies extra commands
+                              to run before kubeadm runs
+                            items:
+                              type: string
+                            type: array
+                          useExperimentalRetryJoin:
+                            description: "UseExperimentalRetryJoin replaces a basic
+                              kubeadm command with a shell script with retries for
+                              joins. \n This is meant to be an experimental temporary
+                              workaround on some environments where joins fail due
+                              to timing (and other issues). The long term goal is
+                              to add retries to kubeadm proper and use that functionality.
+                              \n This will add about 40KB to userdata \n For more
+                              information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+                            type: boolean
+                          users:
+                            description: Users specifies extra users to add
+                            items:
+                              description: User defines the input for a generated
+                                user in cloud-init.
+                              properties:
+                                gecos:
+                                  description: Gecos specifies the gecos to use for
+                                    the user
+                                  type: string
+                                groups:
+                                  description: Groups specifies the additional groups
+                                    for the user
+                                  type: string
+                                homeDir:
+                                  description: HomeDir specifies the home directory
+                                    to use for the user
+                                  type: string
+                                inactive:
+                                  description: Inactive specifies whether to mark
+                                    the user as inactive
+                                  type: boolean
+                                lockPassword:
+                                  description: LockPassword specifies if password
+                                    login should be disabled
+                                  type: boolean
+                                name:
+                                  description: Name specifies the user name
+                                  type: string
+                                passwd:
+                                  description: Passwd specifies a hashed password
+                                    for the user
+                                  type: string
+                                primaryGroup:
+                                  description: PrimaryGroup specifies the primary
+                                    group for the user
+                                  type: string
+                                shell:
+                                  description: Shell specifies the user's shell
+                                  type: string
+                                sshAuthorizedKeys:
+                                  description: SSHAuthorizedKeys specifies a list
+                                    of ssh authorized keys for the user
+                                  items:
+                                    type: string
+                                  type: array
+                                sudo:
+                                  description: Sudo specifies a sudo role for the
+                                    user
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                          verbosity:
+                            description: Verbosity is the number for the kubeadm log
+                              level verbosity. It overrides the `--v` flag in kubeadm
+                              commands.
+                            format: int32
+                            type: integer
+                        type: object
+                      machineTemplate:
+                        description: MachineTemplate contains information about how
+                          machines should be shaped when creating or updating a control
+                          plane.
+                        properties:
+                          infrastructureRef:
+                            description: InfrastructureRef is a required reference
+                              to a custom resource offered by an infrastructure provider.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          metadata:
+                            description: 'Standard object''s metadata. More info:
+                              https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                description: 'Annotations is an unstructured key value
+                                  map stored with a resource that may be set by external
+                                  tools to store and retrieve arbitrary metadata.
+                                  They are not queryable and should be preserved when
+                                  modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                description: 'Map of string keys and values that can
+                                  be used to organize and categorize (scope and select)
+                                  objects. May match selectors of replication controllers
+                                  and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                                type: object
+                            type: object
+                          nodeDrainTimeout:
+                            description: 'NodeDrainTimeout is the total amount of
+                              time that the controller will spend on draining a controlplane
+                              node The default value is 0, meaning that the node can
+                              be drained without any time limitations. NOTE: NodeDrainTimeout
+                              is different from `kubectl drain --timeout`'
+                            type: string
+                        required:
+                        - infrastructureRef
+                        type: object
+                      replicas:
+                        description: Number of desired machines. Defaults to 1. When
+                          stacked etcd is used only odd numbers are permitted, as
+                          per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+                          This is a pointer to distinguish between explicit zero and
+                          not specified.
+                        format: int32
+                        type: integer
+                      rolloutAfter:
+                        description: RolloutAfter is a field to indicate a rollout
+                          should be performed after the specified time even if no
+                          changes have been made to the KubeadmControlPlane.
+                        format: date-time
+                        type: string
+                      rolloutStrategy:
+                        default:
+                          rollingUpdate:
+                            maxSurge: 1
+                          type: RollingUpdate
+                        description: The RolloutStrategy to use to replace control
+                          plane machines with new ones.
+                        properties:
+                          rollingUpdate:
+                            description: Rolling update config params. Present only
+                              if RolloutStrategyType = RollingUpdate.
+                            properties:
+                              maxSurge:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: 'The maximum number of control planes
+                                  that can be scheduled above or under the desired
+                                  number of control planes. Value can be an absolute
+                                  number 1 or 0. Defaults to 1. Example: when this
+                                  is set to 1, the control plane can be scaled up
+                                  immediately when the rolling update starts.'
+                                x-kubernetes-int-or-string: true
+                            type: object
+                          type:
+                            description: Type of rollout. Currently the only supported
+                              strategy is "RollingUpdate". Default is RollingUpdate.
+                            type: string
+                        type: object
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                        type: string
+                    required:
+                    - kubeadmConfigSpec
+                    - machineTemplate
+                    - version
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of KubeadmControlPlaneTemplate
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KubeadmControlPlaneTemplateSpec defines the desired state
+              of KubeadmControlPlaneTemplate.
+            properties:
+              template:
+                description: KubeadmControlPlaneTemplateResource describes the data
+                  needed to create a KubeadmControlPlane from a template.
+                properties:
+                  spec:
+                    description: 'KubeadmControlPlaneTemplateResourceSpec defines
+                      the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec
+                      is similar to KubeadmControlPlaneSpec but omits Replicas and
+                      Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate,
+                      because they are calculated by the Cluster topology reconciler
+                      during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.'
+                    properties:
+                      kubeadmConfigSpec:
+                        description: KubeadmConfigSpec is a KubeadmConfigSpec to use
+                          for initializing and joining machines to the control plane.
+                        properties:
+                          clusterConfiguration:
+                            description: ClusterConfiguration along with InitConfiguration
+                              are the configurations necessary for the init command
+                            properties:
+                              apiServer:
+                                description: APIServer contains extra settings for
+                                  the API server control plane component
+                                properties:
+                                  certSANs:
+                                    description: CertSANs sets extra Subject Alternative
+                                      Names for the API Server signing cert.
+                                    items:
+                                      type: string
+                                    type: array
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  timeoutForControlPlane:
+                                    description: TimeoutForControlPlane controls the
+                                      timeout that we use for API server to appear
+                                    type: string
+                                type: object
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              certificatesDir:
+                                description: 'CertificatesDir specifies where to store
+                                  or look for all required certificates. NB: if not
+                                  provided, this will default to `/etc/kubernetes/pki`'
+                                type: string
+                              clusterName:
+                                description: The cluster name
+                                type: string
+                              controlPlaneEndpoint:
+                                description: 'ControlPlaneEndpoint sets a stable IP
+                                  address or DNS name for the control plane; it can
+                                  be a valid IP address or a RFC-1123 DNS subdomain,
+                                  both with optional TCP port. In case the ControlPlaneEndpoint
+                                  is not specified, the AdvertiseAddress + BindPort
+                                  are used; in case the ControlPlaneEndpoint is specified
+                                  but without a TCP port, the BindPort is used. Possible
+                                  usages are: e.g. In a cluster with more than one
+                                  control plane instances, this field should be assigned
+                                  the address of the external load balancer in front
+                                  of the control plane instances. e.g.  in environments
+                                  with enforced node recycling, the ControlPlaneEndpoint
+                                  could be used for assigning a stable DNS to the
+                                  control plane. NB: This value defaults to the first
+                                  value in the Cluster object status.apiEndpoints
+                                  array.'
+                                type: string
+                              controllerManager:
+                                description: ControllerManager contains extra settings
+                                  for the controller manager control plane component
+                                properties:
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                type: object
+                              dns:
+                                description: DNS defines the options for the DNS add-on
+                                  installed in the cluster.
+                                properties:
+                                  imageRepository:
+                                    description: ImageRepository sets the container
+                                      registry to pull images from. if not set, the
+                                      ImageRepository defined in ClusterConfiguration
+                                      will be used instead.
+                                    type: string
+                                  imageTag:
+                                    description: ImageTag allows to specify a tag
+                                      for the image. In case this value is set, kubeadm
+                                      does not change automatically the version of
+                                      the above components during upgrades.
+                                    type: string
+                                type: object
+                              etcd:
+                                description: 'Etcd holds configuration for etcd. NB:
+                                  This value defaults to a Local (stacked) etcd'
+                                properties:
+                                  external:
+                                    description: External describes how to connect
+                                      to an external etcd cluster Local and External
+                                      are mutually exclusive
+                                    properties:
+                                      caFile:
+                                        description: CAFile is an SSL Certificate
+                                          Authority file used to secure etcd communication.
+                                          Required if using a TLS connection.
+                                        type: string
+                                      certFile:
+                                        description: CertFile is an SSL certification
+                                          file used to secure etcd communication.
+                                          Required if using a TLS connection.
+                                        type: string
+                                      endpoints:
+                                        description: Endpoints of etcd members. Required
+                                          for ExternalEtcd.
+                                        items:
+                                          type: string
+                                        type: array
+                                      keyFile:
+                                        description: KeyFile is an SSL key file used
+                                          to secure etcd communication. Required if
+                                          using a TLS connection.
+                                        type: string
+                                    required:
+                                    - caFile
+                                    - certFile
+                                    - endpoints
+                                    - keyFile
+                                    type: object
+                                  local:
+                                    description: Local provides configuration knobs
+                                      for configuring the local etcd instance Local
+                                      and External are mutually exclusive
+                                    properties:
+                                      dataDir:
+                                        description: DataDir is the directory etcd
+                                          will place its data. Defaults to "/var/lib/etcd".
+                                        type: string
+                                      extraArgs:
+                                        additionalProperties:
+                                          type: string
+                                        description: ExtraArgs are extra arguments
+                                          provided to the etcd binary when run inside
+                                          a static pod.
+                                        type: object
+                                      imageRepository:
+                                        description: ImageRepository sets the container
+                                          registry to pull images from. if not set,
+                                          the ImageRepository defined in ClusterConfiguration
+                                          will be used instead.
+                                        type: string
+                                      imageTag:
+                                        description: ImageTag allows to specify a
+                                          tag for the image. In case this value is
+                                          set, kubeadm does not change automatically
+                                          the version of the above components during
+                                          upgrades.
+                                        type: string
+                                      peerCertSANs:
+                                        description: PeerCertSANs sets extra Subject
+                                          Alternative Names for the etcd peer signing
+                                          cert.
+                                        items:
+                                          type: string
+                                        type: array
+                                      serverCertSANs:
+                                        description: ServerCertSANs sets extra Subject
+                                          Alternative Names for the etcd server signing
+                                          cert.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                type: object
+                              featureGates:
+                                additionalProperties:
+                                  type: boolean
+                                description: FeatureGates enabled by the user.
+                                type: object
+                              imageRepository:
+                                description: ImageRepository sets the container registry
+                                  to pull images from. If empty, `registry.k8s.io`
+                                  will be used by default; in case of kubernetes version
+                                  is a CI build (kubernetes version starts with `ci/`
+                                  or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will
+                                  be used as a default for control plane components
+                                  and for kube-proxy, while `registry.k8s.io` will
+                                  be used for all the other images.
+                                type: string
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              kubernetesVersion:
+                                description: 'KubernetesVersion is the target version
+                                  of the control plane. NB: This value defaults to
+                                  the Machine object spec.version'
+                                type: string
+                              networking:
+                                description: 'Networking holds configuration for the
+                                  networking topology of the cluster. NB: This value
+                                  defaults to the Cluster object spec.clusterNetwork.'
+                                properties:
+                                  dnsDomain:
+                                    description: DNSDomain is the dns domain used
+                                      by k8s services. Defaults to "cluster.local".
+                                    type: string
+                                  podSubnet:
+                                    description: PodSubnet is the subnet used by pods.
+                                      If unset, the API server will not allocate CIDR
+                                      ranges for every node. Defaults to a comma-delimited
+                                      string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+                                      if that is set
+                                    type: string
+                                  serviceSubnet:
+                                    description: ServiceSubnet is the subnet used
+                                      by k8s services. Defaults to a comma-delimited
+                                      string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+                                      or to "10.96.0.0/12" if that's unset.
+                                    type: string
+                                type: object
+                              scheduler:
+                                description: Scheduler contains extra settings for
+                                  the scheduler control plane component
+                                properties:
+                                  extraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: 'ExtraArgs is an extra set of flags
+                                      to pass to the control plane component. TODO:
+                                      This is temporary and ideally we would like
+                                      to switch all components to use ComponentConfig
+                                      + ConfigMaps.'
+                                    type: object
+                                  extraVolumes:
+                                    description: ExtraVolumes is an extra set of host
+                                      volumes, mounted to the control plane component.
+                                    items:
+                                      description: HostPathMount contains elements
+                                        describing volumes that are mounted from the
+                                        host.
+                                      properties:
+                                        hostPath:
+                                          description: HostPath is the path in the
+                                            host that will be mounted inside the pod.
+                                          type: string
+                                        mountPath:
+                                          description: MountPath is the path inside
+                                            the pod where hostPath will be mounted.
+                                          type: string
+                                        name:
+                                          description: Name of the volume inside the
+                                            pod template.
+                                          type: string
+                                        pathType:
+                                          description: PathType is the type of the
+                                            HostPath.
+                                          type: string
+                                        readOnly:
+                                          description: ReadOnly controls write access
+                                            to the volume
+                                          type: boolean
+                                      required:
+                                      - hostPath
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                type: object
+                            type: object
+                          diskSetup:
+                            description: DiskSetup specifies options for the creation
+                              of partition tables and file systems on devices.
+                            properties:
+                              filesystems:
+                                description: Filesystems specifies the list of file
+                                  systems to setup.
+                                items:
+                                  description: Filesystem defines the file systems
+                                    to be created.
+                                  properties:
+                                    device:
+                                      description: Device specifies the device name
+                                      type: string
+                                    extraOpts:
+                                      description: ExtraOpts defined extra options
+                                        to add to the command for creating the file
+                                        system.
+                                      items:
+                                        type: string
+                                      type: array
+                                    filesystem:
+                                      description: Filesystem specifies the file system
+                                        type.
+                                      type: string
+                                    label:
+                                      description: Label specifies the file system
+                                        label to be used. If set to None, no label
+                                        is used.
+                                      type: string
+                                    overwrite:
+                                      description: Overwrite defines whether or not
+                                        to overwrite any existing filesystem. If true,
+                                        any pre-existing file system will be destroyed.
+                                        Use with Caution.
+                                      type: boolean
+                                    partition:
+                                      description: 'Partition specifies the partition
+                                        to use. The valid options are: "auto|any",
+                                        "auto", "any", "none", and <NUM>, where NUM
+                                        is the actual partition number.'
+                                      type: string
+                                    replaceFS:
+                                      description: 'ReplaceFS is a special directive,
+                                        used for Microsoft Azure that instructs cloud-init
+                                        to replace a file system of <FS_TYPE>. NOTE:
+                                        unless you define a label, this requires the
+                                        use of the ''any'' partition directive.'
+                                      type: string
+                                  required:
+                                  - device
+                                  - filesystem
+                                  - label
+                                  type: object
+                                type: array
+                              partitions:
+                                description: Partitions specifies the list of the
+                                  partitions to setup.
+                                items:
+                                  description: Partition defines how to create and
+                                    layout a partition.
+                                  properties:
+                                    device:
+                                      description: Device is the name of the device.
+                                      type: string
+                                    layout:
+                                      description: Layout specifies the device layout.
+                                        If it is true, a single partition will be
+                                        created for the entire device. When layout
+                                        is false, it means don't partition or ignore
+                                        existing partitioning.
+                                      type: boolean
+                                    overwrite:
+                                      description: Overwrite describes whether to
+                                        skip checks and create the partition if a
+                                        partition or filesystem is found on the device.
+                                        Use with caution. Default is 'false'.
+                                      type: boolean
+                                    tableType:
+                                      description: 'TableType specifies the tupe of
+                                        partition table. The following are supported:
+                                        ''mbr'': default and setups a MS-DOS partition
+                                        table ''gpt'': setups a GPT partition table'
+                                      type: string
+                                  required:
+                                  - device
+                                  - layout
+                                  type: object
+                                type: array
+                            type: object
+                          files:
+                            description: Files specifies extra files to be passed
+                              to user_data upon creation.
+                            items:
+                              description: File defines the input for generating write_files
+                                in cloud-init.
+                              properties:
+                                append:
+                                  description: Append specifies whether to append
+                                    Content to existing file if Path exists.
+                                  type: boolean
+                                content:
+                                  description: Content is the actual content of the
+                                    file.
+                                  type: string
+                                contentFrom:
+                                  description: ContentFrom is a referenced source
+                                    of content to populate the file.
+                                  properties:
+                                    secret:
+                                      description: Secret represents a secret that
+                                        should populate this file.
+                                      properties:
+                                        key:
+                                          description: Key is the key in the secret's
+                                            data map for this value.
+                                          type: string
+                                        name:
+                                          description: Name of the secret in the KubeadmBootstrapConfig's
+                                            namespace to use.
+                                          type: string
+                                      required:
+                                      - key
+                                      - name
+                                      type: object
+                                  required:
+                                  - secret
+                                  type: object
+                                encoding:
+                                  description: Encoding specifies the encoding of
+                                    the file contents.
+                                  enum:
+                                  - base64
+                                  - gzip
+                                  - gzip+base64
+                                  type: string
+                                owner:
+                                  description: Owner specifies the ownership of the
+                                    file, e.g. "root:root".
+                                  type: string
+                                path:
+                                  description: Path specifies the full path on disk
+                                    where to store the file.
+                                  type: string
+                                permissions:
+                                  description: Permissions specifies the permissions
+                                    to assign to the file, e.g. "0640".
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            type: array
+                          format:
+                            description: Format specifies the output format of the
+                              bootstrap data
+                            enum:
+                            - cloud-config
+                            - ignition
+                            type: string
+                          ignition:
+                            description: Ignition contains Ignition specific configuration.
+                            properties:
+                              containerLinuxConfig:
+                                description: ContainerLinuxConfig contains CLC specific
+                                  configuration.
+                                properties:
+                                  additionalConfig:
+                                    description: "AdditionalConfig contains additional
+                                      configuration to be merged with the Ignition
+                                      configuration generated by the bootstrapper
+                                      controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+                                      \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+                                    type: string
+                                  strict:
+                                    description: Strict controls if AdditionalConfig
+                                      should be strictly parsed. If so, warnings are
+                                      treated as errors.
+                                    type: boolean
+                                type: object
+                            type: object
+                          initConfiguration:
+                            description: InitConfiguration along with ClusterConfiguration
+                              are the configurations necessary for the init command
+                            properties:
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              bootstrapTokens:
+                                description: BootstrapTokens is respected at `kubeadm
+                                  init` time and describes a set of Bootstrap Tokens
+                                  to create. This information IS NOT uploaded to the
+                                  kubeadm cluster configmap, partly because of its
+                                  sensitive nature
+                                items:
+                                  description: BootstrapToken describes one bootstrap
+                                    token, stored as a Secret in the cluster.
+                                  properties:
+                                    description:
+                                      description: Description sets a human-friendly
+                                        message why this token exists and what it's
+                                        used for, so other administrators can know
+                                        its purpose.
+                                      type: string
+                                    expires:
+                                      description: Expires specifies the timestamp
+                                        when this token expires. Defaults to being
+                                        set dynamically at runtime based on the TTL.
+                                        Expires and TTL are mutually exclusive.
+                                      format: date-time
+                                      type: string
+                                    groups:
+                                      description: Groups specifies the extra groups
+                                        that this token will authenticate as when/if
+                                        used for authentication
+                                      items:
+                                        type: string
+                                      type: array
+                                    token:
+                                      description: Token is used for establishing
+                                        bidirectional trust between nodes and control-planes.
+                                        Used for joining nodes in the cluster.
+                                      type: string
+                                    ttl:
+                                      description: TTL defines the time to live for
+                                        this token. Defaults to 24h. Expires and TTL
+                                        are mutually exclusive.
+                                      type: string
+                                    usages:
+                                      description: Usages describes the ways in which
+                                        this token can be used. Can by default be
+                                        used for establishing bidirectional trust,
+                                        but that can be changed here.
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                  - token
+                                  type: object
+                                type: array
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              localAPIEndpoint:
+                                description: LocalAPIEndpoint represents the endpoint
+                                  of the API server instance that's deployed on this
+                                  control plane node In HA setups, this differs from
+                                  ClusterConfiguration.ControlPlaneEndpoint in the
+                                  sense that ControlPlaneEndpoint is the global endpoint
+                                  for the cluster, which then loadbalances the requests
+                                  to each individual API server. This configuration
+                                  object lets you customize what IP/DNS name and port
+                                  the local API server advertises it's accessible
+                                  on. By default, kubeadm tries to auto-detect the
+                                  IP of the default interface and use that, but in
+                                  case that process fails you may set the desired
+                                  value here.
+                                properties:
+                                  advertiseAddress:
+                                    description: AdvertiseAddress sets the IP address
+                                      for the API server to advertise.
+                                    type: string
+                                  bindPort:
+                                    description: BindPort sets the secure port for
+                                      the API Server to bind to. Defaults to 6443.
+                                    format: int32
+                                    type: integer
+                                type: object
+                              nodeRegistration:
+                                description: NodeRegistration holds fields that relate
+                                  to registering the new control-plane node to the
+                                  cluster. When used in the context of control plane
+                                  nodes, NodeRegistration should remain consistent
+                                  across both InitConfiguration and JoinConfiguration
+                                properties:
+                                  criSocket:
+                                    description: CRISocket is used to retrieve container
+                                      runtime info. This information will be annotated
+                                      to the Node API object, for later re-use
+                                    type: string
+                                  ignorePreflightErrors:
+                                    description: IgnorePreflightErrors provides a
+                                      slice of pre-flight errors to be ignored when
+                                      the current node is registered.
+                                    items:
+                                      type: string
+                                    type: array
+                                  kubeletExtraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: KubeletExtraArgs passes through extra
+                                      arguments to the kubelet. The arguments here
+                                      are passed to the kubelet command line via the
+                                      environment file kubeadm writes at runtime for
+                                      the kubelet to source. This overrides the generic
+                                      base-level configuration in the kubelet-config-1.X
+                                      ConfigMap Flags have higher priority when parsing.
+                                      These values are local and specific to the node
+                                      kubeadm is executing on.
+                                    type: object
+                                  name:
+                                    description: Name is the `.Metadata.Name` field
+                                      of the Node API object that will be created
+                                      in this `kubeadm init` or `kubeadm join` operation.
+                                      This field is also used in the CommonName field
+                                      of the kubelet's client certificate to the API
+                                      server. Defaults to the hostname of the node
+                                      if not provided.
+                                    type: string
+                                  taints:
+                                    description: 'Taints specifies the taints the
+                                      Node API object should be registered with. If
+                                      this field is unset, i.e. nil, in the `kubeadm
+                                      init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                      If you don''t want to taint your control-plane
+                                      node, set this field to an empty slice, i.e.
+                                      `taints: []` in the YAML file. This field is
+                                      solely used for Node registration.'
+                                    items:
+                                      description: The node this Taint is attached
+                                        to has the "effect" on any pod that does not
+                                        tolerate the Taint.
+                                      properties:
+                                        effect:
+                                          description: Required. The effect of the
+                                            taint on pods that do not tolerate the
+                                            taint. Valid effects are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Required. The taint key to
+                                            be applied to a node.
+                                          type: string
+                                        timeAdded:
+                                          description: TimeAdded represents the time
+                                            at which the taint was added. It is only
+                                            written for NoExecute taints.
+                                          format: date-time
+                                          type: string
+                                        value:
+                                          description: The taint value corresponding
+                                            to the taint key.
+                                          type: string
+                                      required:
+                                      - effect
+                                      - key
+                                      type: object
+                                    type: array
+                                type: object
+                              patches:
+                                description: Patches contains options related to applying
+                                  patches to components deployed by kubeadm during
+                                  "kubeadm init". The minimum kubernetes version needed
+                                  to support Patches is v1.22
+                                properties:
+                                  directory:
+                                    description: Directory is a path to a directory
+                                      that contains files named "target[suffix][+patchtype].extension".
+                                      For example, "kube-apiserver0+merge.yaml" or
+                                      just "etcd.json". "target" can be one of "kube-apiserver",
+                                      "kube-controller-manager", "kube-scheduler",
+                                      "etcd". "patchtype" can be one of "strategic"
+                                      "merge" or "json" and they match the patch formats
+                                      supported by kubectl. The default "patchtype"
+                                      is "strategic". "extension" must be either "json"
+                                      or "yaml". "suffix" is an optional string that
+                                      can be used to determine which patches are applied
+                                      first alpha-numerically. These files can be
+                                      written into the target directory via KubeadmConfig.Files
+                                      which specifies additional files to be created
+                                      on the machine, either with content inline or
+                                      by referencing a secret.
+                                    type: string
+                                type: object
+                              skipPhases:
+                                description: SkipPhases is a list of phases to skip
+                                  during command execution. The list of phases can
+                                  be obtained with the "kubeadm init --help" command.
+                                  This option takes effect only on Kubernetes >=1.22.0.
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          joinConfiguration:
+                            description: JoinConfiguration is the kubeadm configuration
+                              for the join command
+                            properties:
+                              apiVersion:
+                                description: 'APIVersion defines the versioned schema
+                                  of this representation of an object. Servers should
+                                  convert recognized schemas to the latest internal
+                                  value, and may reject unrecognized values. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                                type: string
+                              caCertPath:
+                                description: 'CACertPath is the path to the SSL certificate
+                                  authority used to secure comunications between node
+                                  and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+                                  TODO: revisit when there is defaulting from k/k'
+                                type: string
+                              controlPlane:
+                                description: ControlPlane defines the additional control
+                                  plane instance to be deployed on the joining node.
+                                  If nil, no additional control plane instance will
+                                  be deployed.
+                                properties:
+                                  localAPIEndpoint:
+                                    description: LocalAPIEndpoint represents the endpoint
+                                      of the API server instance to be deployed on
+                                      this node.
+                                    properties:
+                                      advertiseAddress:
+                                        description: AdvertiseAddress sets the IP
+                                          address for the API server to advertise.
+                                        type: string
+                                      bindPort:
+                                        description: BindPort sets the secure port
+                                          for the API Server to bind to. Defaults
+                                          to 6443.
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                type: object
+                              discovery:
+                                description: 'Discovery specifies the options for
+                                  the kubelet to use during the TLS Bootstrap process
+                                  TODO: revisit when there is defaulting from k/k'
+                                properties:
+                                  bootstrapToken:
+                                    description: BootstrapToken is used to set the
+                                      options for bootstrap token based discovery
+                                      BootstrapToken and File are mutually exclusive
+                                    properties:
+                                      apiServerEndpoint:
+                                        description: APIServerEndpoint is an IP or
+                                          domain name to the API server from which
+                                          info will be fetched.
+                                        type: string
+                                      caCertHashes:
+                                        description: 'CACertHashes specifies a set
+                                          of public key pins to verify when token-based
+                                          discovery is used. The root CA found during
+                                          discovery must match one of these values.
+                                          Specifying an empty set disables root CA
+                                          pinning, which can be unsafe. Each hash
+                                          is specified as "<type>:<value>", where
+                                          the only currently supported type is "sha256".
+                                          This is a hex-encoded SHA-256 hash of the
+                                          Subject Public Key Info (SPKI) object in
+                                          DER-encoded ASN.1. These hashes can be calculated
+                                          using, for example, OpenSSL: openssl x509
+                                          -pubkey -in ca.crt openssl rsa -pubin -outform
+                                          der 2>&/dev/null | openssl dgst -sha256
+                                          -hex'
+                                        items:
+                                          type: string
+                                        type: array
+                                      token:
+                                        description: Token is a token used to validate
+                                          cluster information fetched from the control-plane.
+                                        type: string
+                                      unsafeSkipCAVerification:
+                                        description: UnsafeSkipCAVerification allows
+                                          token-based discovery without CA verification
+                                          via CACertHashes. This can weaken the security
+                                          of kubeadm since other nodes can impersonate
+                                          the control-plane.
+                                        type: boolean
+                                    required:
+                                    - token
+                                    type: object
+                                  file:
+                                    description: File is used to specify a file or
+                                      URL to a kubeconfig file from which to load
+                                      cluster information BootstrapToken and File
+                                      are mutually exclusive
+                                    properties:
+                                      kubeConfigPath:
+                                        description: KubeConfigPath is used to specify
+                                          the actual file path or URL to the kubeconfig
+                                          file from which to load cluster information
+                                        type: string
+                                    required:
+                                    - kubeConfigPath
+                                    type: object
+                                  timeout:
+                                    description: Timeout modifies the discovery timeout
+                                    type: string
+                                  tlsBootstrapToken:
+                                    description: TLSBootstrapToken is a token used
+                                      for TLS bootstrapping. If .BootstrapToken is
+                                      set, this field is defaulted to .BootstrapToken.Token,
+                                      but can be overridden. If .File is set, this
+                                      field **must be set** in case the KubeConfigFile
+                                      does not contain any other authentication information
+                                    type: string
+                                type: object
+                              kind:
+                                description: 'Kind is a string value representing
+                                  the REST resource this object represents. Servers
+                                  may infer this from the endpoint the client submits
+                                  requests to. Cannot be updated. In CamelCase. More
+                                  info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              nodeRegistration:
+                                description: NodeRegistration holds fields that relate
+                                  to registering the new control-plane node to the
+                                  cluster. When used in the context of control plane
+                                  nodes, NodeRegistration should remain consistent
+                                  across both InitConfiguration and JoinConfiguration
+                                properties:
+                                  criSocket:
+                                    description: CRISocket is used to retrieve container
+                                      runtime info. This information will be annotated
+                                      to the Node API object, for later re-use
+                                    type: string
+                                  ignorePreflightErrors:
+                                    description: IgnorePreflightErrors provides a
+                                      slice of pre-flight errors to be ignored when
+                                      the current node is registered.
+                                    items:
+                                      type: string
+                                    type: array
+                                  kubeletExtraArgs:
+                                    additionalProperties:
+                                      type: string
+                                    description: KubeletExtraArgs passes through extra
+                                      arguments to the kubelet. The arguments here
+                                      are passed to the kubelet command line via the
+                                      environment file kubeadm writes at runtime for
+                                      the kubelet to source. This overrides the generic
+                                      base-level configuration in the kubelet-config-1.X
+                                      ConfigMap Flags have higher priority when parsing.
+                                      These values are local and specific to the node
+                                      kubeadm is executing on.
+                                    type: object
+                                  name:
+                                    description: Name is the `.Metadata.Name` field
+                                      of the Node API object that will be created
+                                      in this `kubeadm init` or `kubeadm join` operation.
+                                      This field is also used in the CommonName field
+                                      of the kubelet's client certificate to the API
+                                      server. Defaults to the hostname of the node
+                                      if not provided.
+                                    type: string
+                                  taints:
+                                    description: 'Taints specifies the taints the
+                                      Node API object should be registered with. If
+                                      this field is unset, i.e. nil, in the `kubeadm
+                                      init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+                                      If you don''t want to taint your control-plane
+                                      node, set this field to an empty slice, i.e.
+                                      `taints: []` in the YAML file. This field is
+                                      solely used for Node registration.'
+                                    items:
+                                      description: The node this Taint is attached
+                                        to has the "effect" on any pod that does not
+                                        tolerate the Taint.
+                                      properties:
+                                        effect:
+                                          description: Required. The effect of the
+                                            taint on pods that do not tolerate the
+                                            taint. Valid effects are NoSchedule, PreferNoSchedule
+                                            and NoExecute.
+                                          type: string
+                                        key:
+                                          description: Required. The taint key to
+                                            be applied to a node.
+                                          type: string
+                                        timeAdded:
+                                          description: TimeAdded represents the time
+                                            at which the taint was added. It is only
+                                            written for NoExecute taints.
+                                          format: date-time
+                                          type: string
+                                        value:
+                                          description: The taint value corresponding
+                                            to the taint key.
+                                          type: string
+                                      required:
+                                      - effect
+                                      - key
+                                      type: object
+                                    type: array
+                                type: object
+                              patches:
+                                description: Patches contains options related to applying
+                                  patches to components deployed by kubeadm during
+                                  "kubeadm join". The minimum kubernetes version needed
+                                  to support Patches is v1.22
+                                properties:
+                                  directory:
+                                    description: Directory is a path to a directory
+                                      that contains files named "target[suffix][+patchtype].extension".
+                                      For example, "kube-apiserver0+merge.yaml" or
+                                      just "etcd.json". "target" can be one of "kube-apiserver",
+                                      "kube-controller-manager", "kube-scheduler",
+                                      "etcd". "patchtype" can be one of "strategic"
+                                      "merge" or "json" and they match the patch formats
+                                      supported by kubectl. The default "patchtype"
+                                      is "strategic". "extension" must be either "json"
+                                      or "yaml". "suffix" is an optional string that
+                                      can be used to determine which patches are applied
+                                      first alpha-numerically. These files can be
+                                      written into the target directory via KubeadmConfig.Files
+                                      which specifies additional files to be created
+                                      on the machine, either with content inline or
+                                      by referencing a secret.
+                                    type: string
+                                type: object
+                              skipPhases:
+                                description: SkipPhases is a list of phases to skip
+                                  during command execution. The list of phases can
+                                  be obtained with the "kubeadm init --help" command.
+                                  This option takes effect only on Kubernetes >=1.22.0.
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          mounts:
+                            description: Mounts specifies a list of mount points to
+                              be setup.
+                            items:
+                              description: MountPoints defines input for generated
+                                mounts in cloud-init.
+                              items:
+                                type: string
+                              type: array
+                            type: array
+                          ntp:
+                            description: NTP specifies NTP configuration
+                            properties:
+                              enabled:
+                                description: Enabled specifies whether NTP should
+                                  be enabled
+                                type: boolean
+                              servers:
+                                description: Servers specifies which NTP servers to
+                                  use
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          postKubeadmCommands:
+                            description: PostKubeadmCommands specifies extra commands
+                              to run after kubeadm runs
+                            items:
+                              type: string
+                            type: array
+                          preKubeadmCommands:
+                            description: PreKubeadmCommands specifies extra commands
+                              to run before kubeadm runs
+                            items:
+                              type: string
+                            type: array
+                          useExperimentalRetryJoin:
+                            description: "UseExperimentalRetryJoin replaces a basic
+                              kubeadm command with a shell script with retries for
+                              joins. \n This is meant to be an experimental temporary
+                              workaround on some environments where joins fail due
+                              to timing (and other issues). The long term goal is
+                              to add retries to kubeadm proper and use that functionality.
+                              \n This will add about 40KB to userdata \n For more
+                              information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+                              \n Deprecated: This experimental fix is no longer needed
+                              and this field will be removed in a future release.
+                              When removing also remove from staticcheck exclude-rules
+                              for SA1019 in golangci.yml"
+                            type: boolean
+                          users:
+                            description: Users specifies extra users to add
+                            items:
+                              description: User defines the input for a generated
+                                user in cloud-init.
+                              properties:
+                                gecos:
+                                  description: Gecos specifies the gecos to use for
+                                    the user
+                                  type: string
+                                groups:
+                                  description: Groups specifies the additional groups
+                                    for the user
+                                  type: string
+                                homeDir:
+                                  description: HomeDir specifies the home directory
+                                    to use for the user
+                                  type: string
+                                inactive:
+                                  description: Inactive specifies whether to mark
+                                    the user as inactive
+                                  type: boolean
+                                lockPassword:
+                                  description: LockPassword specifies if password
+                                    login should be disabled
+                                  type: boolean
+                                name:
+                                  description: Name specifies the user name
+                                  type: string
+                                passwd:
+                                  description: Passwd specifies a hashed password
+                                    for the user
+                                  type: string
+                                passwdFrom:
+                                  description: PasswdFrom is a referenced source of
+                                    passwd to populate the passwd.
+                                  properties:
+                                    secret:
+                                      description: Secret represents a secret that
+                                        should populate this password.
+                                      properties:
+                                        key:
+                                          description: Key is the key in the secret's
+                                            data map for this value.
+                                          type: string
+                                        name:
+                                          description: Name of the secret in the KubeadmBootstrapConfig's
+                                            namespace to use.
+                                          type: string
+                                      required:
+                                      - key
+                                      - name
+                                      type: object
+                                  required:
+                                  - secret
+                                  type: object
+                                primaryGroup:
+                                  description: PrimaryGroup specifies the primary
+                                    group for the user
+                                  type: string
+                                shell:
+                                  description: Shell specifies the user's shell
+                                  type: string
+                                sshAuthorizedKeys:
+                                  description: SSHAuthorizedKeys specifies a list
+                                    of ssh authorized keys for the user
+                                  items:
+                                    type: string
+                                  type: array
+                                sudo:
+                                  description: Sudo specifies a sudo role for the
+                                    user
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                          verbosity:
+                            description: Verbosity is the number for the kubeadm log
+                              level verbosity. It overrides the `--v` flag in kubeadm
+                              commands.
+                            format: int32
+                            type: integer
+                        type: object
+                      machineTemplate:
+                        description: MachineTemplate contains information about how
+                          machines should be shaped when creating or updating a control
+                          plane.
+                        properties:
+                          nodeDeletionTimeout:
+                            description: NodeDeletionTimeout defines how long the
+                              machine controller will attempt to delete the Node that
+                              the Machine hosts after the Machine is marked for deletion.
+                              A duration of 0 will retry deletion indefinitely. If
+                              no value is provided, the default value for this property
+                              of the Machine resource will be used.
+                            type: string
+                          nodeDrainTimeout:
+                            description: 'NodeDrainTimeout is the total amount of
+                              time that the controller will spend on draining a controlplane
+                              node The default value is 0, meaning that the node can
+                              be drained without any time limitations. NOTE: NodeDrainTimeout
+                              is different from `kubectl drain --timeout`'
+                            type: string
+                          nodeVolumeDetachTimeout:
+                            description: NodeVolumeDetachTimeout is the total amount
+                              of time that the controller will spend on waiting for
+                              all volumes to be detached. The default value is 0,
+                              meaning that the volumes can be detached without any
+                              time limitations.
+                            type: string
+                        type: object
+                      rolloutAfter:
+                        description: RolloutAfter is a field to indicate a rollout
+                          should be performed after the specified time even if no
+                          changes have been made to the KubeadmControlPlane.
+                        format: date-time
+                        type: string
+                      rolloutBefore:
+                        description: RolloutBefore is a field to indicate a rollout
+                          should be performed if the specified criteria is met.
+                        properties:
+                          certificatesExpiryDays:
+                            description: CertificatesExpiryDays indicates a rollout
+                              needs to be performed if the certificates of the machine
+                              will expire within the specified days.
+                            format: int32
+                            type: integer
+                        type: object
+                      rolloutStrategy:
+                        default:
+                          rollingUpdate:
+                            maxSurge: 1
+                          type: RollingUpdate
+                        description: The RolloutStrategy to use to replace control
+                          plane machines with new ones.
+                        properties:
+                          rollingUpdate:
+                            description: Rolling update config params. Present only
+                              if RolloutStrategyType = RollingUpdate.
+                            properties:
+                              maxSurge:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: 'The maximum number of control planes
+                                  that can be scheduled above or under the desired
+                                  number of control planes. Value can be an absolute
+                                  number 1 or 0. Defaults to 1. Example: when this
+                                  is set to 1, the control plane can be scaled up
+                                  immediately when the rolling update starts.'
+                                x-kubernetes-int-or-string: true
+                            type: object
+                          type:
+                            description: Type of rollout. Currently the only supported
+                              strategy is "RollingUpdate". Default is RollingUpdate.
+                            type: string
+                        type: object
+                    required:
+                    - kubeadmConfigSpec
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-manager
+  namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-leader-election-role
+  namespace: capi-kubeadm-control-plane-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+    kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+  name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-manager-role
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  - controlplane.cluster.x-k8s.io
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  - machines/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-leader-election-rolebinding
+  namespace: capi-kubeadm-control-plane-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capi-kubeadm-control-plane-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: capi-kubeadm-control-plane-manager
+  namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+  name: capi-kubeadm-control-plane-manager
+  namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-webhook-service
+  namespace: capi-kubeadm-control-plane-system
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-kubeadm-control-plane-controller-manager
+  namespace: capi-kubeadm-control-plane-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: control-plane-kubeadm
+      control-plane: controller-manager
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        cluster.x-k8s.io/provider: control-plane-kubeadm
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        - --metrics-bind-addr=localhost:8080
+        - --feature-gates=ClusterTopology=true,KubeadmBootstrapFormatIgnition=false
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_UID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.uid
+        image: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.3.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: healthz
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: healthz
+        resources: {}
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: capi-kubeadm-control-plane-manager
+      terminationGracePeriodSeconds: 10
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+      volumes:
+      - name: cert
+        secret:
+          secretName: capi-kubeadm-control-plane-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-serving-cert
+  namespace: capi-kubeadm-control-plane-system
+spec:
+  dnsNames:
+  - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc
+  - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: capi-kubeadm-control-plane-selfsigned-issuer
+  secretName: capi-kubeadm-control-plane-webhook-service-cert
+  subject:
+    organizations:
+    - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-selfsigned-issuer
+  namespace: capi-kubeadm-control-plane-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-control-plane-webhook-service
+      namespace: capi-kubeadm-control-plane-system
+      path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmcontrolplanes
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-control-plane-webhook-service
+      namespace: capi-kubeadm-control-plane-system
+      path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+  failurePolicy: Fail
+  name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmcontrolplanetemplates
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: control-plane-kubeadm
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-kubeadm-control-plane-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-control-plane-webhook-service
+      namespace: capi-kubeadm-control-plane-system
+      path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmcontrolplanes
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-control-plane-webhook-service
+      namespace: capi-kubeadm-control-plane-system
+      path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+  failurePolicy: Fail
+  name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kubeadmcontrolplanetemplates
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-kubeadm-control-plane-webhook-service
+      namespace: capi-kubeadm-control-plane-system
+      path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - controlplane.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - UPDATE
+    resources:
+    - kubeadmcontrolplanes/scale
+  sideEffects: None
diff --git a/atmosphere/operator/manifests/capi-core.yml b/atmosphere/operator/manifests/capi-core.yml
new file mode 100644
index 0000000..512a675
--- /dev/null
+++ b/atmosphere/operator/manifests/capi-core.yml
@@ -0,0 +1,11515 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: clusterclasses.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: ClusterClass
+    listKind: ClusterClassList
+    plural: clusterclasses
+    shortNames:
+    - cc
+    singular: clusterclass
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterClass
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: ClusterClass is a template which can be used to create managed
+          topologies.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterClassSpec describes the desired state of the ClusterClass.
+            properties:
+              controlPlane:
+                description: ControlPlane is a reference to a local struct that holds
+                  the details for provisioning the Control Plane for the Cluster.
+                properties:
+                  machineInfrastructure:
+                    description: "MachineTemplate defines the metadata and infrastructure
+                      information for control plane machines. \n This field is supported
+                      if and only if the control plane provider template referenced
+                      above is Machine based and supports setting replicas."
+                    properties:
+                      ref:
+                        description: Ref is a required reference to a custom resource
+                          offered by a provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    required:
+                    - ref
+                    type: object
+                  metadata:
+                    description: "Metadata is the metadata applied to the machines
+                      of the ControlPlane. At runtime this metadata is merged with
+                      the corresponding metadata from the topology. \n This field
+                      is supported if and only if the control plane provider template
+                      referenced is Machine based."
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  ref:
+                    description: Ref is a required reference to a custom resource
+                      offered by a provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                required:
+                - ref
+                type: object
+              infrastructure:
+                description: Infrastructure is a reference to a provider-specific
+                  template that holds the details for provisioning infrastructure
+                  specific cluster for the underlying provider. The underlying provider
+                  is responsible for the implementation of the template to an infrastructure
+                  cluster.
+                properties:
+                  ref:
+                    description: Ref is a required reference to a custom resource
+                      offered by a provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                required:
+                - ref
+                type: object
+              workers:
+                description: Workers describes the worker nodes for the cluster. It
+                  is a collection of node types which can be used to create the worker
+                  nodes of the cluster.
+                properties:
+                  machineDeployments:
+                    description: MachineDeployments is a list of machine deployment
+                      classes that can be used to create a set of worker nodes.
+                    items:
+                      description: MachineDeploymentClass serves as a template to
+                        define a set of worker nodes of the cluster provisioned using
+                        the `ClusterClass`.
+                      properties:
+                        class:
+                          description: Class denotes a type of worker node present
+                            in the cluster, this name MUST be unique within a ClusterClass
+                            and can be referenced in the Cluster to create a managed
+                            MachineDeployment.
+                          type: string
+                        template:
+                          description: Template is a local struct containing a collection
+                            of templates for creation of MachineDeployment objects
+                            representing a set of worker nodes.
+                          properties:
+                            bootstrap:
+                              description: Bootstrap contains the bootstrap template
+                                reference to be used for the creation of worker Machines.
+                              properties:
+                                ref:
+                                  description: Ref is a required reference to a custom
+                                    resource offered by a provider.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an
+                                        object instead of an entire object, this string
+                                        should contain a valid JSON/Go field access
+                                        statement, such as desiredState.manifest.containers[2].
+                                        For example, if the object reference is to
+                                        a container within a pod, this would take
+                                        on a value like: "spec.containers{name}" (where
+                                        "name" refers to the name of the container
+                                        that triggered the event) or if no container
+                                        name is specified "spec.containers[2]" (container
+                                        with index 2 in this pod). This syntax is
+                                        chosen only to have some well-defined way
+                                        of referencing a part of an object. TODO:
+                                        this design is not final and this field is
+                                        subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More
+                                        info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which
+                                        this reference is made, if any. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - ref
+                              type: object
+                            infrastructure:
+                              description: Infrastructure contains the infrastructure
+                                template reference to be used for the creation of
+                                worker Machines.
+                              properties:
+                                ref:
+                                  description: Ref is a required reference to a custom
+                                    resource offered by a provider.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an
+                                        object instead of an entire object, this string
+                                        should contain a valid JSON/Go field access
+                                        statement, such as desiredState.manifest.containers[2].
+                                        For example, if the object reference is to
+                                        a container within a pod, this would take
+                                        on a value like: "spec.containers{name}" (where
+                                        "name" refers to the name of the container
+                                        that triggered the event) or if no container
+                                        name is specified "spec.containers[2]" (container
+                                        with index 2 in this pod). This syntax is
+                                        chosen only to have some well-defined way
+                                        of referencing a part of an object. TODO:
+                                        this design is not final and this field is
+                                        subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More
+                                        info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which
+                                        this reference is made, if any. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - ref
+                              type: object
+                            metadata:
+                              description: Metadata is the metadata applied to the
+                                machines of the MachineDeployment. At runtime this
+                                metadata is merged with the corresponding metadata
+                                from the topology.
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Annotations is an unstructured key
+                                    value map stored with a resource that may be set
+                                    by external tools to store and retrieve arbitrary
+                                    metadata. They are not queryable and should be
+                                    preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Map of string keys and values that
+                                    can be used to organize and categorize (scope
+                                    and select) objects. May match selectors of replication
+                                    controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                                  type: object
+                              type: object
+                          required:
+                          - bootstrap
+                          - infrastructure
+                          type: object
+                      required:
+                      - class
+                      - template
+                      type: object
+                    type: array
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterClass
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ClusterClass is a template which can be used to create managed
+          topologies.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterClassSpec describes the desired state of the ClusterClass.
+            properties:
+              controlPlane:
+                description: ControlPlane is a reference to a local struct that holds
+                  the details for provisioning the Control Plane for the Cluster.
+                properties:
+                  machineHealthCheck:
+                    description: MachineHealthCheck defines a MachineHealthCheck for
+                      this ControlPlaneClass. This field is supported if and only
+                      if the ControlPlane provider template referenced above is Machine
+                      based and supports setting replicas.
+                    properties:
+                      maxUnhealthy:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Any further remediation is only allowed if at
+                          most "MaxUnhealthy" machines selected by "selector" are
+                          not healthy.
+                        x-kubernetes-int-or-string: true
+                      nodeStartupTimeout:
+                        description: Machines older than this duration without a node
+                          will be considered to have failed and will be remediated.
+                          If you wish to disable this feature, set the value explicitly
+                          to 0.
+                        type: string
+                      remediationTemplate:
+                        description: "RemediationTemplate is a reference to a remediation
+                          template provided by an infrastructure provider. \n This
+                          field is completely optional, when filled, the MachineHealthCheck
+                          controller creates a new object from the template referenced
+                          and hands off remediation of the machine to a controller
+                          that lives outside of Cluster API."
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      unhealthyConditions:
+                        description: UnhealthyConditions contains a list of the conditions
+                          that determine whether a node is considered unhealthy. The
+                          conditions are combined in a logical OR, i.e. if any of
+                          the conditions is met, the node is unhealthy.
+                        items:
+                          description: UnhealthyCondition represents a Node condition
+                            type and value with a timeout specified as a duration.  When
+                            the named condition has been in the given status for at
+                            least the timeout value, a node is considered unhealthy.
+                          properties:
+                            status:
+                              minLength: 1
+                              type: string
+                            timeout:
+                              type: string
+                            type:
+                              minLength: 1
+                              type: string
+                          required:
+                          - status
+                          - timeout
+                          - type
+                          type: object
+                        type: array
+                      unhealthyRange:
+                        description: 'Any further remediation is only allowed if the
+                          number of machines selected by "selector" as not healthy
+                          is within the range of "UnhealthyRange". Takes precedence
+                          over MaxUnhealthy. Eg. "[3-5]" - This means that remediation
+                          will be allowed only when: (a) there are at least 3 unhealthy
+                          machines (and) (b) there are at most 5 unhealthy machines'
+                        pattern: ^\[[0-9]+-[0-9]+\]$
+                        type: string
+                    type: object
+                  machineInfrastructure:
+                    description: "MachineInfrastructure defines the metadata and infrastructure
+                      information for control plane machines. \n This field is supported
+                      if and only if the control plane provider template referenced
+                      above is Machine based and supports setting replicas."
+                    properties:
+                      ref:
+                        description: Ref is a required reference to a custom resource
+                          offered by a provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    required:
+                    - ref
+                    type: object
+                  metadata:
+                    description: "Metadata is the metadata applied to the machines
+                      of the ControlPlane. At runtime this metadata is merged with
+                      the corresponding metadata from the topology. \n This field
+                      is supported if and only if the control plane provider template
+                      referenced is Machine based."
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  nodeDeletionTimeout:
+                    description: 'NodeDeletionTimeout defines how long the controller
+                      will attempt to delete the Node that the Machine hosts after
+                      the Machine is marked for deletion. A duration of 0 will retry
+                      deletion indefinitely. Defaults to 10 seconds. NOTE: This value
+                      can be overridden while defining a Cluster.Topology.'
+                    type: string
+                  nodeDrainTimeout:
+                    description: 'NodeDrainTimeout is the total amount of time that
+                      the controller will spend on draining a node. The default value
+                      is 0, meaning that the node can be drained without any time
+                      limitations. NOTE: NodeDrainTimeout is different from `kubectl
+                      drain --timeout` NOTE: This value can be overridden while defining
+                      a Cluster.Topology.'
+                    type: string
+                  nodeVolumeDetachTimeout:
+                    description: 'NodeVolumeDetachTimeout is the total amount of time
+                      that the controller will spend on waiting for all volumes to
+                      be detached. The default value is 0, meaning that the volumes
+                      can be detached without any time limitations. NOTE: This value
+                      can be overridden while defining a Cluster.Topology.'
+                    type: string
+                  ref:
+                    description: Ref is a required reference to a custom resource
+                      offered by a provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                required:
+                - ref
+                type: object
+              infrastructure:
+                description: Infrastructure is a reference to a provider-specific
+                  template that holds the details for provisioning infrastructure
+                  specific cluster for the underlying provider. The underlying provider
+                  is responsible for the implementation of the template to an infrastructure
+                  cluster.
+                properties:
+                  ref:
+                    description: Ref is a required reference to a custom resource
+                      offered by a provider.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                required:
+                - ref
+                type: object
+              patches:
+                description: 'Patches defines the patches which are applied to customize
+                  referenced templates of a ClusterClass. Note: Patches will be applied
+                  in the order of the array.'
+                items:
+                  description: ClusterClassPatch defines a patch which is applied
+                    to customize the referenced templates.
+                  properties:
+                    definitions:
+                      description: 'Definitions define inline patches. Note: Patches
+                        will be applied in the order of the array. Note: Exactly one
+                        of Definitions or External must be set.'
+                      items:
+                        description: PatchDefinition defines a patch which is applied
+                          to customize the referenced templates.
+                        properties:
+                          jsonPatches:
+                            description: 'JSONPatches defines the patches which should
+                              be applied on the templates matching the selector. Note:
+                              Patches will be applied in the order of the array.'
+                            items:
+                              description: JSONPatch defines a JSON patch.
+                              properties:
+                                op:
+                                  description: 'Op defines the operation of the patch.
+                                    Note: Only `add`, `replace` and `remove` are supported.'
+                                  type: string
+                                path:
+                                  description: 'Path defines the path of the patch.
+                                    Note: Only the spec of a template can be patched,
+                                    thus the path has to start with /spec/. Note:
+                                    For now the only allowed array modifications are
+                                    `append` and `prepend`, i.e.: * for op: `add`:
+                                    only index 0 (prepend) and - (append) are allowed
+                                    * for op: `replace` or `remove`: no indexes are
+                                    allowed'
+                                  type: string
+                                value:
+                                  description: 'Value defines the value of the patch.
+                                    Note: Either Value or ValueFrom is required for
+                                    add and replace operations. Only one of them is
+                                    allowed to be set at the same time. Note: We have
+                                    to use apiextensionsv1.JSON instead of our JSON
+                                    type, because controller-tools has a hard-coded
+                                    schema for apiextensionsv1.JSON which cannot be
+                                    produced by another type (unset type field). Ref:
+                                    https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+                                  x-kubernetes-preserve-unknown-fields: true
+                                valueFrom:
+                                  description: 'ValueFrom defines the value of the
+                                    patch. Note: Either Value or ValueFrom is required
+                                    for add and replace operations. Only one of them
+                                    is allowed to be set at the same time.'
+                                  properties:
+                                    template:
+                                      description: 'Template is the Go template to
+                                        be used to calculate the value. A template
+                                        can reference variables defined in .spec.variables
+                                        and builtin variables. Note: The template
+                                        must evaluate to a valid YAML or JSON value.'
+                                      type: string
+                                    variable:
+                                      description: Variable is the variable to be
+                                        used as value. Variable can be one of the
+                                        variables defined in .spec.variables or a
+                                        builtin variable.
+                                      type: string
+                                  type: object
+                              required:
+                              - op
+                              - path
+                              type: object
+                            type: array
+                          selector:
+                            description: Selector defines on which templates the patch
+                              should be applied.
+                            properties:
+                              apiVersion:
+                                description: APIVersion filters templates by apiVersion.
+                                type: string
+                              kind:
+                                description: Kind filters templates by kind.
+                                type: string
+                              matchResources:
+                                description: MatchResources selects templates based
+                                  on where they are referenced.
+                                properties:
+                                  controlPlane:
+                                    description: 'ControlPlane selects templates referenced
+                                      in .spec.ControlPlane. Note: this will match
+                                      the controlPlane and also the controlPlane machineInfrastructure
+                                      (depending on the kind and apiVersion).'
+                                    type: boolean
+                                  infrastructureCluster:
+                                    description: InfrastructureCluster selects templates
+                                      referenced in .spec.infrastructure.
+                                    type: boolean
+                                  machineDeploymentClass:
+                                    description: MachineDeploymentClass selects templates
+                                      referenced in specific MachineDeploymentClasses
+                                      in .spec.workers.machineDeployments.
+                                    properties:
+                                      names:
+                                        description: Names selects templates by class
+                                          names.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                type: object
+                            required:
+                            - apiVersion
+                            - kind
+                            - matchResources
+                            type: object
+                        required:
+                        - jsonPatches
+                        - selector
+                        type: object
+                      type: array
+                    description:
+                      description: Description is a human-readable description of
+                        this patch.
+                      type: string
+                    enabledIf:
+                      description: EnabledIf is a Go template to be used to calculate
+                        if a patch should be enabled. It can reference variables defined
+                        in .spec.variables and builtin variables. The patch will be
+                        enabled if the template evaluates to `true`, otherwise it
+                        will be disabled. If EnabledIf is not set, the patch will
+                        be enabled per default.
+                      type: string
+                    external:
+                      description: 'External defines an external patch. Note: Exactly
+                        one of Definitions or External must be set.'
+                      properties:
+                        generateExtension:
+                          description: GenerateExtension references an extension which
+                            is called to generate patches.
+                          type: string
+                        validateExtension:
+                          description: ValidateExtension references an extension which
+                            is called to validate the topology.
+                          type: string
+                      type: object
+                    name:
+                      description: Name of the patch.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              variables:
+                description: Variables defines the variables which can be configured
+                  in the Cluster topology and are then used in patches.
+                items:
+                  description: ClusterClassVariable defines a variable which can be
+                    configured in the Cluster topology and used in patches.
+                  properties:
+                    name:
+                      description: Name of the variable.
+                      type: string
+                    required:
+                      description: 'Required specifies if the variable is required.
+                        Note: this applies to the variable as a whole and thus the
+                        top-level object defined in the schema. If nested fields are
+                        required, this will be specified inside the schema.'
+                      type: boolean
+                    schema:
+                      description: Schema defines the schema of the variable.
+                      properties:
+                        openAPIV3Schema:
+                          description: OpenAPIV3Schema defines the schema of a variable
+                            via OpenAPI v3 schema. The schema is a subset of the schema
+                            used in Kubernetes CRDs.
+                          properties:
+                            additionalProperties:
+                              description: 'AdditionalProperties specifies the schema
+                                of values in a map (keys are always strings). NOTE:
+                                Can only be set if type is object. NOTE: AdditionalProperties
+                                is mutually exclusive with Properties. NOTE: This
+                                field uses PreserveUnknownFields and Schemaless, because
+                                recursive validation is not possible.'
+                              x-kubernetes-preserve-unknown-fields: true
+                            default:
+                              description: 'Default is the default value of the variable.
+                                NOTE: Can be set for all types.'
+                              x-kubernetes-preserve-unknown-fields: true
+                            description:
+                              description: Description is a human-readable description
+                                of this variable.
+                              type: string
+                            enum:
+                              description: 'Enum is the list of valid values of the
+                                variable. NOTE: Can be set for all types.'
+                              items:
+                                x-kubernetes-preserve-unknown-fields: true
+                              type: array
+                            example:
+                              description: Example is an example for this variable.
+                              x-kubernetes-preserve-unknown-fields: true
+                            exclusiveMaximum:
+                              description: 'ExclusiveMaximum specifies if the Maximum
+                                is exclusive. NOTE: Can only be set if type is integer
+                                or number.'
+                              type: boolean
+                            exclusiveMinimum:
+                              description: 'ExclusiveMinimum specifies if the Minimum
+                                is exclusive. NOTE: Can only be set if type is integer
+                                or number.'
+                              type: boolean
+                            format:
+                              description: 'Format is an OpenAPI v3 format string.
+                                Unknown formats are ignored. For a list of supported
+                                formats please see: (of the k8s.io/apiextensions-apiserver
+                                version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
+                                NOTE: Can only be set if type is string.'
+                              type: string
+                            items:
+                              description: 'Items specifies fields of an array. NOTE:
+                                Can only be set if type is array. NOTE: This field
+                                uses PreserveUnknownFields and Schemaless, because
+                                recursive validation is not possible.'
+                              x-kubernetes-preserve-unknown-fields: true
+                            maxItems:
+                              description: 'MaxItems is the max length of an array
+                                variable. NOTE: Can only be set if type is array.'
+                              format: int64
+                              type: integer
+                            maxLength:
+                              description: 'MaxLength is the max length of a string
+                                variable. NOTE: Can only be set if type is string.'
+                              format: int64
+                              type: integer
+                            maximum:
+                              description: 'Maximum is the maximum of an integer or
+                                number variable. If ExclusiveMaximum is false, the
+                                variable is valid if it is lower than, or equal to,
+                                the value of Maximum. If ExclusiveMaximum is true,
+                                the variable is valid if it is strictly lower than
+                                the value of Maximum. NOTE: Can only be set if type
+                                is integer or number.'
+                              format: int64
+                              type: integer
+                            minItems:
+                              description: 'MinItems is the min length of an array
+                                variable. NOTE: Can only be set if type is array.'
+                              format: int64
+                              type: integer
+                            minLength:
+                              description: 'MinLength is the min length of a string
+                                variable. NOTE: Can only be set if type is string.'
+                              format: int64
+                              type: integer
+                            minimum:
+                              description: 'Minimum is the minimum of an integer or
+                                number variable. If ExclusiveMinimum is false, the
+                                variable is valid if it is greater than, or equal
+                                to, the value of Minimum. If ExclusiveMinimum is true,
+                                the variable is valid if it is strictly greater than
+                                the value of Minimum. NOTE: Can only be set if type
+                                is integer or number.'
+                              format: int64
+                              type: integer
+                            pattern:
+                              description: 'Pattern is the regex which a string variable
+                                must match. NOTE: Can only be set if type is string.'
+                              type: string
+                            properties:
+                              description: 'Properties specifies fields of an object.
+                                NOTE: Can only be set if type is object. NOTE: Properties
+                                is mutually exclusive with AdditionalProperties. NOTE:
+                                This field uses PreserveUnknownFields and Schemaless,
+                                because recursive validation is not possible.'
+                              x-kubernetes-preserve-unknown-fields: true
+                            required:
+                              description: 'Required specifies which fields of an
+                                object are required. NOTE: Can only be set if type
+                                is object.'
+                              items:
+                                type: string
+                              type: array
+                            type:
+                              description: 'Type is the type of the variable. Valid
+                                values are: object, array, string, integer, number
+                                or boolean.'
+                              type: string
+                            uniqueItems:
+                              description: 'UniqueItems specifies if items in an array
+                                must be unique. NOTE: Can only be set if type is array.'
+                              type: boolean
+                            x-kubernetes-preserve-unknown-fields:
+                              description: XPreserveUnknownFields allows setting fields
+                                in a variable object which are not defined in the
+                                variable schema. This affects fields recursively,
+                                except if nested properties or additionalProperties
+                                are specified in the schema.
+                              type: boolean
+                          required:
+                          - type
+                          type: object
+                      required:
+                      - openAPIV3Schema
+                      type: object
+                  required:
+                  - name
+                  - required
+                  - schema
+                  type: object
+                type: array
+              workers:
+                description: Workers describes the worker nodes for the cluster. It
+                  is a collection of node types which can be used to create the worker
+                  nodes of the cluster.
+                properties:
+                  machineDeployments:
+                    description: MachineDeployments is a list of machine deployment
+                      classes that can be used to create a set of worker nodes.
+                    items:
+                      description: MachineDeploymentClass serves as a template to
+                        define a set of worker nodes of the cluster provisioned using
+                        the `ClusterClass`.
+                      properties:
+                        class:
+                          description: Class denotes a type of worker node present
+                            in the cluster, this name MUST be unique within a ClusterClass
+                            and can be referenced in the Cluster to create a managed
+                            MachineDeployment.
+                          type: string
+                        failureDomain:
+                          description: 'FailureDomain is the failure domain the machines
+                            will be created in. Must match a key in the FailureDomains
+                            map stored on the cluster object. NOTE: This value can
+                            be overridden while defining a Cluster.Topology using
+                            this MachineDeploymentClass.'
+                          type: string
+                        machineHealthCheck:
+                          description: MachineHealthCheck defines a MachineHealthCheck
+                            for this MachineDeploymentClass.
+                          properties:
+                            maxUnhealthy:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              description: Any further remediation is only allowed
+                                if at most "MaxUnhealthy" machines selected by "selector"
+                                are not healthy.
+                              x-kubernetes-int-or-string: true
+                            nodeStartupTimeout:
+                              description: Machines older than this duration without
+                                a node will be considered to have failed and will
+                                be remediated. If you wish to disable this feature,
+                                set the value explicitly to 0.
+                              type: string
+                            remediationTemplate:
+                              description: "RemediationTemplate is a reference to
+                                a remediation template provided by an infrastructure
+                                provider. \n This field is completely optional, when
+                                filled, the MachineHealthCheck controller creates
+                                a new object from the template referenced and hands
+                                off remediation of the machine to a controller that
+                                lives outside of Cluster API."
+                              properties:
+                                apiVersion:
+                                  description: API version of the referent.
+                                  type: string
+                                fieldPath:
+                                  description: 'If referring to a piece of an object
+                                    instead of an entire object, this string should
+                                    contain a valid JSON/Go field access statement,
+                                    such as desiredState.manifest.containers[2]. For
+                                    example, if the object reference is to a container
+                                    within a pod, this would take on a value like:
+                                    "spec.containers{name}" (where "name" refers to
+                                    the name of the container that triggered the event)
+                                    or if no container name is specified "spec.containers[2]"
+                                    (container with index 2 in this pod). This syntax
+                                    is chosen only to have some well-defined way of
+                                    referencing a part of an object. TODO: this design
+                                    is not final and this field is subject to change
+                                    in the future.'
+                                  type: string
+                                kind:
+                                  description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                  type: string
+                                namespace:
+                                  description: 'Namespace of the referent. More info:
+                                    https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                  type: string
+                                resourceVersion:
+                                  description: 'Specific resourceVersion to which
+                                    this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                  type: string
+                                uid:
+                                  description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            unhealthyConditions:
+                              description: UnhealthyConditions contains a list of
+                                the conditions that determine whether a node is considered
+                                unhealthy. The conditions are combined in a logical
+                                OR, i.e. if any of the conditions is met, the node
+                                is unhealthy.
+                              items:
+                                description: UnhealthyCondition represents a Node
+                                  condition type and value with a timeout specified
+                                  as a duration.  When the named condition has been
+                                  in the given status for at least the timeout value,
+                                  a node is considered unhealthy.
+                                properties:
+                                  status:
+                                    minLength: 1
+                                    type: string
+                                  timeout:
+                                    type: string
+                                  type:
+                                    minLength: 1
+                                    type: string
+                                required:
+                                - status
+                                - timeout
+                                - type
+                                type: object
+                              type: array
+                            unhealthyRange:
+                              description: 'Any further remediation is only allowed
+                                if the number of machines selected by "selector" as
+                                not healthy is within the range of "UnhealthyRange".
+                                Takes precedence over MaxUnhealthy. Eg. "[3-5]" -
+                                This means that remediation will be allowed only when:
+                                (a) there are at least 3 unhealthy machines (and)
+                                (b) there are at most 5 unhealthy machines'
+                              pattern: ^\[[0-9]+-[0-9]+\]$
+                              type: string
+                          type: object
+                        minReadySeconds:
+                          description: 'Minimum number of seconds for which a newly
+                            created machine should be ready. Defaults to 0 (machine
+                            will be considered available as soon as it is ready) NOTE:
+                            This value can be overridden while defining a Cluster.Topology
+                            using this MachineDeploymentClass.'
+                          format: int32
+                          type: integer
+                        nodeDeletionTimeout:
+                          description: 'NodeDeletionTimeout defines how long the controller
+                            will attempt to delete the Node that the Machine hosts
+                            after the Machine is marked for deletion. A duration of
+                            0 will retry deletion indefinitely. Defaults to 10 seconds.
+                            NOTE: This value can be overridden while defining a Cluster.Topology
+                            using this MachineDeploymentClass.'
+                          type: string
+                        nodeDrainTimeout:
+                          description: 'NodeDrainTimeout is the total amount of time
+                            that the controller will spend on draining a node. The
+                            default value is 0, meaning that the node can be drained
+                            without any time limitations. NOTE: NodeDrainTimeout is
+                            different from `kubectl drain --timeout` NOTE: This value
+                            can be overridden while defining a Cluster.Topology using
+                            this MachineDeploymentClass.'
+                          type: string
+                        nodeVolumeDetachTimeout:
+                          description: 'NodeVolumeDetachTimeout is the total amount
+                            of time that the controller will spend on waiting for
+                            all volumes to be detached. The default value is 0, meaning
+                            that the volumes can be detached without any time limitations.
+                            NOTE: This value can be overridden while defining a Cluster.Topology
+                            using this MachineDeploymentClass.'
+                          type: string
+                        strategy:
+                          description: 'The deployment strategy to use to replace
+                            existing machines with new ones. NOTE: This value can
+                            be overridden while defining a Cluster.Topology using
+                            this MachineDeploymentClass.'
+                          properties:
+                            rollingUpdate:
+                              description: Rolling update config params. Present only
+                                if MachineDeploymentStrategyType = RollingUpdate.
+                              properties:
+                                deletePolicy:
+                                  description: DeletePolicy defines the policy used
+                                    by the MachineDeployment to identify nodes to
+                                    delete when downscaling. Valid values are "Random,
+                                    "Newest", "Oldest" When no value is supplied,
+                                    the default DeletePolicy of MachineSet is used
+                                  enum:
+                                  - Random
+                                  - Newest
+                                  - Oldest
+                                  type: string
+                                maxSurge:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: 'The maximum number of machines that
+                                    can be scheduled above the desired number of machines.
+                                    Value can be an absolute number (ex: 5) or a percentage
+                                    of desired machines (ex: 10%). This can not be
+                                    0 if MaxUnavailable is 0. Absolute number is calculated
+                                    from percentage by rounding up. Defaults to 1.
+                                    Example: when this is set to 30%, the new MachineSet
+                                    can be scaled up immediately when the rolling
+                                    update starts, such that the total number of old
+                                    and new machines do not exceed 130% of desired
+                                    machines. Once old machines have been killed,
+                                    new MachineSet can be scaled up further, ensuring
+                                    that total number of machines running at any time
+                                    during the update is at most 130% of desired machines.'
+                                  x-kubernetes-int-or-string: true
+                                maxUnavailable:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: 'The maximum number of machines that
+                                    can be unavailable during the update. Value can
+                                    be an absolute number (ex: 5) or a percentage
+                                    of desired machines (ex: 10%). Absolute number
+                                    is calculated from percentage by rounding down.
+                                    This can not be 0 if MaxSurge is 0. Defaults to
+                                    0. Example: when this is set to 30%, the old MachineSet
+                                    can be scaled down to 70% of desired machines
+                                    immediately when the rolling update starts. Once
+                                    new machines are ready, old MachineSet can be
+                                    scaled down further, followed by scaling up the
+                                    new MachineSet, ensuring that the total number
+                                    of machines available at all times during the
+                                    update is at least 70% of desired machines.'
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            type:
+                              description: Type of deployment. Default is RollingUpdate.
+                              enum:
+                              - RollingUpdate
+                              - OnDelete
+                              type: string
+                          type: object
+                        template:
+                          description: Template is a local struct containing a collection
+                            of templates for creation of MachineDeployment objects
+                            representing a set of worker nodes.
+                          properties:
+                            bootstrap:
+                              description: Bootstrap contains the bootstrap template
+                                reference to be used for the creation of worker Machines.
+                              properties:
+                                ref:
+                                  description: Ref is a required reference to a custom
+                                    resource offered by a provider.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an
+                                        object instead of an entire object, this string
+                                        should contain a valid JSON/Go field access
+                                        statement, such as desiredState.manifest.containers[2].
+                                        For example, if the object reference is to
+                                        a container within a pod, this would take
+                                        on a value like: "spec.containers{name}" (where
+                                        "name" refers to the name of the container
+                                        that triggered the event) or if no container
+                                        name is specified "spec.containers[2]" (container
+                                        with index 2 in this pod). This syntax is
+                                        chosen only to have some well-defined way
+                                        of referencing a part of an object. TODO:
+                                        this design is not final and this field is
+                                        subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More
+                                        info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which
+                                        this reference is made, if any. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - ref
+                              type: object
+                            infrastructure:
+                              description: Infrastructure contains the infrastructure
+                                template reference to be used for the creation of
+                                worker Machines.
+                              properties:
+                                ref:
+                                  description: Ref is a required reference to a custom
+                                    resource offered by a provider.
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an
+                                        object instead of an entire object, this string
+                                        should contain a valid JSON/Go field access
+                                        statement, such as desiredState.manifest.containers[2].
+                                        For example, if the object reference is to
+                                        a container within a pod, this would take
+                                        on a value like: "spec.containers{name}" (where
+                                        "name" refers to the name of the container
+                                        that triggered the event) or if no container
+                                        name is specified "spec.containers[2]" (container
+                                        with index 2 in this pod). This syntax is
+                                        chosen only to have some well-defined way
+                                        of referencing a part of an object. TODO:
+                                        this design is not final and this field is
+                                        subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More
+                                        info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which
+                                        this reference is made, if any. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - ref
+                              type: object
+                            metadata:
+                              description: Metadata is the metadata applied to the
+                                machines of the MachineDeployment. At runtime this
+                                metadata is merged with the corresponding metadata
+                                from the topology.
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Annotations is an unstructured key
+                                    value map stored with a resource that may be set
+                                    by external tools to store and retrieve arbitrary
+                                    metadata. They are not queryable and should be
+                                    preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Map of string keys and values that
+                                    can be used to organize and categorize (scope
+                                    and select) objects. May match selectors of replication
+                                    controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                                  type: object
+                              type: object
+                          required:
+                          - bootstrap
+                          - infrastructure
+                          type: object
+                      required:
+                      - class
+                      - template
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ClusterClassStatus defines the observed state of the ClusterClass.
+            properties:
+              conditions:
+                description: Conditions defines current observed state of the ClusterClass.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: clusterresourcesetbindings.addons.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: addons.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: ClusterResourceSetBinding
+    listKind: ClusterResourceSetBindingList
+    plural: clusterresourcesetbindings
+    singular: clusterresourcesetbinding
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+          with the cluster it belongs to.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetBindingSpec defines the desired state of
+              ClusterResourceSetBinding.
+            properties:
+              bindings:
+                description: Bindings is a list of ClusterResourceSets and their resources.
+                items:
+                  description: ResourceSetBinding keeps info on all of the resources
+                    in a ClusterResourceSet.
+                  properties:
+                    clusterResourceSetName:
+                      description: ClusterResourceSetName is the name of the ClusterResourceSet
+                        that is applied to the owner cluster of the binding.
+                      type: string
+                    resources:
+                      description: Resources is a list of resources that the ClusterResourceSet
+                        has.
+                      items:
+                        description: ResourceBinding shows the status of a resource
+                          that belongs to a ClusterResourceSet matched by the owner
+                          cluster of the ClusterResourceSetBinding object.
+                        properties:
+                          applied:
+                            description: Applied is to track if a resource is applied
+                              to the cluster or not.
+                            type: boolean
+                          hash:
+                            description: Hash is the hash of a resource's data. This
+                              can be used to decide if a resource is changed. For
+                              "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+                              no-op as that strategy does not act on change.
+                            type: string
+                          kind:
+                            description: 'Kind of the resource. Supported kinds are:
+                              Secrets and ConfigMaps.'
+                            enum:
+                            - Secret
+                            - ConfigMap
+                            type: string
+                          lastAppliedTime:
+                            description: LastAppliedTime identifies when this resource
+                              was last applied to the cluster.
+                            format: date-time
+                            type: string
+                          name:
+                            description: Name of the resource that is in the same
+                              namespace with ClusterResourceSet object.
+                            minLength: 1
+                            type: string
+                        required:
+                        - applied
+                        - kind
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - clusterResourceSetName
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterResourceSetBinding
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+          with the cluster it belongs to.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetBindingSpec defines the desired state of
+              ClusterResourceSetBinding.
+            properties:
+              bindings:
+                description: Bindings is a list of ClusterResourceSets and their resources.
+                items:
+                  description: ResourceSetBinding keeps info on all of the resources
+                    in a ClusterResourceSet.
+                  properties:
+                    clusterResourceSetName:
+                      description: ClusterResourceSetName is the name of the ClusterResourceSet
+                        that is applied to the owner cluster of the binding.
+                      type: string
+                    resources:
+                      description: Resources is a list of resources that the ClusterResourceSet
+                        has.
+                      items:
+                        description: ResourceBinding shows the status of a resource
+                          that belongs to a ClusterResourceSet matched by the owner
+                          cluster of the ClusterResourceSetBinding object.
+                        properties:
+                          applied:
+                            description: Applied is to track if a resource is applied
+                              to the cluster or not.
+                            type: boolean
+                          hash:
+                            description: Hash is the hash of a resource's data. This
+                              can be used to decide if a resource is changed. For
+                              "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+                              no-op as that strategy does not act on change.
+                            type: string
+                          kind:
+                            description: 'Kind of the resource. Supported kinds are:
+                              Secrets and ConfigMaps.'
+                            enum:
+                            - Secret
+                            - ConfigMap
+                            type: string
+                          lastAppliedTime:
+                            description: LastAppliedTime identifies when this resource
+                              was last applied to the cluster.
+                            format: date-time
+                            type: string
+                          name:
+                            description: Name of the resource that is in the same
+                              namespace with ClusterResourceSet object.
+                            minLength: 1
+                            type: string
+                        required:
+                        - applied
+                        - kind
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - clusterResourceSetName
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterResourceSetBinding
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+          with the cluster it belongs to.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetBindingSpec defines the desired state of
+              ClusterResourceSetBinding.
+            properties:
+              bindings:
+                description: Bindings is a list of ClusterResourceSets and their resources.
+                items:
+                  description: ResourceSetBinding keeps info on all of the resources
+                    in a ClusterResourceSet.
+                  properties:
+                    clusterResourceSetName:
+                      description: ClusterResourceSetName is the name of the ClusterResourceSet
+                        that is applied to the owner cluster of the binding.
+                      type: string
+                    resources:
+                      description: Resources is a list of resources that the ClusterResourceSet
+                        has.
+                      items:
+                        description: ResourceBinding shows the status of a resource
+                          that belongs to a ClusterResourceSet matched by the owner
+                          cluster of the ClusterResourceSetBinding object.
+                        properties:
+                          applied:
+                            description: Applied is to track if a resource is applied
+                              to the cluster or not.
+                            type: boolean
+                          hash:
+                            description: Hash is the hash of a resource's data. This
+                              can be used to decide if a resource is changed. For
+                              "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+                              no-op as that strategy does not act on change.
+                            type: string
+                          kind:
+                            description: 'Kind of the resource. Supported kinds are:
+                              Secrets and ConfigMaps.'
+                            enum:
+                            - Secret
+                            - ConfigMap
+                            type: string
+                          lastAppliedTime:
+                            description: LastAppliedTime identifies when this resource
+                              was last applied to the cluster.
+                            format: date-time
+                            type: string
+                          name:
+                            description: Name of the resource that is in the same
+                              namespace with ClusterResourceSet object.
+                            minLength: 1
+                            type: string
+                        required:
+                        - applied
+                        - kind
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - clusterResourceSetName
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: clusterresourcesets.addons.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: addons.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: ClusterResourceSet
+    listKind: ClusterResourceSetList
+    plural: clusterresourcesets
+    singular: clusterresourceset
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSet is the Schema for the clusterresourcesets
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+            properties:
+              clusterSelector:
+                description: Label selector for Clusters. The Clusters that are selected
+                  by this will be the ones affected by this ClusterResourceSet. It
+                  must match the Cluster labels. This field is immutable.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              resources:
+                description: Resources is a list of Secrets/ConfigMaps where each
+                  contains 1 or more resources to be applied to remote clusters.
+                items:
+                  description: ResourceRef specifies a resource.
+                  properties:
+                    kind:
+                      description: 'Kind of the resource. Supported kinds are: Secrets
+                        and ConfigMaps.'
+                      enum:
+                      - Secret
+                      - ConfigMap
+                      type: string
+                    name:
+                      description: Name of the resource that is in the same namespace
+                        with ClusterResourceSet object.
+                      minLength: 1
+                      type: string
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
+              strategy:
+                description: Strategy is the strategy to be used during applying resources.
+                  Defaults to ApplyOnce. This field is immutable.
+                enum:
+                - ApplyOnce
+                type: string
+            required:
+            - clusterSelector
+            type: object
+          status:
+            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+            properties:
+              conditions:
+                description: Conditions defines current state of the ClusterResourceSet.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed ClusterResourceSet.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterResourceSet
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSet is the Schema for the clusterresourcesets
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+            properties:
+              clusterSelector:
+                description: Label selector for Clusters. The Clusters that are selected
+                  by this will be the ones affected by this ClusterResourceSet. It
+                  must match the Cluster labels. This field is immutable. Label selector
+                  cannot be empty.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              resources:
+                description: Resources is a list of Secrets/ConfigMaps where each
+                  contains 1 or more resources to be applied to remote clusters.
+                items:
+                  description: ResourceRef specifies a resource.
+                  properties:
+                    kind:
+                      description: 'Kind of the resource. Supported kinds are: Secrets
+                        and ConfigMaps.'
+                      enum:
+                      - Secret
+                      - ConfigMap
+                      type: string
+                    name:
+                      description: Name of the resource that is in the same namespace
+                        with ClusterResourceSet object.
+                      minLength: 1
+                      type: string
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
+              strategy:
+                description: Strategy is the strategy to be used during applying resources.
+                  Defaults to ApplyOnce. This field is immutable.
+                enum:
+                - ApplyOnce
+                type: string
+            required:
+            - clusterSelector
+            type: object
+          status:
+            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+            properties:
+              conditions:
+                description: Conditions defines current state of the ClusterResourceSet.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed ClusterResourceSet.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ClusterResourceSet
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ClusterResourceSet is the Schema for the clusterresourcesets
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+            properties:
+              clusterSelector:
+                description: Label selector for Clusters. The Clusters that are selected
+                  by this will be the ones affected by this ClusterResourceSet. It
+                  must match the Cluster labels. This field is immutable. Label selector
+                  cannot be empty.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+              resources:
+                description: Resources is a list of Secrets/ConfigMaps where each
+                  contains 1 or more resources to be applied to remote clusters.
+                items:
+                  description: ResourceRef specifies a resource.
+                  properties:
+                    kind:
+                      description: 'Kind of the resource. Supported kinds are: Secrets
+                        and ConfigMaps.'
+                      enum:
+                      - Secret
+                      - ConfigMap
+                      type: string
+                    name:
+                      description: Name of the resource that is in the same namespace
+                        with ClusterResourceSet object.
+                      minLength: 1
+                      type: string
+                  required:
+                  - kind
+                  - name
+                  type: object
+                type: array
+              strategy:
+                description: Strategy is the strategy to be used during applying resources.
+                  Defaults to ApplyOnce. This field is immutable.
+                enum:
+                - ApplyOnce
+                type: string
+            required:
+            - clusterSelector
+            type: object
+          status:
+            description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+            properties:
+              conditions:
+                description: Conditions defines current state of the ClusterResourceSet.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed ClusterResourceSet.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: clusters.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: Cluster
+    listKind: ClusterList
+    plural: clusters
+    shortNames:
+    - cl
+    singular: cluster
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: Cluster is the Schema for the clusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterSpec defines the desired state of Cluster.
+            properties:
+              clusterNetwork:
+                description: Cluster network configuration.
+                properties:
+                  apiServerPort:
+                    description: APIServerPort specifies the port the API Server should
+                      bind to. Defaults to 6443.
+                    format: int32
+                    type: integer
+                  pods:
+                    description: The network ranges from which Pod networks are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                  serviceDomain:
+                    description: Domain name for services.
+                    type: string
+                  services:
+                    description: The network ranges from which service VIPs are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              controlPlaneRef:
+                description: ControlPlaneRef is an optional reference to a provider-specific
+                  resource that holds the details for provisioning the Control Plane
+                  for a Cluster.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              infrastructureRef:
+                description: InfrastructureRef is a reference to a provider-specific
+                  resource that holds the details for provisioning infrastructure
+                  for a cluster in said provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              paused:
+                description: Paused can be used to prevent controllers from processing
+                  the Cluster and all its associated objects.
+                type: boolean
+            type: object
+          status:
+            description: ClusterStatus defines the observed state of Cluster.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the cluster.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              controlPlaneInitialized:
+                description: ControlPlaneInitialized defines if the control plane
+                  has been initialized.
+                type: boolean
+              controlPlaneReady:
+                description: ControlPlaneReady defines if the control plane is ready.
+                type: boolean
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of failure domain objects synced
+                  from the infrastructure provider.
+                type: object
+              failureMessage:
+                description: FailureMessage indicates that there is a fatal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a fatal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of Cluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: Cluster is the Schema for the clusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterSpec defines the desired state of Cluster.
+            properties:
+              clusterNetwork:
+                description: Cluster network configuration.
+                properties:
+                  apiServerPort:
+                    description: APIServerPort specifies the port the API Server should
+                      bind to. Defaults to 6443.
+                    format: int32
+                    type: integer
+                  pods:
+                    description: The network ranges from which Pod networks are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                  serviceDomain:
+                    description: Domain name for services.
+                    type: string
+                  services:
+                    description: The network ranges from which service VIPs are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              controlPlaneRef:
+                description: ControlPlaneRef is an optional reference to a provider-specific
+                  resource that holds the details for provisioning the Control Plane
+                  for a Cluster.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              infrastructureRef:
+                description: InfrastructureRef is a reference to a provider-specific
+                  resource that holds the details for provisioning infrastructure
+                  for a cluster in said provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              paused:
+                description: Paused can be used to prevent controllers from processing
+                  the Cluster and all its associated objects.
+                type: boolean
+              topology:
+                description: 'This encapsulates the topology for the cluster. NOTE:
+                  It is required to enable the ClusterTopology feature gate flag to
+                  activate managed topologies support; this feature is highly experimental,
+                  and parts of it might still be not implemented.'
+                properties:
+                  class:
+                    description: The name of the ClusterClass object to create the
+                      topology.
+                    type: string
+                  controlPlane:
+                    description: ControlPlane describes the cluster control plane.
+                    properties:
+                      metadata:
+                        description: "Metadata is the metadata applied to the machines
+                          of the ControlPlane. At runtime this metadata is merged
+                          with the corresponding metadata from the ClusterClass. \n
+                          This field is supported if and only if the control plane
+                          provider template referenced in the ClusterClass is Machine
+                          based."
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: 'Annotations is an unstructured key value
+                              map stored with a resource that may be set by external
+                              tools to store and retrieve arbitrary metadata. They
+                              are not queryable and should be preserved when modifying
+                              objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: 'Map of string keys and values that can be
+                              used to organize and categorize (scope and select) objects.
+                              May match selectors of replication controllers and services.
+                              More info: http://kubernetes.io/docs/user-guide/labels'
+                            type: object
+                        type: object
+                      replicas:
+                        description: Replicas is the number of control plane nodes.
+                          If the value is nil, the ControlPlane object is created
+                          without the number of Replicas and it's assumed that the
+                          control plane controller does not implement support for
+                          this field. When specified against a control plane provider
+                          that lacks support for this field, this value will be ignored.
+                        format: int32
+                        type: integer
+                    type: object
+                  rolloutAfter:
+                    description: RolloutAfter performs a rollout of the entire cluster
+                      one component at a time, control plane first and then machine
+                      deployments.
+                    format: date-time
+                    type: string
+                  version:
+                    description: The Kubernetes version of the cluster.
+                    type: string
+                  workers:
+                    description: Workers encapsulates the different constructs that
+                      form the worker nodes for the cluster.
+                    properties:
+                      machineDeployments:
+                        description: MachineDeployments is a list of machine deployments
+                          in the cluster.
+                        items:
+                          description: MachineDeploymentTopology specifies the different
+                            parameters for a set of worker nodes in the topology.
+                            This set of nodes is managed by a MachineDeployment object
+                            whose lifecycle is managed by the Cluster controller.
+                          properties:
+                            class:
+                              description: Class is the name of the MachineDeploymentClass
+                                used to create the set of worker nodes. This should
+                                match one of the deployment classes defined in the
+                                ClusterClass object mentioned in the `Cluster.Spec.Class`
+                                field.
+                              type: string
+                            metadata:
+                              description: Metadata is the metadata applied to the
+                                machines of the MachineDeployment. At runtime this
+                                metadata is merged with the corresponding metadata
+                                from the ClusterClass.
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Annotations is an unstructured key
+                                    value map stored with a resource that may be set
+                                    by external tools to store and retrieve arbitrary
+                                    metadata. They are not queryable and should be
+                                    preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Map of string keys and values that
+                                    can be used to organize and categorize (scope
+                                    and select) objects. May match selectors of replication
+                                    controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                                  type: object
+                              type: object
+                            name:
+                              description: Name is the unique identifier for this
+                                MachineDeploymentTopology. The value is used with
+                                other unique identifiers to create a MachineDeployment's
+                                Name (e.g. cluster's name, etc). In case the name
+                                is greater than the allowed maximum length, the values
+                                are hashed together.
+                              type: string
+                            replicas:
+                              description: Replicas is the number of worker nodes
+                                belonging to this set. If the value is nil, the MachineDeployment
+                                is created without the number of Replicas (defaulting
+                                to zero) and it's assumed that an external entity
+                                (like cluster autoscaler) is responsible for the management
+                                of this value.
+                              format: int32
+                              type: integer
+                          required:
+                          - class
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                required:
+                - class
+                - version
+                type: object
+            type: object
+          status:
+            description: ClusterStatus defines the observed state of Cluster.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the cluster.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              controlPlaneReady:
+                description: ControlPlaneReady defines if the control plane is ready.
+                type: boolean
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of failure domain objects synced
+                  from the infrastructure provider.
+                type: object
+              failureMessage:
+                description: FailureMessage indicates that there is a fatal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a fatal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Time duration since creation of Cluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this Cluster
+      jsonPath: .spec.topology.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Cluster is the Schema for the clusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterSpec defines the desired state of Cluster.
+            properties:
+              clusterNetwork:
+                description: Cluster network configuration.
+                properties:
+                  apiServerPort:
+                    description: APIServerPort specifies the port the API Server should
+                      bind to. Defaults to 6443.
+                    format: int32
+                    type: integer
+                  pods:
+                    description: The network ranges from which Pod networks are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                  serviceDomain:
+                    description: Domain name for services.
+                    type: string
+                  services:
+                    description: The network ranges from which service VIPs are allocated.
+                    properties:
+                      cidrBlocks:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidrBlocks
+                    type: object
+                type: object
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              controlPlaneRef:
+                description: ControlPlaneRef is an optional reference to a provider-specific
+                  resource that holds the details for provisioning the Control Plane
+                  for a Cluster.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              infrastructureRef:
+                description: InfrastructureRef is a reference to a provider-specific
+                  resource that holds the details for provisioning infrastructure
+                  for a cluster in said provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              paused:
+                description: Paused can be used to prevent controllers from processing
+                  the Cluster and all its associated objects.
+                type: boolean
+              topology:
+                description: 'This encapsulates the topology for the cluster. NOTE:
+                  It is required to enable the ClusterTopology feature gate flag to
+                  activate managed topologies support; this feature is highly experimental,
+                  and parts of it might still be not implemented.'
+                properties:
+                  class:
+                    description: The name of the ClusterClass object to create the
+                      topology.
+                    type: string
+                  controlPlane:
+                    description: ControlPlane describes the cluster control plane.
+                    properties:
+                      machineHealthCheck:
+                        description: MachineHealthCheck allows to enable, disable
+                          and override the MachineHealthCheck configuration in the
+                          ClusterClass for this control plane.
+                        properties:
+                          enable:
+                            description: "Enable controls if a MachineHealthCheck
+                              should be created for the target machines. \n If false:
+                              No MachineHealthCheck will be created. \n If not set(default):
+                              A MachineHealthCheck will be created if it is defined
+                              here or in the associated ClusterClass. If no MachineHealthCheck
+                              is defined then none will be created. \n If true: A
+                              MachineHealthCheck is guaranteed to be created. Cluster
+                              validation will block if `enable` is true and no MachineHealthCheck
+                              definition is available."
+                            type: boolean
+                          maxUnhealthy:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Any further remediation is only allowed if
+                              at most "MaxUnhealthy" machines selected by "selector"
+                              are not healthy.
+                            x-kubernetes-int-or-string: true
+                          nodeStartupTimeout:
+                            description: Machines older than this duration without
+                              a node will be considered to have failed and will be
+                              remediated. If you wish to disable this feature, set
+                              the value explicitly to 0.
+                            type: string
+                          remediationTemplate:
+                            description: "RemediationTemplate is a reference to a
+                              remediation template provided by an infrastructure provider.
+                              \n This field is completely optional, when filled, the
+                              MachineHealthCheck controller creates a new object from
+                              the template referenced and hands off remediation of
+                              the machine to a controller that lives outside of Cluster
+                              API."
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          unhealthyConditions:
+                            description: UnhealthyConditions contains a list of the
+                              conditions that determine whether a node is considered
+                              unhealthy. The conditions are combined in a logical
+                              OR, i.e. if any of the conditions is met, the node is
+                              unhealthy.
+                            items:
+                              description: UnhealthyCondition represents a Node condition
+                                type and value with a timeout specified as a duration.  When
+                                the named condition has been in the given status for
+                                at least the timeout value, a node is considered unhealthy.
+                              properties:
+                                status:
+                                  minLength: 1
+                                  type: string
+                                timeout:
+                                  type: string
+                                type:
+                                  minLength: 1
+                                  type: string
+                              required:
+                              - status
+                              - timeout
+                              - type
+                              type: object
+                            type: array
+                          unhealthyRange:
+                            description: 'Any further remediation is only allowed
+                              if the number of machines selected by "selector" as
+                              not healthy is within the range of "UnhealthyRange".
+                              Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This
+                              means that remediation will be allowed only when: (a)
+                              there are at least 3 unhealthy machines (and) (b) there
+                              are at most 5 unhealthy machines'
+                            pattern: ^\[[0-9]+-[0-9]+\]$
+                            type: string
+                        type: object
+                      metadata:
+                        description: "Metadata is the metadata applied to the machines
+                          of the ControlPlane. At runtime this metadata is merged
+                          with the corresponding metadata from the ClusterClass. \n
+                          This field is supported if and only if the control plane
+                          provider template referenced in the ClusterClass is Machine
+                          based."
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              type: string
+                            description: 'Annotations is an unstructured key value
+                              map stored with a resource that may be set by external
+                              tools to store and retrieve arbitrary metadata. They
+                              are not queryable and should be preserved when modifying
+                              objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                            type: object
+                          labels:
+                            additionalProperties:
+                              type: string
+                            description: 'Map of string keys and values that can be
+                              used to organize and categorize (scope and select) objects.
+                              May match selectors of replication controllers and services.
+                              More info: http://kubernetes.io/docs/user-guide/labels'
+                            type: object
+                        type: object
+                      nodeDeletionTimeout:
+                        description: NodeDeletionTimeout defines how long the controller
+                          will attempt to delete the Node that the Machine hosts after
+                          the Machine is marked for deletion. A duration of 0 will
+                          retry deletion indefinitely. Defaults to 10 seconds.
+                        type: string
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      nodeVolumeDetachTimeout:
+                        description: NodeVolumeDetachTimeout is the total amount of
+                          time that the controller will spend on waiting for all volumes
+                          to be detached. The default value is 0, meaning that the
+                          volumes can be detached without any time limitations.
+                        type: string
+                      replicas:
+                        description: Replicas is the number of control plane nodes.
+                          If the value is nil, the ControlPlane object is created
+                          without the number of Replicas and it's assumed that the
+                          control plane controller does not implement support for
+                          this field. When specified against a control plane provider
+                          that lacks support for this field, this value will be ignored.
+                        format: int32
+                        type: integer
+                    type: object
+                  rolloutAfter:
+                    description: RolloutAfter performs a rollout of the entire cluster
+                      one component at a time, control plane first and then machine
+                      deployments.
+                    format: date-time
+                    type: string
+                  variables:
+                    description: Variables can be used to customize the Cluster through
+                      patches. They must comply to the corresponding VariableClasses
+                      defined in the ClusterClass.
+                    items:
+                      description: ClusterVariable can be used to customize the Cluster
+                        through patches. It must comply to the corresponding ClusterClassVariable
+                        defined in the ClusterClass.
+                      properties:
+                        name:
+                          description: Name of the variable.
+                          type: string
+                        value:
+                          description: 'Value of the variable. Note: the value will
+                            be validated against the schema of the corresponding ClusterClassVariable
+                            from the ClusterClass. Note: We have to use apiextensionsv1.JSON
+                            instead of a custom JSON type, because controller-tools
+                            has a hard-coded schema for apiextensionsv1.JSON which
+                            cannot be produced by another type via controller-tools,
+                            i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+                          x-kubernetes-preserve-unknown-fields: true
+                      required:
+                      - name
+                      - value
+                      type: object
+                    type: array
+                  version:
+                    description: The Kubernetes version of the cluster.
+                    type: string
+                  workers:
+                    description: Workers encapsulates the different constructs that
+                      form the worker nodes for the cluster.
+                    properties:
+                      machineDeployments:
+                        description: MachineDeployments is a list of machine deployments
+                          in the cluster.
+                        items:
+                          description: MachineDeploymentTopology specifies the different
+                            parameters for a set of worker nodes in the topology.
+                            This set of nodes is managed by a MachineDeployment object
+                            whose lifecycle is managed by the Cluster controller.
+                          properties:
+                            class:
+                              description: Class is the name of the MachineDeploymentClass
+                                used to create the set of worker nodes. This should
+                                match one of the deployment classes defined in the
+                                ClusterClass object mentioned in the `Cluster.Spec.Class`
+                                field.
+                              type: string
+                            failureDomain:
+                              description: FailureDomain is the failure domain the
+                                machines will be created in. Must match a key in the
+                                FailureDomains map stored on the cluster object.
+                              type: string
+                            machineHealthCheck:
+                              description: MachineHealthCheck allows to enable, disable
+                                and override the MachineHealthCheck configuration
+                                in the ClusterClass for this MachineDeployment.
+                              properties:
+                                enable:
+                                  description: "Enable controls if a MachineHealthCheck
+                                    should be created for the target machines. \n
+                                    If false: No MachineHealthCheck will be created.
+                                    \n If not set(default): A MachineHealthCheck will
+                                    be created if it is defined here or in the associated
+                                    ClusterClass. If no MachineHealthCheck is defined
+                                    then none will be created. \n If true: A MachineHealthCheck
+                                    is guaranteed to be created. Cluster validation
+                                    will block if `enable` is true and no MachineHealthCheck
+                                    definition is available."
+                                  type: boolean
+                                maxUnhealthy:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Any further remediation is only allowed
+                                    if at most "MaxUnhealthy" machines selected by
+                                    "selector" are not healthy.
+                                  x-kubernetes-int-or-string: true
+                                nodeStartupTimeout:
+                                  description: Machines older than this duration without
+                                    a node will be considered to have failed and will
+                                    be remediated. If you wish to disable this feature,
+                                    set the value explicitly to 0.
+                                  type: string
+                                remediationTemplate:
+                                  description: "RemediationTemplate is a reference
+                                    to a remediation template provided by an infrastructure
+                                    provider. \n This field is completely optional,
+                                    when filled, the MachineHealthCheck controller
+                                    creates a new object from the template referenced
+                                    and hands off remediation of the machine to a
+                                    controller that lives outside of Cluster API."
+                                  properties:
+                                    apiVersion:
+                                      description: API version of the referent.
+                                      type: string
+                                    fieldPath:
+                                      description: 'If referring to a piece of an
+                                        object instead of an entire object, this string
+                                        should contain a valid JSON/Go field access
+                                        statement, such as desiredState.manifest.containers[2].
+                                        For example, if the object reference is to
+                                        a container within a pod, this would take
+                                        on a value like: "spec.containers{name}" (where
+                                        "name" refers to the name of the container
+                                        that triggered the event) or if no container
+                                        name is specified "spec.containers[2]" (container
+                                        with index 2 in this pod). This syntax is
+                                        chosen only to have some well-defined way
+                                        of referencing a part of an object. TODO:
+                                        this design is not final and this field is
+                                        subject to change in the future.'
+                                      type: string
+                                    kind:
+                                      description: 'Kind of the referent. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                      type: string
+                                    namespace:
+                                      description: 'Namespace of the referent. More
+                                        info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                      type: string
+                                    resourceVersion:
+                                      description: 'Specific resourceVersion to which
+                                        this reference is made, if any. More info:
+                                        https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                      type: string
+                                    uid:
+                                      description: 'UID of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                      type: string
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                unhealthyConditions:
+                                  description: UnhealthyConditions contains a list
+                                    of the conditions that determine whether a node
+                                    is considered unhealthy. The conditions are combined
+                                    in a logical OR, i.e. if any of the conditions
+                                    is met, the node is unhealthy.
+                                  items:
+                                    description: UnhealthyCondition represents a Node
+                                      condition type and value with a timeout specified
+                                      as a duration.  When the named condition has
+                                      been in the given status for at least the timeout
+                                      value, a node is considered unhealthy.
+                                    properties:
+                                      status:
+                                        minLength: 1
+                                        type: string
+                                      timeout:
+                                        type: string
+                                      type:
+                                        minLength: 1
+                                        type: string
+                                    required:
+                                    - status
+                                    - timeout
+                                    - type
+                                    type: object
+                                  type: array
+                                unhealthyRange:
+                                  description: 'Any further remediation is only allowed
+                                    if the number of machines selected by "selector"
+                                    as not healthy is within the range of "UnhealthyRange".
+                                    Takes precedence over MaxUnhealthy. Eg. "[3-5]"
+                                    - This means that remediation will be allowed
+                                    only when: (a) there are at least 3 unhealthy
+                                    machines (and) (b) there are at most 5 unhealthy
+                                    machines'
+                                  pattern: ^\[[0-9]+-[0-9]+\]$
+                                  type: string
+                              type: object
+                            metadata:
+                              description: Metadata is the metadata applied to the
+                                machines of the MachineDeployment. At runtime this
+                                metadata is merged with the corresponding metadata
+                                from the ClusterClass.
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Annotations is an unstructured key
+                                    value map stored with a resource that may be set
+                                    by external tools to store and retrieve arbitrary
+                                    metadata. They are not queryable and should be
+                                    preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  description: 'Map of string keys and values that
+                                    can be used to organize and categorize (scope
+                                    and select) objects. May match selectors of replication
+                                    controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+                                  type: object
+                              type: object
+                            minReadySeconds:
+                              description: Minimum number of seconds for which a newly
+                                created machine should be ready. Defaults to 0 (machine
+                                will be considered available as soon as it is ready)
+                              format: int32
+                              type: integer
+                            name:
+                              description: Name is the unique identifier for this
+                                MachineDeploymentTopology. The value is used with
+                                other unique identifiers to create a MachineDeployment's
+                                Name (e.g. cluster's name, etc). In case the name
+                                is greater than the allowed maximum length, the values
+                                are hashed together.
+                              type: string
+                            nodeDeletionTimeout:
+                              description: NodeDeletionTimeout defines how long the
+                                controller will attempt to delete the Node that the
+                                Machine hosts after the Machine is marked for deletion.
+                                A duration of 0 will retry deletion indefinitely.
+                                Defaults to 10 seconds.
+                              type: string
+                            nodeDrainTimeout:
+                              description: 'NodeDrainTimeout is the total amount of
+                                time that the controller will spend on draining a
+                                node. The default value is 0, meaning that the node
+                                can be drained without any time limitations. NOTE:
+                                NodeDrainTimeout is different from `kubectl drain
+                                --timeout`'
+                              type: string
+                            nodeVolumeDetachTimeout:
+                              description: NodeVolumeDetachTimeout is the total amount
+                                of time that the controller will spend on waiting
+                                for all volumes to be detached. The default value
+                                is 0, meaning that the volumes can be detached without
+                                any time limitations.
+                              type: string
+                            replicas:
+                              description: Replicas is the number of worker nodes
+                                belonging to this set. If the value is nil, the MachineDeployment
+                                is created without the number of Replicas (defaulting
+                                to zero) and it's assumed that an external entity
+                                (like cluster autoscaler) is responsible for the management
+                                of this value.
+                              format: int32
+                              type: integer
+                            strategy:
+                              description: The deployment strategy to use to replace
+                                existing machines with new ones.
+                              properties:
+                                rollingUpdate:
+                                  description: Rolling update config params. Present
+                                    only if MachineDeploymentStrategyType = RollingUpdate.
+                                  properties:
+                                    deletePolicy:
+                                      description: DeletePolicy defines the policy
+                                        used by the MachineDeployment to identify
+                                        nodes to delete when downscaling. Valid values
+                                        are "Random, "Newest", "Oldest" When no value
+                                        is supplied, the default DeletePolicy of MachineSet
+                                        is used
+                                      enum:
+                                      - Random
+                                      - Newest
+                                      - Oldest
+                                      type: string
+                                    maxSurge:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: 'The maximum number of machines
+                                        that can be scheduled above the desired number
+                                        of machines. Value can be an absolute number
+                                        (ex: 5) or a percentage of desired machines
+                                        (ex: 10%). This can not be 0 if MaxUnavailable
+                                        is 0. Absolute number is calculated from percentage
+                                        by rounding up. Defaults to 1. Example: when
+                                        this is set to 30%, the new MachineSet can
+                                        be scaled up immediately when the rolling
+                                        update starts, such that the total number
+                                        of old and new machines do not exceed 130%
+                                        of desired machines. Once old machines have
+                                        been killed, new MachineSet can be scaled
+                                        up further, ensuring that total number of
+                                        machines running at any time during the update
+                                        is at most 130% of desired machines.'
+                                      x-kubernetes-int-or-string: true
+                                    maxUnavailable:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: 'The maximum number of machines
+                                        that can be unavailable during the update.
+                                        Value can be an absolute number (ex: 5) or
+                                        a percentage of desired machines (ex: 10%).
+                                        Absolute number is calculated from percentage
+                                        by rounding down. This can not be 0 if MaxSurge
+                                        is 0. Defaults to 0. Example: when this is
+                                        set to 30%, the old MachineSet can be scaled
+                                        down to 70% of desired machines immediately
+                                        when the rolling update starts. Once new machines
+                                        are ready, old MachineSet can be scaled down
+                                        further, followed by scaling up the new MachineSet,
+                                        ensuring that the total number of machines
+                                        available at all times during the update is
+                                        at least 70% of desired machines.'
+                                      x-kubernetes-int-or-string: true
+                                  type: object
+                                type:
+                                  description: Type of deployment. Default is RollingUpdate.
+                                  enum:
+                                  - RollingUpdate
+                                  - OnDelete
+                                  type: string
+                              type: object
+                            variables:
+                              description: Variables can be used to customize the
+                                MachineDeployment through patches.
+                              properties:
+                                overrides:
+                                  description: Overrides can be used to override Cluster
+                                    level variables.
+                                  items:
+                                    description: ClusterVariable can be used to customize
+                                      the Cluster through patches. It must comply
+                                      to the corresponding ClusterClassVariable defined
+                                      in the ClusterClass.
+                                    properties:
+                                      name:
+                                        description: Name of the variable.
+                                        type: string
+                                      value:
+                                        description: 'Value of the variable. Note:
+                                          the value will be validated against the
+                                          schema of the corresponding ClusterClassVariable
+                                          from the ClusterClass. Note: We have to
+                                          use apiextensionsv1.JSON instead of a custom
+                                          JSON type, because controller-tools has
+                                          a hard-coded schema for apiextensionsv1.JSON
+                                          which cannot be produced by another type
+                                          via controller-tools, i.e. it is not possible
+                                          to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+                                        x-kubernetes-preserve-unknown-fields: true
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                              type: object
+                          required:
+                          - class
+                          - name
+                          type: object
+                        type: array
+                    type: object
+                required:
+                - class
+                - version
+                type: object
+            type: object
+          status:
+            description: ClusterStatus defines the observed state of Cluster.
+            properties:
+              conditions:
+                description: Conditions defines current service state of the cluster.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              controlPlaneReady:
+                description: ControlPlaneReady defines if the control plane is ready.
+                type: boolean
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains is a slice of failure domain objects synced
+                  from the infrastructure provider.
+                type: object
+              failureMessage:
+                description: FailureMessage indicates that there is a fatal problem
+                  reconciling the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a fatal problem
+                  reconciling the state, and will be set to a token value suitable
+                  for programmatic interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: extensionconfigs.runtime.cluster.x-k8s.io
+spec:
+  group: runtime.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: ExtensionConfig
+    listKind: ExtensionConfigList
+    plural: extensionconfigs
+    shortNames:
+    - ext
+    singular: extensionconfig
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - description: Time duration since creation of ExtensionConfig
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ExtensionConfig is the Schema for the ExtensionConfig API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ExtensionConfigSpec is the desired state of the ExtensionConfig
+            properties:
+              clientConfig:
+                description: ClientConfig defines how to communicate with the Extension
+                  server.
+                properties:
+                  caBundle:
+                    description: CABundle is a PEM encoded CA bundle which will be
+                      used to validate the Extension server's server certificate.
+                    format: byte
+                    type: string
+                  service:
+                    description: "Service is a reference to the Kubernetes service
+                      for the Extension server. Note: Exactly one of `url` or `service`
+                      must be specified. \n If the Extension server is running within
+                      a cluster, then you should use `service`."
+                    properties:
+                      name:
+                        description: Name is the name of the service.
+                        type: string
+                      namespace:
+                        description: Namespace is the namespace of the service.
+                        type: string
+                      path:
+                        description: Path is an optional URL path and if present may
+                          be any string permissible in a URL. If a path is set it
+                          will be used as prefix to the hook-specific path.
+                        type: string
+                      port:
+                        description: Port is the port on the service that's hosting
+                          the Extension server. Defaults to 443. Port should be a
+                          valid port number (1-65535, inclusive).
+                        format: int32
+                        type: integer
+                    required:
+                    - name
+                    - namespace
+                    type: object
+                  url:
+                    description: "URL gives the location of the Extension server,
+                      in standard URL form (`scheme://host:port/path`). Note: Exactly
+                      one of `url` or `service` must be specified. \n The scheme must
+                      be \"https\". \n The `host` should not refer to a service running
+                      in the cluster; use the `service` field instead. \n A path is
+                      optional, and if present may be any string permissible in a
+                      URL. If a path is set it will be used as prefix to the hook-specific
+                      path. \n Attempting to use a user or basic auth e.g. \"user:password@\"
+                      is not allowed. Fragments (\"#...\") and query parameters (\"?...\")
+                      are not allowed either."
+                    type: string
+                type: object
+              namespaceSelector:
+                description: NamespaceSelector decides whether to call the hook for
+                  an object based on whether the namespace for that object matches
+                  the selector. Defaults to the empty LabelSelector, which matches
+                  all objects.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+            required:
+            - clientConfig
+            type: object
+          status:
+            description: ExtensionConfigStatus is the current state of the ExtensionConfig
+            properties:
+              conditions:
+                description: Conditions define the current service state of the ExtensionConfig.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              handlers:
+                description: Handlers defines the current ExtensionHandlers supported
+                  by an Extension.
+                items:
+                  description: ExtensionHandler specifies the details of a handler
+                    for a particular runtime hook registered by an Extension server.
+                  properties:
+                    failurePolicy:
+                      description: FailurePolicy defines how failures in calls to
+                        the ExtensionHandler should be handled by a client. Defaults
+                        to Fail if not set.
+                      type: string
+                    name:
+                      description: Name is the unique name of the ExtensionHandler.
+                      type: string
+                    requestHook:
+                      description: RequestHook defines the versioned runtime hook
+                        which this ExtensionHandler serves.
+                      properties:
+                        apiVersion:
+                          description: APIVersion is the group and version of the
+                            Hook.
+                          type: string
+                        hook:
+                          description: Hook is the name of the hook.
+                          type: string
+                      required:
+                      - apiVersion
+                      - hook
+                      type: object
+                    timeoutSeconds:
+                      description: TimeoutSeconds defines the timeout duration for
+                        client calls to the ExtensionHandler. Defaults to 10 is not
+                        set.
+                      format: int32
+                      type: integer
+                  required:
+                  - name
+                  - requestHook
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - name
+                x-kubernetes-list-type: map
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: ipaddressclaims.ipam.cluster.x-k8s.io
+spec:
+  group: ipam.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: IPAddressClaim
+    listKind: IPAddressClaimList
+    plural: ipaddressclaims
+    singular: ipaddressclaim
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Name of the pool to allocate an address from
+      jsonPath: .spec.poolRef.name
+      name: Pool Name
+      type: string
+    - description: Kind of the pool to allocate an address from
+      jsonPath: .spec.poolRef.kind
+      name: Pool Kind
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IPAddressClaim is the Schema for the ipaddressclaim API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
+            properties:
+              poolRef:
+                description: PoolRef is a reference to the pool from which an IP address
+                  should be created.
+                properties:
+                  apiGroup:
+                    description: APIGroup is the group for the resource being referenced.
+                      If APIGroup is not specified, the specified Kind must be in
+                      the core API group. For any other third-party types, APIGroup
+                      is required.
+                    type: string
+                  kind:
+                    description: Kind is the type of resource being referenced
+                    type: string
+                  name:
+                    description: Name is the name of resource being referenced
+                    type: string
+                required:
+                - apiGroup
+                - kind
+                - name
+                type: object
+            required:
+            - poolRef
+            type: object
+          status:
+            description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
+            properties:
+              addressRef:
+                description: AddressRef is a reference to the address that was created
+                  for this claim.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              conditions:
+                description: Conditions summarises the current state of the IPAddressClaim
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+            required:
+            - addressRef
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: ipaddresses.ipam.cluster.x-k8s.io
+spec:
+  group: ipam.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: IPAddress
+    listKind: IPAddressList
+    plural: ipaddresses
+    singular: ipaddress
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Address
+      jsonPath: .spec.address
+      name: Address
+      type: string
+    - description: Name of the pool the address is from
+      jsonPath: .spec.poolRef.name
+      name: Pool Name
+      type: string
+    - description: Kind of the pool the address is from
+      jsonPath: .spec.poolRef.kind
+      name: Pool Kind
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IPAddress is the Schema for the ipaddress API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IPAddressSpec is the desired state of an IPAddress.
+            properties:
+              address:
+                description: Address is the IP address.
+                type: string
+              claimRef:
+                description: ClaimRef is a reference to the claim this IPAddress was
+                  created for.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
+              gateway:
+                description: Gateway is the network gateway of the network the address
+                  is from.
+                type: string
+              poolRef:
+                description: PoolRef is a reference to the pool that this IPAddress
+                  was created from.
+                properties:
+                  apiGroup:
+                    description: APIGroup is the group for the resource being referenced.
+                      If APIGroup is not specified, the specified Kind must be in
+                      the core API group. For any other third-party types, APIGroup
+                      is required.
+                    type: string
+                  kind:
+                    description: Kind is the type of resource being referenced
+                    type: string
+                  name:
+                    description: Name is the name of resource being referenced
+                    type: string
+                required:
+                - apiGroup
+                - kind
+                - name
+                type: object
+              prefix:
+                description: Prefix is the prefix of the address.
+                type: integer
+            required:
+            - address
+            - claimRef
+            - gateway
+            - poolRef
+            - prefix
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: machinedeployments.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: MachineDeployment
+    listKind: MachineDeploymentList
+    plural: machinedeployments
+    shortNames:
+    - md
+    singular: machinedeployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Total number of non-terminated machines targeted by this MachineDeployment
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of ready machines targeted by this MachineDeployment
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this deployment
+        that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this MachineDeployment
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: MachineDeployment is the Schema for the machinedeployments API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  should be ready. Defaults to 0 (machine will be considered available
+                  as soon as it is ready)
+                format: int32
+                type: integer
+              paused:
+                description: Indicates that the deployment is paused.
+                type: boolean
+              progressDeadlineSeconds:
+                description: The maximum time in seconds for a deployment to make
+                  progress before it is considered to be failed. The deployment controller
+                  will continue to process failed deployments and a condition with
+                  a ProgressDeadlineExceeded reason will be surfaced in the deployment
+                  status. Note that progress will not be estimated during the time
+                  a deployment is paused. Defaults to 600s.
+                format: int32
+                type: integer
+              replicas:
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              revisionHistoryLimit:
+                description: The number of old MachineSets to retain to allow rollback.
+                  This is a pointer to distinguish between explicit zero and not specified.
+                  Defaults to 1.
+                format: int32
+                type: integer
+              selector:
+                description: Label selector for machines. Existing MachineSets whose
+                  machines are selected by this will be the ones affected by this
+                  deployment. It must match the machine template's labels.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              strategy:
+                description: The deployment strategy to use to replace existing machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if MachineDeploymentStrategyType
+                      = RollingUpdate.
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be scheduled
+                          above the desired number of machines. Value can be an absolute
+                          number (ex: 5) or a percentage of desired machines (ex:
+                          10%). This can not be 0 if MaxUnavailable is 0. Absolute
+                          number is calculated from percentage by rounding up. Defaults
+                          to 1. Example: when this is set to 30%, the new MachineSet
+                          can be scaled up immediately when the rolling update starts,
+                          such that the total number of old and new machines do not
+                          exceed 130% of desired machines. Once old machines have
+                          been killed, new MachineSet can be scaled up further, ensuring
+                          that total number of machines running at any time during
+                          the update is at most 130% of desired machines.'
+                        x-kubernetes-int-or-string: true
+                      maxUnavailable:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be unavailable
+                          during the update. Value can be an absolute number (ex:
+                          5) or a percentage of desired machines (ex: 10%). Absolute
+                          number is calculated from percentage by rounding down. This
+                          can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+                          this is set to 30%, the old MachineSet can be scaled down
+                          to 70% of desired machines immediately when the rolling
+                          update starts. Once new machines are ready, old MachineSet
+                          can be scaled down further, followed by scaling up the new
+                          MachineSet, ensuring that the total number of machines available
+                          at all times during the update is at least 70% of desired
+                          machines.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of deployment. Currently the only supported
+                      strategy is "RollingUpdate". Default is RollingUpdate.
+                    type: string
+                type: object
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      generateName:
+                        description: "GenerateName is an optional prefix, used by
+                          the server, to generate a unique name ONLY IF the Name field
+                          has not been provided. If this field is used, the name returned
+                          to the client will be different than the name passed. This
+                          value will also be combined with a unique suffix. The provided
+                          value has the same validation rules as the Name field, and
+                          may be truncated by the length of the suffix required to
+                          make the value unique on the server. \n If this field is
+                          specified and the generated name exists, the server will
+                          NOT return a 409 - instead, it will either return 201 Created
+                          or 500 with Reason ServerTimeout indicating a unique name
+                          could not be found in the time allotted, and the client
+                          should retry (optionally after the time indicated in the
+                          Retry-After header). \n Applied only if Name is not specified.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                      name:
+                        description: "Name must be unique within a namespace. Is required
+                          when creating resources, although some resources may allow
+                          a client to request the generation of an appropriate name
+                          automatically. Name is primarily intended for creation idempotence
+                          and configuration definition. Cannot be updated. More info:
+                          http://kubernetes.io/docs/user-guide/identifiers#names \n
+                          Deprecated: This field has no function and is going to be
+                          removed in a next release."
+                        type: string
+                      namespace:
+                        description: "Namespace defines the space within each name
+                          must be unique. An empty namespace is equivalent to the
+                          \"default\" namespace, but \"default\" is the canonical
+                          representation. Not all objects are required to be scoped
+                          to a namespace - the value of this field for those objects
+                          will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+                          More info: http://kubernetes.io/docs/user-guide/namespaces
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      ownerReferences:
+                        description: "List of objects depended by this object. If
+                          ALL objects in the list have been deleted, this object will
+                          be garbage collected. If this object is managed by a controller,
+                          then an entry in this list will point to this controller,
+                          with the controller field set to true. There cannot be more
+                          than one managing controller. \n Deprecated: This field
+                          has no function and is going to be removed in a next release."
+                        items:
+                          description: OwnerReference contains enough information
+                            to let you identify an owning object. An owning object
+                            must be in the same namespace as the dependent, or be
+                            cluster-scoped, so there is no namespace field.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            blockOwnerDeletion:
+                              description: If true, AND if the owner has the "foregroundDeletion"
+                                finalizer, then the owner cannot be deleted from the
+                                key-value store until this reference is removed. See
+                                https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+                                for how the garbage collector interacts with this
+                                field and enforces the foreground deletion. Defaults
+                                to false. To set this field, a user needs "delete"
+                                permission of the owner, otherwise 422 (Unprocessable
+                                Entity) will be returned.
+                              type: boolean
+                            controller:
+                              description: If true, this reference points to the managing
+                                controller.
+                              type: boolean
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              type: string
+                          required:
+                          - apiVersion
+                          - kind
+                          - name
+                          - uid
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        type: array
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.Data
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          data:
+                            description: "Data contains the bootstrap data, such as
+                              cloud-init details scripts. If nil, the Machine should
+                              remain in the Pending state. \n Deprecated: Switch to
+                              DataSecretName."
+                            type: string
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            - template
+            type: object
+          status:
+            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+            properties:
+              availableReplicas:
+                description: Total number of available machines (ready for at least
+                  minReadySeconds) targeted by this deployment.
+                format: int32
+                type: integer
+              observedGeneration:
+                description: The generation observed by the deployment controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of a MachineDeployment
+                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+                type: string
+              readyReplicas:
+                description: Total number of ready machines targeted by this deployment.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  deployment. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet available or
+                  machines that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment that have the desired template spec.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Time duration since creation of MachineDeployment
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Total number of non-terminated machines targeted by this MachineDeployment
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of ready machines targeted by this MachineDeployment
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this deployment
+        that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this MachineDeployment
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: MachineDeployment is the Schema for the machinedeployments API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  should be ready. Defaults to 0 (machine will be considered available
+                  as soon as it is ready)
+                format: int32
+                type: integer
+              paused:
+                description: Indicates that the deployment is paused.
+                type: boolean
+              progressDeadlineSeconds:
+                description: The maximum time in seconds for a deployment to make
+                  progress before it is considered to be failed. The deployment controller
+                  will continue to process failed deployments and a condition with
+                  a ProgressDeadlineExceeded reason will be surfaced in the deployment
+                  status. Note that progress will not be estimated during the time
+                  a deployment is paused. Defaults to 600s.
+                format: int32
+                type: integer
+              replicas:
+                default: 1
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              revisionHistoryLimit:
+                description: The number of old MachineSets to retain to allow rollback.
+                  This is a pointer to distinguish between explicit zero and not specified.
+                  Defaults to 1.
+                format: int32
+                type: integer
+              selector:
+                description: Label selector for machines. Existing MachineSets whose
+                  machines are selected by this will be the ones affected by this
+                  deployment. It must match the machine template's labels.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              strategy:
+                description: The deployment strategy to use to replace existing machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if MachineDeploymentStrategyType
+                      = RollingUpdate.
+                    properties:
+                      deletePolicy:
+                        description: DeletePolicy defines the policy used by the MachineDeployment
+                          to identify nodes to delete when downscaling. Valid values
+                          are "Random, "Newest", "Oldest" When no value is supplied,
+                          the default DeletePolicy of MachineSet is used
+                        enum:
+                        - Random
+                        - Newest
+                        - Oldest
+                        type: string
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be scheduled
+                          above the desired number of machines. Value can be an absolute
+                          number (ex: 5) or a percentage of desired machines (ex:
+                          10%). This can not be 0 if MaxUnavailable is 0. Absolute
+                          number is calculated from percentage by rounding up. Defaults
+                          to 1. Example: when this is set to 30%, the new MachineSet
+                          can be scaled up immediately when the rolling update starts,
+                          such that the total number of old and new machines do not
+                          exceed 130% of desired machines. Once old machines have
+                          been killed, new MachineSet can be scaled up further, ensuring
+                          that total number of machines running at any time during
+                          the update is at most 130% of desired machines.'
+                        x-kubernetes-int-or-string: true
+                      maxUnavailable:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be unavailable
+                          during the update. Value can be an absolute number (ex:
+                          5) or a percentage of desired machines (ex: 10%). Absolute
+                          number is calculated from percentage by rounding down. This
+                          can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+                          this is set to 30%, the old MachineSet can be scaled down
+                          to 70% of desired machines immediately when the rolling
+                          update starts. Once new machines are ready, old MachineSet
+                          can be scaled down further, followed by scaling up the new
+                          MachineSet, ensuring that the total number of machines available
+                          at all times during the update is at least 70% of desired
+                          machines.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of deployment. Default is RollingUpdate.
+                    enum:
+                    - RollingUpdate
+                    - OnDelete
+                    type: string
+                type: object
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            - template
+            type: object
+          status:
+            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+            properties:
+              availableReplicas:
+                description: Total number of available machines (ready for at least
+                  minReadySeconds) targeted by this deployment.
+                format: int32
+                type: integer
+              conditions:
+                description: Conditions defines current service state of the MachineDeployment.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: The generation observed by the deployment controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of a MachineDeployment
+                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+                type: string
+              readyReplicas:
+                description: Total number of ready machines targeted by this deployment.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  deployment. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet available or
+                  machines that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment that have the desired template spec.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Total number of machines desired by this MachineDeployment
+      jsonPath: .spec.replicas
+      name: Desired
+      priority: 10
+      type: integer
+    - description: Total number of non-terminated machines targeted by this MachineDeployment
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of ready machines targeted by this MachineDeployment
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of non-terminated machines targeted by this deployment
+        that have the desired template spec
+      jsonPath: .status.updatedReplicas
+      name: Updated
+      type: integer
+    - description: Total number of unavailable machines targeted by this MachineDeployment
+      jsonPath: .status.unavailableReplicas
+      name: Unavailable
+      type: integer
+    - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Time duration since creation of MachineDeployment
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this MachineDeployment
+      jsonPath: .spec.template.spec.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MachineDeployment is the Schema for the machinedeployments API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  should be ready. Defaults to 0 (machine will be considered available
+                  as soon as it is ready)
+                format: int32
+                type: integer
+              paused:
+                description: Indicates that the deployment is paused.
+                type: boolean
+              progressDeadlineSeconds:
+                description: The maximum time in seconds for a deployment to make
+                  progress before it is considered to be failed. The deployment controller
+                  will continue to process failed deployments and a condition with
+                  a ProgressDeadlineExceeded reason will be surfaced in the deployment
+                  status. Note that progress will not be estimated during the time
+                  a deployment is paused. Defaults to 600s.
+                format: int32
+                type: integer
+              replicas:
+                default: 1
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              revisionHistoryLimit:
+                description: The number of old MachineSets to retain to allow rollback.
+                  This is a pointer to distinguish between explicit zero and not specified.
+                  Defaults to 1.
+                format: int32
+                type: integer
+              selector:
+                description: Label selector for machines. Existing MachineSets whose
+                  machines are selected by this will be the ones affected by this
+                  deployment. It must match the machine template's labels.
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              strategy:
+                description: The deployment strategy to use to replace existing machines
+                  with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if MachineDeploymentStrategyType
+                      = RollingUpdate.
+                    properties:
+                      deletePolicy:
+                        description: DeletePolicy defines the policy used by the MachineDeployment
+                          to identify nodes to delete when downscaling. Valid values
+                          are "Random, "Newest", "Oldest" When no value is supplied,
+                          the default DeletePolicy of MachineSet is used
+                        enum:
+                        - Random
+                        - Newest
+                        - Oldest
+                        type: string
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be scheduled
+                          above the desired number of machines. Value can be an absolute
+                          number (ex: 5) or a percentage of desired machines (ex:
+                          10%). This can not be 0 if MaxUnavailable is 0. Absolute
+                          number is calculated from percentage by rounding up. Defaults
+                          to 1. Example: when this is set to 30%, the new MachineSet
+                          can be scaled up immediately when the rolling update starts,
+                          such that the total number of old and new machines do not
+                          exceed 130% of desired machines. Once old machines have
+                          been killed, new MachineSet can be scaled up further, ensuring
+                          that total number of machines running at any time during
+                          the update is at most 130% of desired machines.'
+                        x-kubernetes-int-or-string: true
+                      maxUnavailable:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be unavailable
+                          during the update. Value can be an absolute number (ex:
+                          5) or a percentage of desired machines (ex: 10%). Absolute
+                          number is calculated from percentage by rounding down. This
+                          can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+                          this is set to 30%, the old MachineSet can be scaled down
+                          to 70% of desired machines immediately when the rolling
+                          update starts. Once new machines are ready, old MachineSet
+                          can be scaled down further, followed by scaling up the new
+                          MachineSet, ensuring that the total number of machines available
+                          at all times during the update is at least 70% of desired
+                          machines.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of deployment. Default is RollingUpdate.
+                    enum:
+                    - RollingUpdate
+                    - OnDelete
+                    type: string
+                type: object
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDeletionTimeout:
+                        description: NodeDeletionTimeout defines how long the controller
+                          will attempt to delete the Node that the Machine hosts after
+                          the Machine is marked for deletion. A duration of 0 will
+                          retry deletion indefinitely. Defaults to 10 seconds.
+                        type: string
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      nodeVolumeDetachTimeout:
+                        description: NodeVolumeDetachTimeout is the total amount of
+                          time that the controller will spend on waiting for all volumes
+                          to be detached. The default value is 0, meaning that the
+                          volumes can be detached without any time limitations.
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            - template
+            type: object
+          status:
+            description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+            properties:
+              availableReplicas:
+                description: Total number of available machines (ready for at least
+                  minReadySeconds) targeted by this deployment.
+                format: int32
+                type: integer
+              conditions:
+                description: Conditions defines current service state of the MachineDeployment.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              observedGeneration:
+                description: The generation observed by the deployment controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of a MachineDeployment
+                  (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+                type: string
+              readyReplicas:
+                description: Total number of ready machines targeted by this deployment.
+                format: int32
+                type: integer
+              replicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment (their labels match the selector).
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+              unavailableReplicas:
+                description: Total number of unavailable machines targeted by this
+                  deployment. This is the total number of machines that are still
+                  required for the deployment to have 100% available capacity. They
+                  may either be machines that are running but not yet available or
+                  machines that still have not been created.
+                format: int32
+                type: integer
+              updatedReplicas:
+                description: Total number of non-terminated machines targeted by this
+                  deployment that have the desired template spec.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: machinehealthchecks.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: MachineHealthCheck
+    listKind: MachineHealthCheckList
+    plural: machinehealthchecks
+    shortNames:
+    - mhc
+    - mhcs
+    singular: machinehealthcheck
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Maximum number of unhealthy machines allowed
+      jsonPath: .spec.maxUnhealthy
+      name: MaxUnhealthy
+      type: string
+    - description: Number of machines currently monitored
+      jsonPath: .status.expectedMachines
+      name: ExpectedMachines
+      type: integer
+    - description: Current observed healthy machines
+      jsonPath: .status.currentHealthy
+      name: CurrentHealthy
+      type: integer
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: MachineHealthCheck is the Schema for the machinehealthchecks
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of machine health check policy
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              maxUnhealthy:
+                anyOf:
+                - type: integer
+                - type: string
+                description: Any further remediation is only allowed if at most "MaxUnhealthy"
+                  machines selected by "selector" are not healthy.
+                x-kubernetes-int-or-string: true
+              nodeStartupTimeout:
+                description: Machines older than this duration without a node will
+                  be considered to have failed and will be remediated.
+                type: string
+              remediationTemplate:
+                description: "RemediationTemplate is a reference to a remediation
+                  template provided by an infrastructure provider. \n This field is
+                  completely optional, when filled, the MachineHealthCheck controller
+                  creates a new object from the template referenced and hands off
+                  remediation of the machine to a controller that lives outside of
+                  Cluster API."
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              selector:
+                description: Label selector to match machines whose health will be
+                  exercised
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              unhealthyConditions:
+                description: UnhealthyConditions contains a list of the conditions
+                  that determine whether a node is considered unhealthy.  The conditions
+                  are combined in a logical OR, i.e. if any of the conditions is met,
+                  the node is unhealthy.
+                items:
+                  description: UnhealthyCondition represents a Node condition type
+                    and value with a timeout specified as a duration.  When the named
+                    condition has been in the given status for at least the timeout
+                    value, a node is considered unhealthy.
+                  properties:
+                    status:
+                      minLength: 1
+                      type: string
+                    timeout:
+                      type: string
+                    type:
+                      minLength: 1
+                      type: string
+                  required:
+                  - status
+                  - timeout
+                  - type
+                  type: object
+                minItems: 1
+                type: array
+            required:
+            - clusterName
+            - selector
+            - unhealthyConditions
+            type: object
+          status:
+            description: Most recently observed status of MachineHealthCheck resource
+            properties:
+              conditions:
+                description: Conditions defines current service state of the MachineHealthCheck.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              currentHealthy:
+                description: total number of healthy machines counted by this machine
+                  health check
+                format: int32
+                minimum: 0
+                type: integer
+              expectedMachines:
+                description: total number of machines counted by this machine health
+                  check
+                format: int32
+                minimum: 0
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              remediationsAllowed:
+                description: RemediationsAllowed is the number of further remediations
+                  allowed by this machine health check before maxUnhealthy short circuiting
+                  will be applied
+                format: int32
+                minimum: 0
+                type: integer
+              targets:
+                description: Targets shows the current list of machines the machine
+                  health check is watching
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Time duration since creation of MachineHealthCheck
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Maximum number of unhealthy machines allowed
+      jsonPath: .spec.maxUnhealthy
+      name: MaxUnhealthy
+      type: string
+    - description: Number of machines currently monitored
+      jsonPath: .status.expectedMachines
+      name: ExpectedMachines
+      type: integer
+    - description: Current observed healthy machines
+      jsonPath: .status.currentHealthy
+      name: CurrentHealthy
+      type: integer
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: MachineHealthCheck is the Schema for the machinehealthchecks
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of machine health check policy
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              maxUnhealthy:
+                anyOf:
+                - type: integer
+                - type: string
+                description: Any further remediation is only allowed if at most "MaxUnhealthy"
+                  machines selected by "selector" are not healthy.
+                x-kubernetes-int-or-string: true
+              nodeStartupTimeout:
+                description: Machines older than this duration without a node will
+                  be considered to have failed and will be remediated. If not set,
+                  this value is defaulted to 10 minutes. If you wish to disable this
+                  feature, set the value explicitly to 0.
+                type: string
+              remediationTemplate:
+                description: "RemediationTemplate is a reference to a remediation
+                  template provided by an infrastructure provider. \n This field is
+                  completely optional, when filled, the MachineHealthCheck controller
+                  creates a new object from the template referenced and hands off
+                  remediation of the machine to a controller that lives outside of
+                  Cluster API."
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              selector:
+                description: Label selector to match machines whose health will be
+                  exercised
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              unhealthyConditions:
+                description: UnhealthyConditions contains a list of the conditions
+                  that determine whether a node is considered unhealthy.  The conditions
+                  are combined in a logical OR, i.e. if any of the conditions is met,
+                  the node is unhealthy.
+                items:
+                  description: UnhealthyCondition represents a Node condition type
+                    and value with a timeout specified as a duration.  When the named
+                    condition has been in the given status for at least the timeout
+                    value, a node is considered unhealthy.
+                  properties:
+                    status:
+                      minLength: 1
+                      type: string
+                    timeout:
+                      type: string
+                    type:
+                      minLength: 1
+                      type: string
+                  required:
+                  - status
+                  - timeout
+                  - type
+                  type: object
+                minItems: 1
+                type: array
+              unhealthyRange:
+                description: 'Any further remediation is only allowed if the number
+                  of machines selected by "selector" as not healthy is within the
+                  range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg.
+                  "[3-5]" - This means that remediation will be allowed only when:
+                  (a) there are at least 3 unhealthy machines (and) (b) there are
+                  at most 5 unhealthy machines'
+                pattern: ^\[[0-9]+-[0-9]+\]$
+                type: string
+            required:
+            - clusterName
+            - selector
+            - unhealthyConditions
+            type: object
+          status:
+            description: Most recently observed status of MachineHealthCheck resource
+            properties:
+              conditions:
+                description: Conditions defines current service state of the MachineHealthCheck.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              currentHealthy:
+                description: total number of healthy machines counted by this machine
+                  health check
+                format: int32
+                minimum: 0
+                type: integer
+              expectedMachines:
+                description: total number of machines counted by this machine health
+                  check
+                format: int32
+                minimum: 0
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              remediationsAllowed:
+                description: RemediationsAllowed is the number of further remediations
+                  allowed by this machine health check before maxUnhealthy short circuiting
+                  will be applied
+                format: int32
+                minimum: 0
+                type: integer
+              targets:
+                description: Targets shows the current list of machines the machine
+                  health check is watching
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Number of machines currently monitored
+      jsonPath: .status.expectedMachines
+      name: ExpectedMachines
+      type: integer
+    - description: Maximum number of unhealthy machines allowed
+      jsonPath: .spec.maxUnhealthy
+      name: MaxUnhealthy
+      type: string
+    - description: Current observed healthy machines
+      jsonPath: .status.currentHealthy
+      name: CurrentHealthy
+      type: integer
+    - description: Time duration since creation of MachineHealthCheck
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MachineHealthCheck is the Schema for the machinehealthchecks
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of machine health check policy
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              maxUnhealthy:
+                anyOf:
+                - type: integer
+                - type: string
+                description: Any further remediation is only allowed if at most "MaxUnhealthy"
+                  machines selected by "selector" are not healthy.
+                x-kubernetes-int-or-string: true
+              nodeStartupTimeout:
+                description: Machines older than this duration without a node will
+                  be considered to have failed and will be remediated. If not set,
+                  this value is defaulted to 10 minutes. If you wish to disable this
+                  feature, set the value explicitly to 0.
+                type: string
+              remediationTemplate:
+                description: "RemediationTemplate is a reference to a remediation
+                  template provided by an infrastructure provider. \n This field is
+                  completely optional, when filled, the MachineHealthCheck controller
+                  creates a new object from the template referenced and hands off
+                  remediation of the machine to a controller that lives outside of
+                  Cluster API."
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              selector:
+                description: Label selector to match machines whose health will be
+                  exercised
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              unhealthyConditions:
+                description: UnhealthyConditions contains a list of the conditions
+                  that determine whether a node is considered unhealthy.  The conditions
+                  are combined in a logical OR, i.e. if any of the conditions is met,
+                  the node is unhealthy.
+                items:
+                  description: UnhealthyCondition represents a Node condition type
+                    and value with a timeout specified as a duration.  When the named
+                    condition has been in the given status for at least the timeout
+                    value, a node is considered unhealthy.
+                  properties:
+                    status:
+                      minLength: 1
+                      type: string
+                    timeout:
+                      type: string
+                    type:
+                      minLength: 1
+                      type: string
+                  required:
+                  - status
+                  - timeout
+                  - type
+                  type: object
+                minItems: 1
+                type: array
+              unhealthyRange:
+                description: 'Any further remediation is only allowed if the number
+                  of machines selected by "selector" as not healthy is within the
+                  range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg.
+                  "[3-5]" - This means that remediation will be allowed only when:
+                  (a) there are at least 3 unhealthy machines (and) (b) there are
+                  at most 5 unhealthy machines'
+                pattern: ^\[[0-9]+-[0-9]+\]$
+                type: string
+            required:
+            - clusterName
+            - selector
+            - unhealthyConditions
+            type: object
+          status:
+            description: Most recently observed status of MachineHealthCheck resource
+            properties:
+              conditions:
+                description: Conditions defines current service state of the MachineHealthCheck.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              currentHealthy:
+                description: total number of healthy machines counted by this machine
+                  health check
+                format: int32
+                minimum: 0
+                type: integer
+              expectedMachines:
+                description: total number of machines counted by this machine health
+                  check
+                format: int32
+                minimum: 0
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              remediationsAllowed:
+                description: RemediationsAllowed is the number of further remediations
+                  allowed by this machine health check before maxUnhealthy short circuiting
+                  will be applied
+                format: int32
+                minimum: 0
+                type: integer
+              targets:
+                description: Targets shows the current list of machines the machine
+                  health check is watching
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: machinepools.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: MachinePool
+    listKind: MachinePoolList
+    plural: machinepools
+    shortNames:
+    - mp
+    singular: machinepool
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: MachinePool replicas count
+      jsonPath: .status.replicas
+      name: Replicas
+      type: string
+    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+        etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Kubernetes version associated with this MachinePool
+      jsonPath: .spec.template.spec.version
+      name: Version
+      type: string
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: MachinePool is the Schema for the machinepools API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachinePoolSpec defines the desired state of MachinePool.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomains:
+                description: FailureDomains is the list of failure domains this MachinePool
+                  should be attached to.
+                items:
+                  type: string
+                type: array
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  instances should be ready. Defaults to 0 (machine instance will
+                  be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              providerIDList:
+                description: ProviderIDList are the identification IDs of machine
+                  instances provided by the provider. This field must match the provider
+                  IDs as seen on the node objects corresponding to a machine pool's
+                  machine instances.
+                items:
+                  type: string
+                type: array
+              replicas:
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              strategy:
+                description: The deployment strategy to use to replace existing machine
+                  instances with new ones.
+                properties:
+                  rollingUpdate:
+                    description: Rolling update config params. Present only if MachineDeploymentStrategyType
+                      = RollingUpdate.
+                    properties:
+                      maxSurge:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be scheduled
+                          above the desired number of machines. Value can be an absolute
+                          number (ex: 5) or a percentage of desired machines (ex:
+                          10%). This can not be 0 if MaxUnavailable is 0. Absolute
+                          number is calculated from percentage by rounding up. Defaults
+                          to 1. Example: when this is set to 30%, the new MachineSet
+                          can be scaled up immediately when the rolling update starts,
+                          such that the total number of old and new machines do not
+                          exceed 130% of desired machines. Once old machines have
+                          been killed, new MachineSet can be scaled up further, ensuring
+                          that total number of machines running at any time during
+                          the update is at most 130% of desired machines.'
+                        x-kubernetes-int-or-string: true
+                      maxUnavailable:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: 'The maximum number of machines that can be unavailable
+                          during the update. Value can be an absolute number (ex:
+                          5) or a percentage of desired machines (ex: 10%). Absolute
+                          number is calculated from percentage by rounding down. This
+                          can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+                          this is set to 30%, the old MachineSet can be scaled down
+                          to 70% of desired machines immediately when the rolling
+                          update starts. Once new machines are ready, old MachineSet
+                          can be scaled down further, followed by scaling up the new
+                          MachineSet, ensuring that the total number of machines available
+                          at all times during the update is at least 70% of desired
+                          machines.'
+                        x-kubernetes-int-or-string: true
+                    type: object
+                  type:
+                    description: Type of deployment. Currently the only supported
+                      strategy is "RollingUpdate". Default is RollingUpdate.
+                    type: string
+                type: object
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      generateName:
+                        description: "GenerateName is an optional prefix, used by
+                          the server, to generate a unique name ONLY IF the Name field
+                          has not been provided. If this field is used, the name returned
+                          to the client will be different than the name passed. This
+                          value will also be combined with a unique suffix. The provided
+                          value has the same validation rules as the Name field, and
+                          may be truncated by the length of the suffix required to
+                          make the value unique on the server. \n If this field is
+                          specified and the generated name exists, the server will
+                          NOT return a 409 - instead, it will either return 201 Created
+                          or 500 with Reason ServerTimeout indicating a unique name
+                          could not be found in the time allotted, and the client
+                          should retry (optionally after the time indicated in the
+                          Retry-After header). \n Applied only if Name is not specified.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                      name:
+                        description: "Name must be unique within a namespace. Is required
+                          when creating resources, although some resources may allow
+                          a client to request the generation of an appropriate name
+                          automatically. Name is primarily intended for creation idempotence
+                          and configuration definition. Cannot be updated. More info:
+                          http://kubernetes.io/docs/user-guide/identifiers#names \n
+                          Deprecated: This field has no function and is going to be
+                          removed in a next release."
+                        type: string
+                      namespace:
+                        description: "Namespace defines the space within each name
+                          must be unique. An empty namespace is equivalent to the
+                          \"default\" namespace, but \"default\" is the canonical
+                          representation. Not all objects are required to be scoped
+                          to a namespace - the value of this field for those objects
+                          will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+                          More info: http://kubernetes.io/docs/user-guide/namespaces
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      ownerReferences:
+                        description: "List of objects depended by this object. If
+                          ALL objects in the list have been deleted, this object will
+                          be garbage collected. If this object is managed by a controller,
+                          then an entry in this list will point to this controller,
+                          with the controller field set to true. There cannot be more
+                          than one managing controller. \n Deprecated: This field
+                          has no function and is going to be removed in a next release."
+                        items:
+                          description: OwnerReference contains enough information
+                            to let you identify an owning object. An owning object
+                            must be in the same namespace as the dependent, or be
+                            cluster-scoped, so there is no namespace field.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            blockOwnerDeletion:
+                              description: If true, AND if the owner has the "foregroundDeletion"
+                                finalizer, then the owner cannot be deleted from the
+                                key-value store until this reference is removed. See
+                                https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+                                for how the garbage collector interacts with this
+                                field and enforces the foreground deletion. Defaults
+                                to false. To set this field, a user needs "delete"
+                                permission of the owner, otherwise 422 (Unprocessable
+                                Entity) will be returned.
+                              type: boolean
+                            controller:
+                              description: If true, this reference points to the managing
+                                controller.
+                              type: boolean
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              type: string
+                          required:
+                          - apiVersion
+                          - kind
+                          - name
+                          - uid
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        type: array
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.Data
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          data:
+                            description: "Data contains the bootstrap data, such as
+                              cloud-init details scripts. If nil, the Machine should
+                              remain in the Pending state. \n Deprecated: Switch to
+                              DataSecretName."
+                            type: string
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - template
+            type: object
+          status:
+            description: MachinePoolStatus defines the observed state of MachinePool.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachinePool.
+                format: int32
+                type: integer
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              conditions:
+                description: Conditions define the current service state of the MachinePool.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: FailureMessage indicates that there is a problem reconciling
+                  the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a problem reconciling
+                  the state, and will be set to a token value suitable for programmatic
+                  interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              nodeRefs:
+                description: NodeRefs will point to the corresponding Nodes if it
+                  they exist.
+                items:
+                  description: "ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen. 4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    ."
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+              readyReplicas:
+                description: The number of ready replicas for this MachinePool. A
+                  machine is considered ready when the node has been created and is
+                  "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              unavailableReplicas:
+                description: Total number of unavailable machine instances targeted
+                  by this machine pool. This is the total number of machine instances
+                  that are still required for the machine pool to have 100% available
+                  capacity. They may either be machine instances that are running
+                  but not yet available or machine instances that still have not been
+                  created.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Time duration since creation of MachinePool
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: MachinePool replicas count
+      jsonPath: .status.replicas
+      name: Replicas
+      type: string
+    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+        etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Kubernetes version associated with this MachinePool
+      jsonPath: .spec.template.spec.version
+      name: Version
+      type: string
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: MachinePool is the Schema for the machinepools API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachinePoolSpec defines the desired state of MachinePool.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomains:
+                description: FailureDomains is the list of failure domains this MachinePool
+                  should be attached to.
+                items:
+                  type: string
+                type: array
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  instances should be ready. Defaults to 0 (machine instance will
+                  be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              providerIDList:
+                description: ProviderIDList are the identification IDs of machine
+                  instances provided by the provider. This field must match the provider
+                  IDs as seen on the node objects corresponding to a machine pool's
+                  machine instances.
+                items:
+                  type: string
+                type: array
+              replicas:
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - template
+            type: object
+          status:
+            description: MachinePoolStatus defines the observed state of MachinePool.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachinePool.
+                format: int32
+                type: integer
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              conditions:
+                description: Conditions define the current service state of the MachinePool.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: FailureMessage indicates that there is a problem reconciling
+                  the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a problem reconciling
+                  the state, and will be set to a token value suitable for programmatic
+                  interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              nodeRefs:
+                description: NodeRefs will point to the corresponding Nodes if it
+                  they exist.
+                items:
+                  description: "ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen. 4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    ."
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+              readyReplicas:
+                description: The number of ready replicas for this MachinePool. A
+                  machine is considered ready when the node has been created and is
+                  "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              unavailableReplicas:
+                description: Total number of unavailable machine instances targeted
+                  by this machine pool. This is the total number of machine instances
+                  that are still required for the machine pool to have 100% available
+                  capacity. They may either be machine instances that are running
+                  but not yet available or machine instances that still have not been
+                  created.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Total number of machines desired by this MachinePool
+      jsonPath: .spec.replicas
+      name: Desired
+      priority: 10
+      type: integer
+    - description: MachinePool replicas count
+      jsonPath: .status.replicas
+      name: Replicas
+      type: string
+    - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+        etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Time duration since creation of MachinePool
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this MachinePool
+      jsonPath: .spec.template.spec.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MachinePool is the Schema for the machinepools API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachinePoolSpec defines the desired state of MachinePool.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomains:
+                description: FailureDomains is the list of failure domains this MachinePool
+                  should be attached to.
+                items:
+                  type: string
+                type: array
+              minReadySeconds:
+                description: Minimum number of seconds for which a newly created machine
+                  instances should be ready. Defaults to 0 (machine instance will
+                  be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              providerIDList:
+                description: ProviderIDList are the identification IDs of machine
+                  instances provided by the provider. This field must match the provider
+                  IDs as seen on the node objects corresponding to a machine pool's
+                  machine instances.
+                items:
+                  type: string
+                type: array
+              replicas:
+                description: Number of desired machines. Defaults to 1. This is a
+                  pointer to distinguish between explicit zero and not specified.
+                format: int32
+                type: integer
+              template:
+                description: Template describes the machines that will be created.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDeletionTimeout:
+                        description: NodeDeletionTimeout defines how long the controller
+                          will attempt to delete the Node that the Machine hosts after
+                          the Machine is marked for deletion. A duration of 0 will
+                          retry deletion indefinitely. Defaults to 10 seconds.
+                        type: string
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      nodeVolumeDetachTimeout:
+                        description: NodeVolumeDetachTimeout is the total amount of
+                          time that the controller will spend on waiting for all volumes
+                          to be detached. The default value is 0, meaning that the
+                          volumes can be detached without any time limitations.
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - template
+            type: object
+          status:
+            description: MachinePoolStatus defines the observed state of MachinePool.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachinePool.
+                format: int32
+                type: integer
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              conditions:
+                description: Conditions define the current service state of the MachinePool.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: FailureMessage indicates that there is a problem reconciling
+                  the state, and will be set to a descriptive error message.
+                type: string
+              failureReason:
+                description: FailureReason indicates that there is a problem reconciling
+                  the state, and will be set to a token value suitable for programmatic
+                  interpretation.
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              nodeRefs:
+                description: NodeRefs will point to the corresponding Nodes if it
+                  they exist.
+                items:
+                  description: "ObjectReference contains enough information to let
+                    you inspect or modify the referred object. --- New uses of this
+                    type are discouraged because of difficulty describing its usage
+                    when embedded in APIs. 1. Ignored fields.  It includes many fields
+                    which are not generally honored.  For instance, ResourceVersion
+                    and FieldPath are both very rarely valid in actual usage. 2. Invalid
+                    usage help.  It is impossible to add specific help for individual
+                    usage.  In most embedded usages, there are particular restrictions
+                    like, \"must refer only to types A and B\" or \"UID not honored\"
+                    or \"name must be restricted\". Those cannot be well described
+                    when embedded. 3. Inconsistent validation.  Because the usages
+                    are different, the validation rules are different by usage, which
+                    makes it hard for users to predict what will happen. 4. The fields
+                    are both imprecise and overly precise.  Kind is not a precise
+                    mapping to a URL. This can produce ambiguity during interpretation
+                    and require a REST mapping.  In most cases, the dependency is
+                    on the group,resource tuple and the version of the actual struct
+                    is irrelevant. 5. We cannot easily change it.  Because this type
+                    is embedded in many locations, updates to this type will affect
+                    numerous schemas.  Don't make new APIs embed an underspecified
+                    API type they do not control. \n Instead of using this type, create
+                    a locally provided and used type that is well-focused on your
+                    reference. For example, ServiceReferences for admission registration:
+                    https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                    ."
+                  properties:
+                    apiVersion:
+                      description: API version of the referent.
+                      type: string
+                    fieldPath:
+                      description: 'If referring to a piece of an object instead of
+                        an entire object, this string should contain a valid JSON/Go
+                        field access statement, such as desiredState.manifest.containers[2].
+                        For example, if the object reference is to a container within
+                        a pod, this would take on a value like: "spec.containers{name}"
+                        (where "name" refers to the name of the container that triggered
+                        the event) or if no container name is specified "spec.containers[2]"
+                        (container with index 2 in this pod). This syntax is chosen
+                        only to have some well-defined way of referencing a part of
+                        an object. TODO: this design is not final and this field is
+                        subject to change in the future.'
+                      type: string
+                    kind:
+                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                      type: string
+                    namespace:
+                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                      type: string
+                    resourceVersion:
+                      description: 'Specific resourceVersion to which this reference
+                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                      type: string
+                    uid:
+                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                      type: string
+                  type: object
+                type: array
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of cluster actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+              readyReplicas:
+                description: The number of ready replicas for this MachinePool. A
+                  machine is considered ready when the node has been created and is
+                  "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              unavailableReplicas:
+                description: Total number of unavailable machine instances targeted
+                  by this machine pool. This is the total number of machine instances
+                  that are still required for the machine pool to have 100% available
+                  capacity. They may either be machine instances that are running
+                  but not yet available or machine instances that still have not been
+                  created.
+                format: int32
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: machines.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: Machine
+    listKind: MachineList
+    plural: machines
+    shortNames:
+    - ma
+    singular: machine
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Provider ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine status such as Terminating/Pending/Running/Failed etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Kubernetes version associated with this Machine
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    - description: Node name associated with this machine
+      jsonPath: .status.nodeRef.name
+      name: NodeName
+      priority: 1
+      type: string
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: Machine is the Schema for the machines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSpec defines the desired state of Machine.
+            properties:
+              bootstrap:
+                description: Bootstrap is a reference to a local struct which encapsulates
+                  fields to configure the Machine’s bootstrapping mechanism.
+                properties:
+                  configRef:
+                    description: ConfigRef is a reference to a bootstrap provider-specific
+                      resource that holds configuration details. The reference is
+                      optional to allow users/operators to specify Bootstrap.Data
+                      without the need of a controller.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  data:
+                    description: "Data contains the bootstrap data, such as cloud-init
+                      details scripts. If nil, the Machine should remain in the Pending
+                      state. \n Deprecated: Switch to DataSecretName."
+                    type: string
+                  dataSecretName:
+                    description: DataSecretName is the name of the secret that stores
+                      the bootstrap data script. If nil, the Machine should remain
+                      in the Pending state.
+                    type: string
+                type: object
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomain:
+                description: FailureDomain is the failure domain the machine will
+                  be created in. Must match a key in the FailureDomains map stored
+                  on the cluster object.
+                type: string
+              infrastructureRef:
+                description: InfrastructureRef is a required reference to a custom
+                  resource offered by an infrastructure provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              nodeDrainTimeout:
+                description: 'NodeDrainTimeout is the total amount of time that the
+                  controller will spend on draining a node. The default value is 0,
+                  meaning that the node can be drained without any time limitations.
+                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+                type: string
+              providerID:
+                description: ProviderID is the identification ID of the machine provided
+                  by the provider. This field must match the provider ID as seen on
+                  the node object corresponding to this machine. This field is required
+                  by higher level consumers of cluster-api. Example use case is cluster
+                  autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+                  compares machines to nodes to find out machines at provider which
+                  could not get registered as Kubernetes nodes. With cluster-api as
+                  a generic out-of-tree provider for autoscaler, this field is required
+                  by autoscaler to be able to have a provider view of the list of
+                  machines. Another list of nodes is queried from the k8s apiserver
+                  and then a comparison is done to find out unregistered machines
+                  and are marked for delete. This field will be set by the actuators
+                  and consumed by higher level entities like autoscaler that will
+                  be interfacing with cluster-api as generic provider.
+                type: string
+              version:
+                description: Version defines the desired Kubernetes version. This
+                  field is meant to be optionally used by bootstrap providers.
+                type: string
+            required:
+            - bootstrap
+            - clusterName
+            - infrastructureRef
+            type: object
+          status:
+            description: MachineStatus defines the observed state of Machine.
+            properties:
+              addresses:
+                description: Addresses is a list of addresses assigned to the machine.
+                  This field is copied from the infrastructure provider reference.
+                items:
+                  description: MachineAddress contains information for the node's
+                    address.
+                  properties:
+                    address:
+                      description: The machine address.
+                      type: string
+                    type:
+                      description: Machine address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              conditions:
+                description: Conditions defines current service state of the Machine.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a succinct
+                  value suitable for machine interpretation. \n This field should
+                  not be set for transitive errors that a controller faces that are
+                  expected to be fixed automatically over time (like service outages),
+                  but instead indicate that something is fundamentally wrong with
+                  the Machine's spec or the configuration of the controller, and that
+                  manual intervention is required. Examples of terminal errors would
+                  be invalid combinations of settings in the spec, values that are
+                  unsupported by the controller, or the responsible controller itself
+                  being critically misconfigured. \n Any transient errors that occur
+                  during the reconciliation of Machines can be added as events to
+                  the Machine object and/or logged in the controller's output."
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              lastUpdated:
+                description: LastUpdated identifies when the phase of the Machine
+                  last transitioned.
+                format: date-time
+                type: string
+              nodeRef:
+                description: NodeRef will point to the corresponding Node if it exists.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of machine actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+              version:
+                description: Version specifies the current version of Kubernetes running
+                  on the corresponding Node. This is meant to be a means of bubbling
+                  up status from the Node to the Machine. It is entirely optional,
+                  but useful for end-user UX if it’s present.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Time duration since creation of Machine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Provider ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine status such as Terminating/Pending/Running/Failed etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Kubernetes version associated with this Machine
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    - description: Node name associated with this machine
+      jsonPath: .status.nodeRef.name
+      name: NodeName
+      priority: 1
+      type: string
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: Machine is the Schema for the machines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSpec defines the desired state of Machine.
+            properties:
+              bootstrap:
+                description: Bootstrap is a reference to a local struct which encapsulates
+                  fields to configure the Machine’s bootstrapping mechanism.
+                properties:
+                  configRef:
+                    description: ConfigRef is a reference to a bootstrap provider-specific
+                      resource that holds configuration details. The reference is
+                      optional to allow users/operators to specify Bootstrap.DataSecretName
+                      without the need of a controller.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  dataSecretName:
+                    description: DataSecretName is the name of the secret that stores
+                      the bootstrap data script. If nil, the Machine should remain
+                      in the Pending state.
+                    type: string
+                type: object
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomain:
+                description: FailureDomain is the failure domain the machine will
+                  be created in. Must match a key in the FailureDomains map stored
+                  on the cluster object.
+                type: string
+              infrastructureRef:
+                description: InfrastructureRef is a required reference to a custom
+                  resource offered by an infrastructure provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              nodeDrainTimeout:
+                description: 'NodeDrainTimeout is the total amount of time that the
+                  controller will spend on draining a node. The default value is 0,
+                  meaning that the node can be drained without any time limitations.
+                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+                type: string
+              providerID:
+                description: ProviderID is the identification ID of the machine provided
+                  by the provider. This field must match the provider ID as seen on
+                  the node object corresponding to this machine. This field is required
+                  by higher level consumers of cluster-api. Example use case is cluster
+                  autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+                  compares machines to nodes to find out machines at provider which
+                  could not get registered as Kubernetes nodes. With cluster-api as
+                  a generic out-of-tree provider for autoscaler, this field is required
+                  by autoscaler to be able to have a provider view of the list of
+                  machines. Another list of nodes is queried from the k8s apiserver
+                  and then a comparison is done to find out unregistered machines
+                  and are marked for delete. This field will be set by the actuators
+                  and consumed by higher level entities like autoscaler that will
+                  be interfacing with cluster-api as generic provider.
+                type: string
+              version:
+                description: Version defines the desired Kubernetes version. This
+                  field is meant to be optionally used by bootstrap providers.
+                type: string
+            required:
+            - bootstrap
+            - clusterName
+            - infrastructureRef
+            type: object
+          status:
+            description: MachineStatus defines the observed state of Machine.
+            properties:
+              addresses:
+                description: Addresses is a list of addresses assigned to the machine.
+                  This field is copied from the infrastructure provider reference.
+                items:
+                  description: MachineAddress contains information for the node's
+                    address.
+                  properties:
+                    address:
+                      description: The machine address.
+                      type: string
+                    type:
+                      description: Machine address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              conditions:
+                description: Conditions defines current service state of the Machine.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a succinct
+                  value suitable for machine interpretation. \n This field should
+                  not be set for transitive errors that a controller faces that are
+                  expected to be fixed automatically over time (like service outages),
+                  but instead indicate that something is fundamentally wrong with
+                  the Machine's spec or the configuration of the controller, and that
+                  manual intervention is required. Examples of terminal errors would
+                  be invalid combinations of settings in the spec, values that are
+                  unsupported by the controller, or the responsible controller itself
+                  being critically misconfigured. \n Any transient errors that occur
+                  during the reconciliation of Machines can be added as events to
+                  the Machine object and/or logged in the controller's output."
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              lastUpdated:
+                description: LastUpdated identifies when the phase of the Machine
+                  last transitioned.
+                format: date-time
+                type: string
+              nodeInfo:
+                description: 'NodeInfo is a set of ids/uuids to uniquely identify
+                  the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info'
+                properties:
+                  architecture:
+                    description: The Architecture reported by the node
+                    type: string
+                  bootID:
+                    description: Boot ID reported by the node.
+                    type: string
+                  containerRuntimeVersion:
+                    description: ContainerRuntime Version reported by the node through
+                      runtime remote API (e.g. containerd://1.4.2).
+                    type: string
+                  kernelVersion:
+                    description: Kernel Version reported by the node from 'uname -r'
+                      (e.g. 3.16.0-0.bpo.4-amd64).
+                    type: string
+                  kubeProxyVersion:
+                    description: KubeProxy Version reported by the node.
+                    type: string
+                  kubeletVersion:
+                    description: Kubelet Version reported by the node.
+                    type: string
+                  machineID:
+                    description: 'MachineID reported by the node. For unique machine
+                      identification in the cluster this field is preferred. Learn
+                      more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html'
+                    type: string
+                  operatingSystem:
+                    description: The Operating System reported by the node
+                    type: string
+                  osImage:
+                    description: OS Image reported by the node from /etc/os-release
+                      (e.g. Debian GNU/Linux 7 (wheezy)).
+                    type: string
+                  systemUUID:
+                    description: SystemUUID reported by the node. For unique machine
+                      identification MachineID is preferred. This field is specific
+                      to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+                    type: string
+                required:
+                - architecture
+                - bootID
+                - containerRuntimeVersion
+                - kernelVersion
+                - kubeProxyVersion
+                - kubeletVersion
+                - machineID
+                - operatingSystem
+                - osImage
+                - systemUUID
+                type: object
+              nodeRef:
+                description: NodeRef will point to the corresponding Node if it exists.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of machine actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+              version:
+                description: Version specifies the current version of Kubernetes running
+                  on the corresponding Node. This is meant to be a means of bubbling
+                  up status from the Node to the Machine. It is entirely optional,
+                  but useful for end-user UX if it’s present.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Node name associated with this machine
+      jsonPath: .status.nodeRef.name
+      name: NodeName
+      type: string
+    - description: Provider ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine status such as Terminating/Pending/Running/Failed etc
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: Time duration since creation of Machine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this Machine
+      jsonPath: .spec.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Machine is the Schema for the machines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSpec defines the desired state of Machine.
+            properties:
+              bootstrap:
+                description: Bootstrap is a reference to a local struct which encapsulates
+                  fields to configure the Machine’s bootstrapping mechanism.
+                properties:
+                  configRef:
+                    description: ConfigRef is a reference to a bootstrap provider-specific
+                      resource that holds configuration details. The reference is
+                      optional to allow users/operators to specify Bootstrap.DataSecretName
+                      without the need of a controller.
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  dataSecretName:
+                    description: DataSecretName is the name of the secret that stores
+                      the bootstrap data script. If nil, the Machine should remain
+                      in the Pending state.
+                    type: string
+                type: object
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              failureDomain:
+                description: FailureDomain is the failure domain the machine will
+                  be created in. Must match a key in the FailureDomains map stored
+                  on the cluster object.
+                type: string
+              infrastructureRef:
+                description: InfrastructureRef is a required reference to a custom
+                  resource offered by an infrastructure provider.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              nodeDeletionTimeout:
+                description: NodeDeletionTimeout defines how long the controller will
+                  attempt to delete the Node that the Machine hosts after the Machine
+                  is marked for deletion. A duration of 0 will retry deletion indefinitely.
+                  Defaults to 10 seconds.
+                type: string
+              nodeDrainTimeout:
+                description: 'NodeDrainTimeout is the total amount of time that the
+                  controller will spend on draining a node. The default value is 0,
+                  meaning that the node can be drained without any time limitations.
+                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+                type: string
+              nodeVolumeDetachTimeout:
+                description: NodeVolumeDetachTimeout is the total amount of time that
+                  the controller will spend on waiting for all volumes to be detached.
+                  The default value is 0, meaning that the volumes can be detached
+                  without any time limitations.
+                type: string
+              providerID:
+                description: ProviderID is the identification ID of the machine provided
+                  by the provider. This field must match the provider ID as seen on
+                  the node object corresponding to this machine. This field is required
+                  by higher level consumers of cluster-api. Example use case is cluster
+                  autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+                  compares machines to nodes to find out machines at provider which
+                  could not get registered as Kubernetes nodes. With cluster-api as
+                  a generic out-of-tree provider for autoscaler, this field is required
+                  by autoscaler to be able to have a provider view of the list of
+                  machines. Another list of nodes is queried from the k8s apiserver
+                  and then a comparison is done to find out unregistered machines
+                  and are marked for delete. This field will be set by the actuators
+                  and consumed by higher level entities like autoscaler that will
+                  be interfacing with cluster-api as generic provider.
+                type: string
+              version:
+                description: Version defines the desired Kubernetes version. This
+                  field is meant to be optionally used by bootstrap providers.
+                type: string
+            required:
+            - bootstrap
+            - clusterName
+            - infrastructureRef
+            type: object
+          status:
+            description: MachineStatus defines the observed state of Machine.
+            properties:
+              addresses:
+                description: Addresses is a list of addresses assigned to the machine.
+                  This field is copied from the infrastructure provider reference.
+                items:
+                  description: MachineAddress contains information for the node's
+                    address.
+                  properties:
+                    address:
+                      description: The machine address.
+                      type: string
+                    type:
+                      description: Machine address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              bootstrapReady:
+                description: BootstrapReady is the state of the bootstrap provider.
+                type: boolean
+              certificatesExpiryDate:
+                description: CertificatesExpiryDate is the expiry date of the machine
+                  certificates. This value is only set for control plane machines.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions defines current service state of the Machine.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a succinct
+                  value suitable for machine interpretation. \n This field should
+                  not be set for transitive errors that a controller faces that are
+                  expected to be fixed automatically over time (like service outages),
+                  but instead indicate that something is fundamentally wrong with
+                  the Machine's spec or the configuration of the controller, and that
+                  manual intervention is required. Examples of terminal errors would
+                  be invalid combinations of settings in the spec, values that are
+                  unsupported by the controller, or the responsible controller itself
+                  being critically misconfigured. \n Any transient errors that occur
+                  during the reconciliation of Machines can be added as events to
+                  the Machine object and/or logged in the controller's output."
+                type: string
+              infrastructureReady:
+                description: InfrastructureReady is the state of the infrastructure
+                  provider.
+                type: boolean
+              lastUpdated:
+                description: LastUpdated identifies when the phase of the Machine
+                  last transitioned.
+                format: date-time
+                type: string
+              nodeInfo:
+                description: 'NodeInfo is a set of ids/uuids to uniquely identify
+                  the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info'
+                properties:
+                  architecture:
+                    description: The Architecture reported by the node
+                    type: string
+                  bootID:
+                    description: Boot ID reported by the node.
+                    type: string
+                  containerRuntimeVersion:
+                    description: ContainerRuntime Version reported by the node through
+                      runtime remote API (e.g. containerd://1.4.2).
+                    type: string
+                  kernelVersion:
+                    description: Kernel Version reported by the node from 'uname -r'
+                      (e.g. 3.16.0-0.bpo.4-amd64).
+                    type: string
+                  kubeProxyVersion:
+                    description: KubeProxy Version reported by the node.
+                    type: string
+                  kubeletVersion:
+                    description: Kubelet Version reported by the node.
+                    type: string
+                  machineID:
+                    description: 'MachineID reported by the node. For unique machine
+                      identification in the cluster this field is preferred. Learn
+                      more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html'
+                    type: string
+                  operatingSystem:
+                    description: The Operating System reported by the node
+                    type: string
+                  osImage:
+                    description: OS Image reported by the node from /etc/os-release
+                      (e.g. Debian GNU/Linux 7 (wheezy)).
+                    type: string
+                  systemUUID:
+                    description: SystemUUID reported by the node. For unique machine
+                      identification MachineID is preferred. This field is specific
+                      to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+                    type: string
+                required:
+                - architecture
+                - bootID
+                - containerRuntimeVersion
+                - kernelVersion
+                - kubeProxyVersion
+                - kubeletVersion
+                - machineID
+                - operatingSystem
+                - osImage
+                - systemUUID
+                type: object
+              nodeRef:
+                description: NodeRef will point to the corresponding Node if it exists.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              observedGeneration:
+                description: ObservedGeneration is the latest generation observed
+                  by the controller.
+                format: int64
+                type: integer
+              phase:
+                description: Phase represents the current phase of machine actuation.
+                  E.g. Pending, Running, Terminating, Failed etc.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+    controller-gen.kubebuilder.io/version: v0.10.0
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: machinesets.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capi-webhook-service
+          namespace: capi-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: MachineSet
+    listKind: MachineSetList
+    plural: machinesets
+    shortNames:
+    - ms
+    singular: machineset
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Total number of non-terminated machines targeted by this machineset
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of available machines (ready for at least minReadySeconds)
+      jsonPath: .status.availableReplicas
+      name: Available
+      type: integer
+    - description: Total number of ready machines targeted by this machineset.
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: MachineSet is the Schema for the machinesets API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSetSpec defines the desired state of MachineSet.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              deletePolicy:
+                description: DeletePolicy defines the policy used to identify nodes
+                  to delete when downscaling. Defaults to "Random".  Valid values
+                  are "Random, "Newest", "Oldest"
+                enum:
+                - Random
+                - Newest
+                - Oldest
+                type: string
+              minReadySeconds:
+                description: MinReadySeconds is the minimum number of seconds for
+                  which a newly created machine should be ready. Defaults to 0 (machine
+                  will be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the number of desired replicas. This is a
+                  pointer to distinguish between explicit zero and unspecified. Defaults
+                  to 1.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is a label query over machines that should
+                  match the replica count. Label keys and values that must match in
+                  order to be controlled by this MachineSet. It must match the machine
+                  template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              template:
+                description: Template is the object that describes the machine that
+                  will be created if insufficient replicas are detected. Object references
+                  to custom resources are treated as templates.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      generateName:
+                        description: "GenerateName is an optional prefix, used by
+                          the server, to generate a unique name ONLY IF the Name field
+                          has not been provided. If this field is used, the name returned
+                          to the client will be different than the name passed. This
+                          value will also be combined with a unique suffix. The provided
+                          value has the same validation rules as the Name field, and
+                          may be truncated by the length of the suffix required to
+                          make the value unique on the server. \n If this field is
+                          specified and the generated name exists, the server will
+                          NOT return a 409 - instead, it will either return 201 Created
+                          or 500 with Reason ServerTimeout indicating a unique name
+                          could not be found in the time allotted, and the client
+                          should retry (optionally after the time indicated in the
+                          Retry-After header). \n Applied only if Name is not specified.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                      name:
+                        description: "Name must be unique within a namespace. Is required
+                          when creating resources, although some resources may allow
+                          a client to request the generation of an appropriate name
+                          automatically. Name is primarily intended for creation idempotence
+                          and configuration definition. Cannot be updated. More info:
+                          http://kubernetes.io/docs/user-guide/identifiers#names \n
+                          Deprecated: This field has no function and is going to be
+                          removed in a next release."
+                        type: string
+                      namespace:
+                        description: "Namespace defines the space within each name
+                          must be unique. An empty namespace is equivalent to the
+                          \"default\" namespace, but \"default\" is the canonical
+                          representation. Not all objects are required to be scoped
+                          to a namespace - the value of this field for those objects
+                          will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+                          More info: http://kubernetes.io/docs/user-guide/namespaces
+                          \n Deprecated: This field has no function and is going to
+                          be removed in a next release."
+                        type: string
+                      ownerReferences:
+                        description: "List of objects depended by this object. If
+                          ALL objects in the list have been deleted, this object will
+                          be garbage collected. If this object is managed by a controller,
+                          then an entry in this list will point to this controller,
+                          with the controller field set to true. There cannot be more
+                          than one managing controller. \n Deprecated: This field
+                          has no function and is going to be removed in a next release."
+                        items:
+                          description: OwnerReference contains enough information
+                            to let you identify an owning object. An owning object
+                            must be in the same namespace as the dependent, or be
+                            cluster-scoped, so there is no namespace field.
+                          properties:
+                            apiVersion:
+                              description: API version of the referent.
+                              type: string
+                            blockOwnerDeletion:
+                              description: If true, AND if the owner has the "foregroundDeletion"
+                                finalizer, then the owner cannot be deleted from the
+                                key-value store until this reference is removed. See
+                                https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+                                for how the garbage collector interacts with this
+                                field and enforces the foreground deletion. Defaults
+                                to false. To set this field, a user needs "delete"
+                                permission of the owner, otherwise 422 (Unprocessable
+                                Entity) will be returned.
+                              type: boolean
+                            controller:
+                              description: If true, this reference points to the managing
+                                controller.
+                              type: boolean
+                            kind:
+                              description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                              type: string
+                            name:
+                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              type: string
+                            uid:
+                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              type: string
+                          required:
+                          - apiVersion
+                          - kind
+                          - name
+                          - uid
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        type: array
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.Data
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          data:
+                            description: "Data contains the bootstrap data, such as
+                              cloud-init details scripts. If nil, the Machine should
+                              remain in the Pending state. \n Deprecated: Switch to
+                              DataSecretName."
+                            type: string
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            type: object
+          status:
+            description: MachineSetStatus defines the observed state of MachineSet.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachineSet.
+                format: int32
+                type: integer
+              failureMessage:
+                type: string
+              failureReason:
+                description: "In the event that there is a terminal problem reconciling
+                  the replicas, both FailureReason and FailureMessage will be set.
+                  FailureReason will be populated with a succinct value suitable for
+                  machine interpretation, while FailureMessage will contain a more
+                  verbose string suitable for logging and human consumption. \n These
+                  fields should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the MachineTemplate's spec or the configuration of the
+                  machine controller, and that manual intervention is required. Examples
+                  of terminal errors would be invalid combinations of settings in
+                  the spec, values that are unsupported by the machine controller,
+                  or the responsible machine controller itself being critically misconfigured.
+                  \n Any transient errors that occur during the reconciliation of
+                  Machines can be added as events to the MachineSet object and/or
+                  logged in the controller's output."
+                type: string
+              fullyLabeledReplicas:
+                description: The number of replicas that have labels matching the
+                  labels of the machine template of the MachineSet.
+                format: int32
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed MachineSet.
+                format: int64
+                type: integer
+              readyReplicas:
+                description: The number of ready replicas for this MachineSet. A machine
+                  is considered ready when the node has been created and is "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Time duration since creation of MachineSet
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Total number of non-terminated machines targeted by this machineset
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of available machines (ready for at least minReadySeconds)
+      jsonPath: .status.availableReplicas
+      name: Available
+      type: integer
+    - description: Total number of ready machines targeted by this machineset.
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: MachineSet is the Schema for the machinesets API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSetSpec defines the desired state of MachineSet.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              deletePolicy:
+                description: DeletePolicy defines the policy used to identify nodes
+                  to delete when downscaling. Defaults to "Random".  Valid values
+                  are "Random, "Newest", "Oldest"
+                enum:
+                - Random
+                - Newest
+                - Oldest
+                type: string
+              minReadySeconds:
+                description: MinReadySeconds is the minimum number of seconds for
+                  which a newly created machine should be ready. Defaults to 0 (machine
+                  will be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              replicas:
+                default: 1
+                description: Replicas is the number of desired replicas. This is a
+                  pointer to distinguish between explicit zero and unspecified. Defaults
+                  to 1.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is a label query over machines that should
+                  match the replica count. Label keys and values that must match in
+                  order to be controlled by this MachineSet. It must match the machine
+                  template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              template:
+                description: Template is the object that describes the machine that
+                  will be created if insufficient replicas are detected. Object references
+                  to custom resources are treated as templates.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            type: object
+          status:
+            description: MachineSetStatus defines the observed state of MachineSet.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachineSet.
+                format: int32
+                type: integer
+              conditions:
+                description: Conditions defines current service state of the MachineSet.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                type: string
+              failureReason:
+                description: "In the event that there is a terminal problem reconciling
+                  the replicas, both FailureReason and FailureMessage will be set.
+                  FailureReason will be populated with a succinct value suitable for
+                  machine interpretation, while FailureMessage will contain a more
+                  verbose string suitable for logging and human consumption. \n These
+                  fields should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the MachineTemplate's spec or the configuration of the
+                  machine controller, and that manual intervention is required. Examples
+                  of terminal errors would be invalid combinations of settings in
+                  the spec, values that are unsupported by the machine controller,
+                  or the responsible machine controller itself being critically misconfigured.
+                  \n Any transient errors that occur during the reconciliation of
+                  Machines can be added as events to the MachineSet object and/or
+                  logged in the controller's output."
+                type: string
+              fullyLabeledReplicas:
+                description: The number of replicas that have labels matching the
+                  labels of the machine template of the MachineSet.
+                format: int32
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed MachineSet.
+                format: int64
+                type: integer
+              readyReplicas:
+                description: The number of ready replicas for this MachineSet. A machine
+                  is considered ready when the node has been created and is "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster
+      jsonPath: .spec.clusterName
+      name: Cluster
+      type: string
+    - description: Total number of machines desired by this machineset
+      jsonPath: .spec.replicas
+      name: Desired
+      priority: 10
+      type: integer
+    - description: Total number of non-terminated machines targeted by this machineset
+      jsonPath: .status.replicas
+      name: Replicas
+      type: integer
+    - description: Total number of ready machines targeted by this machineset.
+      jsonPath: .status.readyReplicas
+      name: Ready
+      type: integer
+    - description: Total number of available machines (ready for at least minReadySeconds)
+      jsonPath: .status.availableReplicas
+      name: Available
+      type: integer
+    - description: Time duration since creation of MachineSet
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: Kubernetes version associated with this MachineSet
+      jsonPath: .spec.template.spec.version
+      name: Version
+      type: string
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MachineSet is the Schema for the machinesets API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MachineSetSpec defines the desired state of MachineSet.
+            properties:
+              clusterName:
+                description: ClusterName is the name of the Cluster this object belongs
+                  to.
+                minLength: 1
+                type: string
+              deletePolicy:
+                description: DeletePolicy defines the policy used to identify nodes
+                  to delete when downscaling. Defaults to "Random".  Valid values
+                  are "Random, "Newest", "Oldest"
+                enum:
+                - Random
+                - Newest
+                - Oldest
+                type: string
+              minReadySeconds:
+                description: MinReadySeconds is the minimum number of seconds for
+                  which a newly created machine should be ready. Defaults to 0 (machine
+                  will be considered available as soon as it is ready)
+                format: int32
+                type: integer
+              replicas:
+                default: 1
+                description: Replicas is the number of desired replicas. This is a
+                  pointer to distinguish between explicit zero and unspecified. Defaults
+                  to 1.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is a label query over machines that should
+                  match the replica count. Label keys and values that must match in
+                  order to be controlled by this MachineSet. It must match the machine
+                  template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              template:
+                description: Template is the object that describes the machine that
+                  will be created if insufficient replicas are detected. Object references
+                  to custom resources are treated as templates.
+                properties:
+                  metadata:
+                    description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Annotations is an unstructured key value map
+                          stored with a resource that may be set by external tools
+                          to store and retrieve arbitrary metadata. They are not queryable
+                          and should be preserved when modifying objects. More info:
+                          http://kubernetes.io/docs/user-guide/annotations'
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Map of string keys and values that can be used
+                          to organize and categorize (scope and select) objects. May
+                          match selectors of replication controllers and services.
+                          More info: http://kubernetes.io/docs/user-guide/labels'
+                        type: object
+                    type: object
+                  spec:
+                    description: 'Specification of the desired behavior of the machine.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+                    properties:
+                      bootstrap:
+                        description: Bootstrap is a reference to a local struct which
+                          encapsulates fields to configure the Machine’s bootstrapping
+                          mechanism.
+                        properties:
+                          configRef:
+                            description: ConfigRef is a reference to a bootstrap provider-specific
+                              resource that holds configuration details. The reference
+                              is optional to allow users/operators to specify Bootstrap.DataSecretName
+                              without the need of a controller.
+                            properties:
+                              apiVersion:
+                                description: API version of the referent.
+                                type: string
+                              fieldPath:
+                                description: 'If referring to a piece of an object
+                                  instead of an entire object, this string should
+                                  contain a valid JSON/Go field access statement,
+                                  such as desiredState.manifest.containers[2]. For
+                                  example, if the object reference is to a container
+                                  within a pod, this would take on a value like: "spec.containers{name}"
+                                  (where "name" refers to the name of the container
+                                  that triggered the event) or if no container name
+                                  is specified "spec.containers[2]" (container with
+                                  index 2 in this pod). This syntax is chosen only
+                                  to have some well-defined way of referencing a part
+                                  of an object. TODO: this design is not final and
+                                  this field is subject to change in the future.'
+                                type: string
+                              kind:
+                                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                type: string
+                              name:
+                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                type: string
+                              namespace:
+                                description: 'Namespace of the referent. More info:
+                                  https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                                type: string
+                              resourceVersion:
+                                description: 'Specific resourceVersion to which this
+                                  reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                                type: string
+                              uid:
+                                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          dataSecretName:
+                            description: DataSecretName is the name of the secret
+                              that stores the bootstrap data script. If nil, the Machine
+                              should remain in the Pending state.
+                            type: string
+                        type: object
+                      clusterName:
+                        description: ClusterName is the name of the Cluster this object
+                          belongs to.
+                        minLength: 1
+                        type: string
+                      failureDomain:
+                        description: FailureDomain is the failure domain the machine
+                          will be created in. Must match a key in the FailureDomains
+                          map stored on the cluster object.
+                        type: string
+                      infrastructureRef:
+                        description: InfrastructureRef is a required reference to
+                          a custom resource offered by an infrastructure provider.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      nodeDeletionTimeout:
+                        description: NodeDeletionTimeout defines how long the controller
+                          will attempt to delete the Node that the Machine hosts after
+                          the Machine is marked for deletion. A duration of 0 will
+                          retry deletion indefinitely. Defaults to 10 seconds.
+                        type: string
+                      nodeDrainTimeout:
+                        description: 'NodeDrainTimeout is the total amount of time
+                          that the controller will spend on draining a node. The default
+                          value is 0, meaning that the node can be drained without
+                          any time limitations. NOTE: NodeDrainTimeout is different
+                          from `kubectl drain --timeout`'
+                        type: string
+                      nodeVolumeDetachTimeout:
+                        description: NodeVolumeDetachTimeout is the total amount of
+                          time that the controller will spend on waiting for all volumes
+                          to be detached. The default value is 0, meaning that the
+                          volumes can be detached without any time limitations.
+                        type: string
+                      providerID:
+                        description: ProviderID is the identification ID of the machine
+                          provided by the provider. This field must match the provider
+                          ID as seen on the node object corresponding to this machine.
+                          This field is required by higher level consumers of cluster-api.
+                          Example use case is cluster autoscaler with cluster-api
+                          as provider. Clean-up logic in the autoscaler compares machines
+                          to nodes to find out machines at provider which could not
+                          get registered as Kubernetes nodes. With cluster-api as
+                          a generic out-of-tree provider for autoscaler, this field
+                          is required by autoscaler to be able to have a provider
+                          view of the list of machines. Another list of nodes is queried
+                          from the k8s apiserver and then a comparison is done to
+                          find out unregistered machines and are marked for delete.
+                          This field will be set by the actuators and consumed by
+                          higher level entities like autoscaler that will be interfacing
+                          with cluster-api as generic provider.
+                        type: string
+                      version:
+                        description: Version defines the desired Kubernetes version.
+                          This field is meant to be optionally used by bootstrap providers.
+                        type: string
+                    required:
+                    - bootstrap
+                    - clusterName
+                    - infrastructureRef
+                    type: object
+                type: object
+            required:
+            - clusterName
+            - selector
+            type: object
+          status:
+            description: MachineSetStatus defines the observed state of MachineSet.
+            properties:
+              availableReplicas:
+                description: The number of available replicas (ready for at least
+                  minReadySeconds) for this MachineSet.
+                format: int32
+                type: integer
+              conditions:
+                description: Conditions defines current service state of the MachineSet.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                type: string
+              failureReason:
+                description: "In the event that there is a terminal problem reconciling
+                  the replicas, both FailureReason and FailureMessage will be set.
+                  FailureReason will be populated with a succinct value suitable for
+                  machine interpretation, while FailureMessage will contain a more
+                  verbose string suitable for logging and human consumption. \n These
+                  fields should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the MachineTemplate's spec or the configuration of the
+                  machine controller, and that manual intervention is required. Examples
+                  of terminal errors would be invalid combinations of settings in
+                  the spec, values that are unsupported by the machine controller,
+                  or the responsible machine controller itself being critically misconfigured.
+                  \n Any transient errors that occur during the reconciliation of
+                  Machines can be added as events to the MachineSet object and/or
+                  logged in the controller's output."
+                type: string
+              fullyLabeledReplicas:
+                description: The number of replicas that have labels matching the
+                  labels of the machine template of the MachineSet.
+                format: int32
+                type: integer
+              observedGeneration:
+                description: ObservedGeneration reflects the generation of the most
+                  recently observed MachineSet.
+                format: int64
+                type: integer
+              readyReplicas:
+                description: The number of ready replicas for this MachineSet. A machine
+                  is considered ready when the node has been created and is "Ready".
+                format: int32
+                type: integer
+              replicas:
+                description: Replicas is the most recently observed number of replicas.
+                format: int32
+                type: integer
+              selector:
+                description: 'Selector is the same as the label selector but in the
+                  string format to avoid introspection by clients. The string will
+                  be in the same format as the query-param syntax. More info about
+                  label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.selector
+        specReplicasPath: .spec.replicas
+        statusReplicasPath: .status.replicas
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-manager
+  namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-leader-election-role
+  namespace: capi-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-system-capi-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-system-capi-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - clusterresourcesets/finalizers
+  - clusterresourcesets/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  - controlplane.cluster.x-k8s.io
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusterclasses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusterclasses
+  - clusterclasses/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/finalizers
+  - clusters/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinedeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinedeployments
+  - machinedeployments/finalizers
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinedeployments
+  - machinedeployments/finalizers
+  - machinedeployments/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinehealthchecks
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinehealthchecks
+  - machinehealthchecks/finalizers
+  - machinehealthchecks/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinepools
+  - machinepools/finalizers
+  - machinepools/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  - machines/finalizers
+  - machines/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  - machines/status
+  verbs:
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinesets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinesets
+  - machinesets/finalizers
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinesets
+  - machinesets/finalizers
+  - machinesets/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - runtime.cluster.x-k8s.io
+  resources:
+  - extensionconfigs
+  - extensionconfigs/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-leader-election-rolebinding
+  namespace: capi-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capi-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: capi-manager
+  namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-system-capi-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capi-system-capi-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+  name: capi-manager
+  namespace: capi-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-webhook-service
+  namespace: capi-system
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: cluster-api
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+    control-plane: controller-manager
+  name: capi-controller-manager
+  namespace: capi-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: cluster-api
+      control-plane: controller-manager
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        cluster.x-k8s.io/provider: cluster-api
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        - --metrics-bind-addr=localhost:8080
+        - --feature-gates=MachinePool=false,ClusterResourceSet=true,ClusterTopology=true,RuntimeSDK=false
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_UID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.uid
+        image: registry.k8s.io/cluster-api/cluster-api-controller:v1.3.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: healthz
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: healthz
+        resources: {}
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: capi-manager
+      terminationGracePeriodSeconds: 10
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+      volumes:
+      - name: cert
+        secret:
+          secretName: capi-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-serving-cert
+  namespace: capi-system
+spec:
+  dnsNames:
+  - capi-webhook-service.capi-system.svc
+  - capi-webhook-service.capi-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: capi-selfsigned-issuer
+  secretName: capi-webhook-service-cert
+  subject:
+    organizations:
+    - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-selfsigned-issuer
+  namespace: capi-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-machine
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.machine.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machines
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.machinedeployment.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinedeployments
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.machinehealthcheck.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinehealthchecks
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-machineset
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.machineset.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinesets
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-cluster
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.cluster.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clusters
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.clusterclass.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clusterclasses
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - runtime.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - extensionconfigs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.machinepool.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinepools
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.clusterresourceset.addons.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - addons.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clusterresourcesets
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    clusterctl.cluster.x-k8s.io: ""
+  name: capi-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-machine
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.machine.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machines
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.machinedeployment.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinedeployments
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.machinehealthcheck.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinehealthchecks
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-machineset
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.machineset.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinesets
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-cluster
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.cluster.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - clusters
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.clusterclass.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - clusterclasses
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.extensionconfig.runtime.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - runtime.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - extensionconfigs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-cluster-x-k8s-io-v1beta1-machinepool
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.machinepool.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - machinepools
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.clusterresourceset.addons.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - addons.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clusterresourcesets
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.ipaddress.ipam.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - ipam.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - ipaddresses
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: capi-webhook-service
+      namespace: capi-system
+      path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - ipam.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - ipaddressclaims
+  sideEffects: None
diff --git a/atmosphere/operator/manifests/capi-provider.yml b/atmosphere/operator/manifests/capi-provider.yml
new file mode 100644
index 0000000..56c0eb7
--- /dev/null
+++ b/atmosphere/operator/manifests/capi-provider.yml
@@ -0,0 +1,12126 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+    controller-gen.kubebuilder.io/version: v0.9.2
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+  name: openstackclusters.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capo-webhook-service
+          namespace: capo-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: OpenStackCluster
+    listKind: OpenStackClusterList
+    plural: openstackclusters
+    shortNames:
+    - osc
+    singular: openstackcluster
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for OpenStack instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: Network the cluster is using
+      jsonPath: .status.network.id
+      name: Network
+      type: string
+    - description: Subnet the cluster is using
+      jsonPath: .status.network.subnet.id
+      name: Subnet
+      type: string
+    - description: API Endpoint
+      jsonPath: .spec.controlPlaneEndpoint.host
+      name: Endpoint
+      priority: 1
+      type: string
+    - description: Bastion floating IP
+      jsonPath: .status.bastion.floatingIP
+      name: Bastion
+      type: string
+    - description: Time duration since creation of OpenStackCluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: OpenStackCluster is the Schema for the openstackclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+            properties:
+              apiServerFloatingIP:
+                description: APIServerFloatingIP is the floatingIP which will be associated
+                  to the APIServer. The floatingIP will be created if it not already
+                  exists.
+                type: string
+              apiServerLoadBalancerAdditionalPorts:
+                description: APIServerLoadBalancerAdditionalPorts adds additional
+                  ports to the APIServerLoadBalancer
+                items:
+                  type: integer
+                type: array
+              apiServerPort:
+                description: APIServerPort is the port on which the listener on the
+                  APIServer will be created
+                type: integer
+              bastion:
+                description: "Bastion is the OpenStack instance to login the nodes
+                  \n As a rolling update is not ideal during a bastion host session,
+                  we prevent changes to a running bastion configuration. Set `enabled:
+                  false` to make changes."
+                properties:
+                  availabilityZone:
+                    type: string
+                  enabled:
+                    type: boolean
+                  instance:
+                    description: Instance for the bastion itself
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      cloudsSecret:
+                        description: The name of the secret containing the openstack
+                          credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify the networks parameter, the server attaches
+                          to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                adminStateUp:
+                                  type: boolean
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                shared:
+                                  type: boolean
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                status:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            fixedIp:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional network query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      enableDhcp:
+                                        type: boolean
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      networkId:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      subnetpoolId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: The UUID of the network. Required
+                                      if you omit the port attribute.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: The UUID of the network. Required if you
+                                omit the port attribute.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          deviceType:
+                            type: string
+                          diskSize:
+                            type: integer
+                          sourceType:
+                            type: string
+                          sourceUUID:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                      userDataSecret:
+                        description: The name of the secret containing the user data
+                          (startup script in most cases)
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    required:
+                    - flavor
+                    type: object
+                type: object
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              cloudsSecret:
+                description: The name of the secret containing the openstack credentials
+                properties:
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              controlPlaneAvailabilityZones:
+                description: ControlPlaneAvailabilityZones is the az to deploy control
+                  plane to
+                items:
+                  type: string
+                type: array
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              disablePortSecurity:
+                description: DisablePortSecurity disables the port security of the
+                  network created for the Kubernetes cluster, which also disables
+                  SecurityGroups
+                type: boolean
+              dnsNameservers:
+                description: DNSNameservers is the list of nameservers for OpenStack
+                  Subnet being created. Set this value when you need create a new
+                  network/subnet while the access through DNS is required.
+                items:
+                  type: string
+                type: array
+              externalNetworkId:
+                description: ExternalNetworkID is the ID of an external OpenStack
+                  Network. This is necessary to get public internet to the VMs.
+                type: string
+              externalRouterIPs:
+                description: ExternalRouterIPs is an array of externalIPs on the respective
+                  subnets. This is necessary if the router needs a fixed ip in a specific
+                  subnet.
+                items:
+                  properties:
+                    fixedIP:
+                      description: The FixedIP in the corresponding subnet
+                      type: string
+                    subnet:
+                      description: The subnet in which the FixedIP is used for the
+                        Gateway of this router
+                      properties:
+                        filter:
+                          description: Filters for optional network query
+                          properties:
+                            cidr:
+                              type: string
+                            description:
+                              type: string
+                            enableDhcp:
+                              type: boolean
+                            gateway_ip:
+                              type: string
+                            id:
+                              type: string
+                            ipVersion:
+                              type: integer
+                            ipv6AddressMode:
+                              type: string
+                            ipv6RaMode:
+                              type: string
+                            limit:
+                              type: integer
+                            marker:
+                              type: string
+                            name:
+                              type: string
+                            networkId:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            sortDir:
+                              type: string
+                            sortKey:
+                              type: string
+                            subnetpoolId:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                            tenantId:
+                              type: string
+                          type: object
+                        uuid:
+                          description: The UUID of the network. Required if you omit
+                            the port attribute.
+                          type: string
+                      type: object
+                  required:
+                  - subnet
+                  type: object
+                type: array
+              managedAPIServerLoadBalancer:
+                description: 'ManagedAPIServerLoadBalancer defines whether a LoadBalancer
+                  for the APIServer should be created. If set to true the following
+                  properties are mandatory: APIServerFloatingIP, APIServerPort'
+                type: boolean
+              managedSecurityGroups:
+                description: 'ManagedSecurityGroups defines that kubernetes manages
+                  the OpenStack security groups for now, that means that we''ll create
+                  security group allows traffic to/from machines belonging to that
+                  group based on Calico CNI plugin default network requirements: BGP
+                  and IP-in-IP for master node(s) and worker node(s) respectively.
+                  In the future, we could make this more flexible.'
+                type: boolean
+              network:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing network.
+                properties:
+                  adminStateUp:
+                    type: boolean
+                  description:
+                    type: string
+                  id:
+                    type: string
+                  limit:
+                    type: integer
+                  marker:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  shared:
+                    type: boolean
+                  sortDir:
+                    type: string
+                  sortKey:
+                    type: string
+                  status:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                  tenantId:
+                    type: string
+                type: object
+              nodeCidr:
+                description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+                  actuator will create a network, a subnet with NodeCIDR, and a router
+                  connected to this subnet. If you leave this empty, no network will
+                  be created.
+                type: string
+              subnet:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing subnet.
+                properties:
+                  cidr:
+                    type: string
+                  description:
+                    type: string
+                  enableDhcp:
+                    type: boolean
+                  gateway_ip:
+                    type: string
+                  id:
+                    type: string
+                  ipVersion:
+                    type: integer
+                  ipv6AddressMode:
+                    type: string
+                  ipv6RaMode:
+                    type: string
+                  limit:
+                    type: integer
+                  marker:
+                    type: string
+                  name:
+                    type: string
+                  networkId:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  sortDir:
+                    type: string
+                  sortKey:
+                    type: string
+                  subnetpoolId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                  tenantId:
+                    type: string
+                type: object
+              tags:
+                description: Tags for all resources in cluster
+                items:
+                  type: string
+                type: array
+              useOctavia:
+                description: UseOctavia is weather LoadBalancer Service is Octavia
+                  or not
+                type: boolean
+            type: object
+          status:
+            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+            properties:
+              bastion:
+                properties:
+                  configDrive:
+                    type: boolean
+                  failureDomain:
+                    type: string
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  id:
+                    type: string
+                  image:
+                    type: string
+                  ip:
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  name:
+                    type: string
+                  networks:
+                    items:
+                      description: Network represents basic information about the
+                        associated OpenStach Neutron Network.
+                      properties:
+                        apiServerLoadBalancer:
+                          description: Be careful when using APIServerLoadBalancer,
+                            because this field is optional and therefore not set in
+                            all cases
+                          properties:
+                            id:
+                              type: string
+                            internalIP:
+                              type: string
+                            ip:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                          - id
+                          - internalIP
+                          - ip
+                          - name
+                          type: object
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        router:
+                          description: Router represents basic information about the
+                            associated OpenStack Neutron Router.
+                          properties:
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - id
+                          - name
+                          type: object
+                        subnet:
+                          description: Subnet represents basic information about the
+                            associated OpenStack Neutron Subnet.
+                          properties:
+                            cidr:
+                              type: string
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - cidr
+                          - id
+                          - name
+                          type: object
+                        tags:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - id
+                      - name
+                      type: object
+                    type: array
+                  rootVolume:
+                    properties:
+                      deviceType:
+                        type: string
+                      diskSize:
+                        type: integer
+                      sourceType:
+                        type: string
+                      sourceUUID:
+                        type: string
+                    type: object
+                  securigyGroups:
+                    items:
+                      type: string
+                    type: array
+                  serverGroupID:
+                    type: string
+                  sshKeyName:
+                    type: string
+                  state:
+                    description: InstanceState describes the state of an OpenStack
+                      instance.
+                    type: string
+                  subnet:
+                    type: string
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                  trunk:
+                    type: boolean
+                  userData:
+                    type: string
+                type: object
+              bastionSecurityGroup:
+                description: SecurityGroup represents the basic information of the
+                  associated OpenStack Neutron Security Group.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              controlPlaneSecurityGroup:
+                description: 'ControlPlaneSecurityGroups contains all the information
+                  about the OpenStack Security Group that needs to be applied to control
+                  plane nodes. TODO: Maybe instead of two properties, we add a property
+                  to the group?'
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              externalNetwork:
+                description: External Network contains information about the created
+                  OpenStack external network.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains represent OpenStack availability zones
+                type: object
+              network:
+                description: Network contains all information about the created OpenStack
+                  Network. It includes Subnets and Router.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              ready:
+                type: boolean
+              workerSecurityGroup:
+                description: WorkerSecurityGroup contains all the information about
+                  the OpenStack Security Group that needs to be applied to worker
+                  nodes.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for OpenStack instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: Network the cluster is using
+      jsonPath: .status.network.id
+      name: Network
+      type: string
+    - description: Subnet the cluster is using
+      jsonPath: .status.network.subnet.id
+      name: Subnet
+      type: string
+    - description: API Endpoint
+      jsonPath: .spec.controlPlaneEndpoint.host
+      name: Endpoint
+      priority: 1
+      type: string
+    - description: Bastion address for breakglass access
+      jsonPath: .status.bastion.floatingIP
+      name: Bastion IP
+      type: string
+    - description: Time duration since creation of OpenStackCluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: OpenStackCluster is the Schema for the openstackclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+            properties:
+              allowAllInClusterTraffic:
+                description: AllowAllInClusterTraffic is only used when managed security
+                  groups are in use. If set to true, the rules for the managed security
+                  groups are configured so that all ingress and egress between cluster
+                  nodes is permitted, allowing CNIs other than Calico to be used.
+                type: boolean
+              apiServerFixedIP:
+                description: APIServerFixedIP is the fixed IP which will be associated
+                  with the API server. In the case where the API server has a floating
+                  IP but not a managed load balancer, this field is not used. If a
+                  managed load balancer is used and this field is not specified, a
+                  fixed IP will be dynamically allocated for the load balancer. If
+                  a managed load balancer is not used AND the API server floating
+                  IP is disabled, this field MUST be specified and should correspond
+                  to a pre-allocated port that holds the fixed IP to be used as a
+                  VIP.
+                type: string
+              apiServerFloatingIP:
+                description: APIServerFloatingIP is the floatingIP which will be associated
+                  with the API server. The floatingIP will be created if it does not
+                  already exist. If not specified, a new floatingIP is allocated.
+                  This field is not used if DisableAPIServerFloatingIP is set to true.
+                type: string
+              apiServerLoadBalancerAdditionalPorts:
+                description: APIServerLoadBalancerAdditionalPorts adds additional
+                  ports to the APIServerLoadBalancer
+                items:
+                  type: integer
+                type: array
+              apiServerPort:
+                description: APIServerPort is the port on which the listener on the
+                  APIServer will be created
+                type: integer
+              bastion:
+                description: "Bastion is the OpenStack instance to login the nodes
+                  \n As a rolling update is not ideal during a bastion host session,
+                  we prevent changes to a running bastion configuration. Set `enabled:
+                  false` to make changes."
+                properties:
+                  availabilityZone:
+                    type: string
+                  enabled:
+                    type: boolean
+                  instance:
+                    description: Instance for the bastion itself
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                adminStateUp:
+                                  type: boolean
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                shared:
+                                  type: boolean
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                status:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      enableDhcp:
+                                        type: boolean
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      networkId:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      subnetpoolId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnetId:
+                                    type: string
+                                required:
+                                - subnetId
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            networkId:
+                              description: ID of the OpenStack network on which to
+                                create the port. If unspecified, create the port on
+                                the default cluster network.
+                              type: string
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroups:
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          deviceType:
+                            type: string
+                          diskSize:
+                            type: integer
+                          sourceType:
+                            type: string
+                          sourceUUID:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                type: object
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              controlPlaneAvailabilityZones:
+                description: ControlPlaneAvailabilityZones is the az to deploy control
+                  plane to
+                items:
+                  type: string
+                type: array
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              disableAPIServerFloatingIP:
+                description: DisableAPIServerFloatingIP determines whether or not
+                  to attempt to attach a floating IP to the API server. This allows
+                  for the creation of clusters when attaching a floating IP to the
+                  API server (and hence, in many cases, exposing the API server to
+                  the internet) is not possible or desirable, e.g. if using a shared
+                  VLAN for communication between management and workload clusters
+                  or when the management cluster is inside the project network. This
+                  option requires that the API server use a VIP on the cluster network
+                  so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+                  When using a managed load balancer, this VIP will be managed automatically.
+                  If not using a managed load balancer, cluster configuration will
+                  fail without additional configuration to manage the VIP on the control
+                  plane machines, which falls outside of the scope of this controller.
+                type: boolean
+              disablePortSecurity:
+                description: DisablePortSecurity disables the port security of the
+                  network created for the Kubernetes cluster, which also disables
+                  SecurityGroups
+                type: boolean
+              dnsNameservers:
+                description: DNSNameservers is the list of nameservers for OpenStack
+                  Subnet being created. Set this value when you need create a new
+                  network/subnet while the access through DNS is required.
+                items:
+                  type: string
+                type: array
+              externalNetworkId:
+                description: ExternalNetworkID is the ID of an external OpenStack
+                  Network. This is necessary to get public internet to the VMs.
+                type: string
+              externalRouterIPs:
+                description: ExternalRouterIPs is an array of externalIPs on the respective
+                  subnets. This is necessary if the router needs a fixed ip in a specific
+                  subnet.
+                items:
+                  properties:
+                    fixedIP:
+                      description: The FixedIP in the corresponding subnet
+                      type: string
+                    subnet:
+                      description: The subnet in which the FixedIP is used for the
+                        Gateway of this router
+                      properties:
+                        filter:
+                          description: Filters for optional subnet query
+                          properties:
+                            cidr:
+                              type: string
+                            description:
+                              type: string
+                            enableDhcp:
+                              type: boolean
+                            gateway_ip:
+                              type: string
+                            id:
+                              type: string
+                            ipVersion:
+                              type: integer
+                            ipv6AddressMode:
+                              type: string
+                            ipv6RaMode:
+                              type: string
+                            limit:
+                              type: integer
+                            marker:
+                              type: string
+                            name:
+                              type: string
+                            networkId:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            sortDir:
+                              type: string
+                            sortKey:
+                              type: string
+                            subnetpoolId:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                            tenantId:
+                              type: string
+                          type: object
+                        uuid:
+                          description: Optional UUID of the subnet. If specified this
+                            will not be validated prior to server creation. If specified,
+                            the enclosing `NetworkParam` must also be specified by
+                            UUID.
+                          type: string
+                      type: object
+                  required:
+                  - subnet
+                  type: object
+                type: array
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              managedAPIServerLoadBalancer:
+                description: ManagedAPIServerLoadBalancer defines whether a LoadBalancer
+                  for the APIServer should be created.
+                type: boolean
+              managedSecurityGroups:
+                description: ManagedSecurityGroups determines whether OpenStack security
+                  groups for the cluster will be managed by the OpenStack provider
+                  or whether pre-existing security groups will be specified as part
+                  of the configuration. By default, the managed security groups have
+                  rules that allow the Kubelet, etcd, the Kubernetes API server and
+                  the Calico CNI plugin to function correctly.
+                type: boolean
+              network:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing network.
+                properties:
+                  adminStateUp:
+                    type: boolean
+                  description:
+                    type: string
+                  id:
+                    type: string
+                  limit:
+                    type: integer
+                  marker:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  shared:
+                    type: boolean
+                  sortDir:
+                    type: string
+                  sortKey:
+                    type: string
+                  status:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                  tenantId:
+                    type: string
+                type: object
+              nodeCidr:
+                description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+                  actuator will create a network, a subnet with NodeCIDR, and a router
+                  connected to this subnet. If you leave this empty, no network will
+                  be created.
+                type: string
+              subnet:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing subnet.
+                properties:
+                  cidr:
+                    type: string
+                  description:
+                    type: string
+                  enableDhcp:
+                    type: boolean
+                  gateway_ip:
+                    type: string
+                  id:
+                    type: string
+                  ipVersion:
+                    type: integer
+                  ipv6AddressMode:
+                    type: string
+                  ipv6RaMode:
+                    type: string
+                  limit:
+                    type: integer
+                  marker:
+                    type: string
+                  name:
+                    type: string
+                  networkId:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  sortDir:
+                    type: string
+                  sortKey:
+                    type: string
+                  subnetpoolId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                  tenantId:
+                    type: string
+                type: object
+              tags:
+                description: Tags for all resources in cluster
+                items:
+                  type: string
+                type: array
+            type: object
+          status:
+            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+            properties:
+              bastion:
+                properties:
+                  configDrive:
+                    type: boolean
+                  failureDomain:
+                    type: string
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  id:
+                    type: string
+                  image:
+                    type: string
+                  ip:
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  name:
+                    type: string
+                  networks:
+                    items:
+                      description: Network represents basic information about an OpenStack
+                        Neutron Network associated with an instance's port.
+                      properties:
+                        apiServerLoadBalancer:
+                          description: Be careful when using APIServerLoadBalancer,
+                            because this field is optional and therefore not set in
+                            all cases
+                          properties:
+                            id:
+                              type: string
+                            internalIP:
+                              type: string
+                            ip:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                          - id
+                          - internalIP
+                          - ip
+                          - name
+                          type: object
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        port:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnetId:
+                                    type: string
+                                required:
+                                - subnetId
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            networkId:
+                              description: ID of the OpenStack network on which to
+                                create the port. If unspecified, create the port on
+                                the default cluster network.
+                              type: string
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroups:
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        router:
+                          description: Router represents basic information about the
+                            associated OpenStack Neutron Router.
+                          properties:
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - id
+                          - name
+                          type: object
+                        subnet:
+                          description: Subnet represents basic information about the
+                            associated OpenStack Neutron Subnet.
+                          properties:
+                            cidr:
+                              type: string
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - cidr
+                          - id
+                          - name
+                          type: object
+                        tags:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - id
+                      - name
+                      type: object
+                    type: array
+                  rootVolume:
+                    properties:
+                      deviceType:
+                        type: string
+                      diskSize:
+                        type: integer
+                      sourceType:
+                        type: string
+                      sourceUUID:
+                        type: string
+                    type: object
+                  securigyGroups:
+                    items:
+                      type: string
+                    type: array
+                  serverGroupID:
+                    type: string
+                  sshKeyName:
+                    type: string
+                  state:
+                    description: InstanceState describes the state of an OpenStack
+                      instance.
+                    type: string
+                  subnet:
+                    type: string
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                  trunk:
+                    type: boolean
+                  userData:
+                    type: string
+                type: object
+              bastionSecurityGroup:
+                description: SecurityGroup represents the basic information of the
+                  associated OpenStack Neutron Security Group.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              controlPlaneSecurityGroup:
+                description: 'ControlPlaneSecurityGroups contains all the information
+                  about the OpenStack Security Group that needs to be applied to control
+                  plane nodes. TODO: Maybe instead of two properties, we add a property
+                  to the group?'
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              externalNetwork:
+                description: External Network contains information about the created
+                  OpenStack external network.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnetId:
+                              type: string
+                          required:
+                          - subnetId
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      networkId:
+                        description: ID of the OpenStack network on which to create
+                          the port. If unspecified, create the port on the default
+                          cluster network.
+                        type: string
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroups:
+                        items:
+                          type: string
+                        type: array
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains represent OpenStack availability zones
+                type: object
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a more verbose string suitable for logging and human consumption.
+                  \n This field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the OpenStackCluster's spec or the configuration of the
+                  controller, and that manual intervention is required. Examples of
+                  terminal errors would be invalid combinations of settings in the
+                  spec, values that are unsupported by the controller, or the responsible
+                  controller itself being critically misconfigured. \n Any transient
+                  errors that occur during the reconciliation of OpenStackClusters
+                  can be added as events to the OpenStackCluster object and/or logged
+                  in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a succinct value suitable for machine interpretation. \n This field
+                  should not be set for transitive errors that a controller faces
+                  that are expected to be fixed automatically over time (like service
+                  outages), but instead indicate that something is fundamentally wrong
+                  with the OpenStackCluster's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of OpenStackClusters can be added
+                  as events to the OpenStackCluster object and/or logged in the controller's
+                  output."
+                type: string
+              network:
+                description: Network contains all information about the created OpenStack
+                  Network. It includes Subnets and Router.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnetId:
+                              type: string
+                          required:
+                          - subnetId
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      networkId:
+                        description: ID of the OpenStack network on which to create
+                          the port. If unspecified, create the port on the default
+                          cluster network.
+                        type: string
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroups:
+                        items:
+                          type: string
+                        type: array
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              ready:
+                type: boolean
+              workerSecurityGroup:
+                description: WorkerSecurityGroup contains all the information about
+                  the OpenStack Security Group that needs to be applied to worker
+                  nodes.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for OpenStack instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: Network the cluster is using
+      jsonPath: .status.network.id
+      name: Network
+      type: string
+    - description: Subnet the cluster is using
+      jsonPath: .status.network.subnet.id
+      name: Subnet
+      type: string
+    - description: API Endpoint
+      jsonPath: .spec.controlPlaneEndpoint.host
+      name: Endpoint
+      priority: 1
+      type: string
+    - description: Bastion address for breakglass access
+      jsonPath: .status.bastion.floatingIP
+      name: Bastion IP
+      type: string
+    - description: Time duration since creation of OpenStackCluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha5
+    schema:
+      openAPIV3Schema:
+        description: OpenStackCluster is the Schema for the openstackclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+            properties:
+              allowAllInClusterTraffic:
+                description: AllowAllInClusterTraffic is only used when managed security
+                  groups are in use. If set to true, the rules for the managed security
+                  groups are configured so that all ingress and egress between cluster
+                  nodes is permitted, allowing CNIs other than Calico to be used.
+                type: boolean
+              apiServerFixedIP:
+                description: APIServerFixedIP is the fixed IP which will be associated
+                  with the API server. In the case where the API server has a floating
+                  IP but not a managed load balancer, this field is not used. If a
+                  managed load balancer is used and this field is not specified, a
+                  fixed IP will be dynamically allocated for the load balancer. If
+                  a managed load balancer is not used AND the API server floating
+                  IP is disabled, this field MUST be specified and should correspond
+                  to a pre-allocated port that holds the fixed IP to be used as a
+                  VIP.
+                type: string
+              apiServerFloatingIP:
+                description: APIServerFloatingIP is the floatingIP which will be associated
+                  with the API server. The floatingIP will be created if it does not
+                  already exist. If not specified, a new floatingIP is allocated.
+                  This field is not used if DisableAPIServerFloatingIP is set to true.
+                type: string
+              apiServerLoadBalancer:
+                description: 'APIServerLoadBalancer configures the optional LoadBalancer
+                  for the APIServer. It must be activated by setting `enabled: true`.'
+                properties:
+                  additionalPorts:
+                    description: AdditionalPorts adds additional tcp ports to the
+                      load balancer.
+                    items:
+                      type: integer
+                    type: array
+                  allowedCidrs:
+                    description: AllowedCIDRs restrict access to all API-Server listeners
+                      to the given address CIDRs.
+                    items:
+                      type: string
+                    type: array
+                  enabled:
+                    description: Enabled defines whether a load balancer should be
+                      created.
+                    type: boolean
+                type: object
+              apiServerPort:
+                description: APIServerPort is the port on which the listener on the
+                  APIServer will be created
+                type: integer
+              bastion:
+                description: "Bastion is the OpenStack instance to login the nodes
+                  \n As a rolling update is not ideal during a bastion host session,
+                  we prevent changes to a running bastion configuration. Set `enabled:
+                  false` to make changes."
+                properties:
+                  availabilityZone:
+                    type: string
+                  enabled:
+                    type: boolean
+                  instance:
+                    description: Instance for the bastion itself
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      imageUUID:
+                        description: The uuid of the image to use for your server
+                          instance. if it's empty, Image name will be used
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          availabilityZone:
+                            type: string
+                          diskSize:
+                            type: integer
+                          volumeType:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                type: object
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              controlPlaneAvailabilityZones:
+                description: ControlPlaneAvailabilityZones is the az to deploy control
+                  plane to
+                items:
+                  type: string
+                type: array
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              disableAPIServerFloatingIP:
+                description: DisableAPIServerFloatingIP determines whether or not
+                  to attempt to attach a floating IP to the API server. This allows
+                  for the creation of clusters when attaching a floating IP to the
+                  API server (and hence, in many cases, exposing the API server to
+                  the internet) is not possible or desirable, e.g. if using a shared
+                  VLAN for communication between management and workload clusters
+                  or when the management cluster is inside the project network. This
+                  option requires that the API server use a VIP on the cluster network
+                  so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+                  When using a managed load balancer, this VIP will be managed automatically.
+                  If not using a managed load balancer, cluster configuration will
+                  fail without additional configuration to manage the VIP on the control
+                  plane machines, which falls outside of the scope of this controller.
+                type: boolean
+              disablePortSecurity:
+                description: DisablePortSecurity disables the port security of the
+                  network created for the Kubernetes cluster, which also disables
+                  SecurityGroups
+                type: boolean
+              dnsNameservers:
+                description: DNSNameservers is the list of nameservers for OpenStack
+                  Subnet being created. Set this value when you need create a new
+                  network/subnet while the access through DNS is required.
+                items:
+                  type: string
+                type: array
+              externalNetworkId:
+                description: ExternalNetworkID is the ID of an external OpenStack
+                  Network. This is necessary to get public internet to the VMs.
+                type: string
+              externalRouterIPs:
+                description: ExternalRouterIPs is an array of externalIPs on the respective
+                  subnets. This is necessary if the router needs a fixed ip in a specific
+                  subnet.
+                items:
+                  properties:
+                    fixedIP:
+                      description: The FixedIP in the corresponding subnet
+                      type: string
+                    subnet:
+                      description: The subnet in which the FixedIP is used for the
+                        Gateway of this router
+                      properties:
+                        filter:
+                          description: Filters for optional subnet query
+                          properties:
+                            cidr:
+                              type: string
+                            description:
+                              type: string
+                            gateway_ip:
+                              type: string
+                            id:
+                              type: string
+                            ipVersion:
+                              type: integer
+                            ipv6AddressMode:
+                              type: string
+                            ipv6RaMode:
+                              type: string
+                            name:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                          type: object
+                        uuid:
+                          description: Optional UUID of the subnet. If specified this
+                            will not be validated prior to server creation. If specified,
+                            the enclosing `NetworkParam` must also be specified by
+                            UUID.
+                          type: string
+                      type: object
+                  required:
+                  - subnet
+                  type: object
+                type: array
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              managedSecurityGroups:
+                description: ManagedSecurityGroups determines whether OpenStack security
+                  groups for the cluster will be managed by the OpenStack provider
+                  or whether pre-existing security groups will be specified as part
+                  of the configuration. By default, the managed security groups have
+                  rules that allow the Kubelet, etcd, the Kubernetes API server and
+                  the Calico CNI plugin to function correctly.
+                type: boolean
+              network:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing network.
+                properties:
+                  description:
+                    type: string
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                type: object
+              nodeCidr:
+                description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+                  actuator will create a network, a subnet with NodeCIDR, and a router
+                  connected to this subnet. If you leave this empty, no network will
+                  be created.
+                type: string
+              subnet:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing subnet.
+                properties:
+                  cidr:
+                    type: string
+                  description:
+                    type: string
+                  gateway_ip:
+                    type: string
+                  id:
+                    type: string
+                  ipVersion:
+                    type: integer
+                  ipv6AddressMode:
+                    type: string
+                  ipv6RaMode:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                type: object
+              tags:
+                description: Tags for all resources in cluster
+                items:
+                  type: string
+                type: array
+            type: object
+          status:
+            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+            properties:
+              bastion:
+                properties:
+                  configDrive:
+                    type: boolean
+                  failureDomain:
+                    type: string
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  id:
+                    type: string
+                  image:
+                    type: string
+                  imageUUID:
+                    type: string
+                  ip:
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  name:
+                    type: string
+                  networks:
+                    items:
+                      description: Network represents basic information about an OpenStack
+                        Neutron Network associated with an instance's port.
+                      properties:
+                        apiServerLoadBalancer:
+                          description: Be careful when using APIServerLoadBalancer,
+                            because this field is optional and therefore not set in
+                            all cases
+                          properties:
+                            allowedCIDRs:
+                              items:
+                                type: string
+                              type: array
+                            id:
+                              type: string
+                            internalIP:
+                              type: string
+                            ip:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                          - id
+                          - internalIP
+                          - ip
+                          - name
+                          type: object
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        port:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        router:
+                          description: Router represents basic information about the
+                            associated OpenStack Neutron Router.
+                          properties:
+                            id:
+                              type: string
+                            ips:
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - id
+                          - name
+                          type: object
+                        subnet:
+                          description: Subnet represents basic information about the
+                            associated OpenStack Neutron Subnet.
+                          properties:
+                            cidr:
+                              type: string
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - cidr
+                          - id
+                          - name
+                          type: object
+                        tags:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - id
+                      - name
+                      type: object
+                    type: array
+                  rootVolume:
+                    properties:
+                      availabilityZone:
+                        type: string
+                      diskSize:
+                        type: integer
+                      volumeType:
+                        type: string
+                    type: object
+                  securigyGroups:
+                    items:
+                      type: string
+                    type: array
+                  serverGroupID:
+                    type: string
+                  sshKeyName:
+                    type: string
+                  state:
+                    description: InstanceState describes the state of an OpenStack
+                      instance.
+                    type: string
+                  subnet:
+                    type: string
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                  trunk:
+                    type: boolean
+                  userData:
+                    type: string
+                type: object
+              bastionSecurityGroup:
+                description: SecurityGroup represents the basic information of the
+                  associated OpenStack Neutron Security Group.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              controlPlaneSecurityGroup:
+                description: 'ControlPlaneSecurityGroups contains all the information
+                  about the OpenStack Security Group that needs to be applied to control
+                  plane nodes. TODO: Maybe instead of two properties, we add a property
+                  to the group?'
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              externalNetwork:
+                description: External Network contains information about the created
+                  OpenStack external network.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      allowedCIDRs:
+                        items:
+                          type: string
+                        type: array
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnet:
+                              description: Subnet is an openstack subnet query that
+                                will return the id of a subnet to create the fixed
+                                IP of a port in. This query must not return more than
+                                one subnet.
+                              properties:
+                                cidr:
+                                  type: string
+                                description:
+                                  type: string
+                                gateway_ip:
+                                  type: string
+                                id:
+                                  type: string
+                                ipVersion:
+                                  type: integer
+                                ipv6AddressMode:
+                                  type: string
+                                ipv6RaMode:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      network:
+                        description: Network is a query for an openstack network that
+                          the port will be created or discovered on. This will fail
+                          if the query returns more than one network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroupFilters:
+                        description: The names, uuids, filters or any combination
+                          these of the security groups to assign to the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      securityGroups:
+                        description: The uuids of the security groups to assign to
+                          the instance
+                        items:
+                          type: string
+                        type: array
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      ips:
+                        items:
+                          type: string
+                        type: array
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains represent OpenStack availability zones
+                type: object
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a more verbose string suitable for logging and human consumption.
+                  \n This field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the OpenStackCluster's spec or the configuration of the
+                  controller, and that manual intervention is required. Examples of
+                  terminal errors would be invalid combinations of settings in the
+                  spec, values that are unsupported by the controller, or the responsible
+                  controller itself being critically misconfigured. \n Any transient
+                  errors that occur during the reconciliation of OpenStackClusters
+                  can be added as events to the OpenStackCluster object and/or logged
+                  in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a succinct value suitable for machine interpretation. \n This field
+                  should not be set for transitive errors that a controller faces
+                  that are expected to be fixed automatically over time (like service
+                  outages), but instead indicate that something is fundamentally wrong
+                  with the OpenStackCluster's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of OpenStackClusters can be added
+                  as events to the OpenStackCluster object and/or logged in the controller's
+                  output."
+                type: string
+              network:
+                description: Network contains all information about the created OpenStack
+                  Network. It includes Subnets and Router.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      allowedCIDRs:
+                        items:
+                          type: string
+                        type: array
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnet:
+                              description: Subnet is an openstack subnet query that
+                                will return the id of a subnet to create the fixed
+                                IP of a port in. This query must not return more than
+                                one subnet.
+                              properties:
+                                cidr:
+                                  type: string
+                                description:
+                                  type: string
+                                gateway_ip:
+                                  type: string
+                                id:
+                                  type: string
+                                ipVersion:
+                                  type: integer
+                                ipv6AddressMode:
+                                  type: string
+                                ipv6RaMode:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      network:
+                        description: Network is a query for an openstack network that
+                          the port will be created or discovered on. This will fail
+                          if the query returns more than one network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroupFilters:
+                        description: The names, uuids, filters or any combination
+                          these of the security groups to assign to the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      securityGroups:
+                        description: The uuids of the security groups to assign to
+                          the instance
+                        items:
+                          type: string
+                        type: array
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      ips:
+                        items:
+                          type: string
+                        type: array
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              ready:
+                type: boolean
+              workerSecurityGroup:
+                description: WorkerSecurityGroup contains all the information about
+                  the OpenStack Security Group that needs to be applied to worker
+                  nodes.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackCluster belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: Cluster infrastructure is ready for OpenStack instances
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: Network the cluster is using
+      jsonPath: .status.network.id
+      name: Network
+      type: string
+    - description: Subnet the cluster is using
+      jsonPath: .status.network.subnet.id
+      name: Subnet
+      type: string
+    - description: API Endpoint
+      jsonPath: .spec.controlPlaneEndpoint.host
+      name: Endpoint
+      priority: 1
+      type: string
+    - description: Bastion address for breakglass access
+      jsonPath: .status.bastion.floatingIP
+      name: Bastion IP
+      type: string
+    - description: Time duration since creation of OpenStackCluster
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha6
+    schema:
+      openAPIV3Schema:
+        description: OpenStackCluster is the Schema for the openstackclusters API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+            properties:
+              allowAllInClusterTraffic:
+                description: AllowAllInClusterTraffic is only used when managed security
+                  groups are in use. If set to true, the rules for the managed security
+                  groups are configured so that all ingress and egress between cluster
+                  nodes is permitted, allowing CNIs other than Calico to be used.
+                type: boolean
+              apiServerFixedIP:
+                description: APIServerFixedIP is the fixed IP which will be associated
+                  with the API server. In the case where the API server has a floating
+                  IP but not a managed load balancer, this field is not used. If a
+                  managed load balancer is used and this field is not specified, a
+                  fixed IP will be dynamically allocated for the load balancer. If
+                  a managed load balancer is not used AND the API server floating
+                  IP is disabled, this field MUST be specified and should correspond
+                  to a pre-allocated port that holds the fixed IP to be used as a
+                  VIP.
+                type: string
+              apiServerFloatingIP:
+                description: APIServerFloatingIP is the floatingIP which will be associated
+                  with the API server. The floatingIP will be created if it does not
+                  already exist. If not specified, a new floatingIP is allocated.
+                  This field is not used if DisableAPIServerFloatingIP is set to true.
+                type: string
+              apiServerLoadBalancer:
+                description: 'APIServerLoadBalancer configures the optional LoadBalancer
+                  for the APIServer. It must be activated by setting `enabled: true`.'
+                properties:
+                  additionalPorts:
+                    description: AdditionalPorts adds additional tcp ports to the
+                      load balancer.
+                    items:
+                      type: integer
+                    type: array
+                  allowedCidrs:
+                    description: AllowedCIDRs restrict access to all API-Server listeners
+                      to the given address CIDRs.
+                    items:
+                      type: string
+                    type: array
+                  enabled:
+                    description: Enabled defines whether a load balancer should be
+                      created.
+                    type: boolean
+                type: object
+              apiServerPort:
+                description: APIServerPort is the port on which the listener on the
+                  APIServer will be created
+                type: integer
+              bastion:
+                description: "Bastion is the OpenStack instance to login the nodes
+                  \n As a rolling update is not ideal during a bastion host session,
+                  we prevent changes to a running bastion configuration. Set `enabled:
+                  false` to make changes."
+                properties:
+                  availabilityZone:
+                    type: string
+                  enabled:
+                    type: boolean
+                  instance:
+                    description: Instance for the bastion itself
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      imageUUID:
+                        description: The uuid of the image to use for your server
+                          instance. if it's empty, Image name will be used
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          availabilityZone:
+                            type: string
+                          diskSize:
+                            type: integer
+                          volumeType:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                type: object
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              controlPlaneAvailabilityZones:
+                description: ControlPlaneAvailabilityZones is the az to deploy control
+                  plane to
+                items:
+                  type: string
+                type: array
+                x-kubernetes-list-type: set
+              controlPlaneEndpoint:
+                description: ControlPlaneEndpoint represents the endpoint used to
+                  communicate with the control plane.
+                properties:
+                  host:
+                    description: The hostname on which the API server is serving.
+                    type: string
+                  port:
+                    description: The port on which the API server is serving.
+                    format: int32
+                    type: integer
+                required:
+                - host
+                - port
+                type: object
+              controlPlaneOmitAvailabilityZone:
+                description: Indicates whether to omit the az for control plane nodes,
+                  allowing the Nova scheduler to make a decision on which az to use
+                  based on other scheduling constraints
+                type: boolean
+              disableAPIServerFloatingIP:
+                description: DisableAPIServerFloatingIP determines whether or not
+                  to attempt to attach a floating IP to the API server. This allows
+                  for the creation of clusters when attaching a floating IP to the
+                  API server (and hence, in many cases, exposing the API server to
+                  the internet) is not possible or desirable, e.g. if using a shared
+                  VLAN for communication between management and workload clusters
+                  or when the management cluster is inside the project network. This
+                  option requires that the API server use a VIP on the cluster network
+                  so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+                  When using a managed load balancer, this VIP will be managed automatically.
+                  If not using a managed load balancer, cluster configuration will
+                  fail without additional configuration to manage the VIP on the control
+                  plane machines, which falls outside of the scope of this controller.
+                type: boolean
+              disablePortSecurity:
+                description: DisablePortSecurity disables the port security of the
+                  network created for the Kubernetes cluster, which also disables
+                  SecurityGroups
+                type: boolean
+              dnsNameservers:
+                description: DNSNameservers is the list of nameservers for OpenStack
+                  Subnet being created. Set this value when you need create a new
+                  network/subnet while the access through DNS is required.
+                items:
+                  type: string
+                type: array
+                x-kubernetes-list-type: set
+              externalNetworkId:
+                description: ExternalNetworkID is the ID of an external OpenStack
+                  Network. This is necessary to get public internet to the VMs.
+                type: string
+              externalRouterIPs:
+                description: ExternalRouterIPs is an array of externalIPs on the respective
+                  subnets. This is necessary if the router needs a fixed ip in a specific
+                  subnet.
+                items:
+                  properties:
+                    fixedIP:
+                      description: The FixedIP in the corresponding subnet
+                      type: string
+                    subnet:
+                      description: The subnet in which the FixedIP is used for the
+                        Gateway of this router
+                      properties:
+                        filter:
+                          description: Filters for optional subnet query
+                          properties:
+                            cidr:
+                              type: string
+                            description:
+                              type: string
+                            gateway_ip:
+                              type: string
+                            id:
+                              type: string
+                            ipVersion:
+                              type: integer
+                            ipv6AddressMode:
+                              type: string
+                            ipv6RaMode:
+                              type: string
+                            name:
+                              type: string
+                            notTags:
+                              type: string
+                            notTagsAny:
+                              type: string
+                            projectId:
+                              type: string
+                            tags:
+                              type: string
+                            tagsAny:
+                              type: string
+                          type: object
+                        uuid:
+                          description: Optional UUID of the subnet. If specified this
+                            will not be validated prior to server creation. If specified,
+                            the enclosing `NetworkParam` must also be specified by
+                            UUID.
+                          type: string
+                      type: object
+                  required:
+                  - subnet
+                  type: object
+                type: array
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              managedSecurityGroups:
+                description: ManagedSecurityGroups determines whether OpenStack security
+                  groups for the cluster will be managed by the OpenStack provider
+                  or whether pre-existing security groups will be specified as part
+                  of the configuration. By default, the managed security groups have
+                  rules that allow the Kubelet, etcd, the Kubernetes API server and
+                  the Calico CNI plugin to function correctly.
+                type: boolean
+              network:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing network.
+                properties:
+                  description:
+                    type: string
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                type: object
+              nodeCidr:
+                description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+                  actuator will create a network, a subnet with NodeCIDR, and a router
+                  connected to this subnet. If you leave this empty, no network will
+                  be created.
+                type: string
+              subnet:
+                description: If NodeCIDR cannot be set this can be used to detect
+                  an existing subnet.
+                properties:
+                  cidr:
+                    type: string
+                  description:
+                    type: string
+                  gateway_ip:
+                    type: string
+                  id:
+                    type: string
+                  ipVersion:
+                    type: integer
+                  ipv6AddressMode:
+                    type: string
+                  ipv6RaMode:
+                    type: string
+                  name:
+                    type: string
+                  notTags:
+                    type: string
+                  notTagsAny:
+                    type: string
+                  projectId:
+                    type: string
+                  tags:
+                    type: string
+                  tagsAny:
+                    type: string
+                type: object
+              tags:
+                description: Tags for all resources in cluster
+                items:
+                  type: string
+                type: array
+                x-kubernetes-list-type: set
+            type: object
+          status:
+            description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+            properties:
+              bastion:
+                properties:
+                  configDrive:
+                    type: boolean
+                  failureDomain:
+                    type: string
+                  flavor:
+                    type: string
+                  floatingIP:
+                    type: string
+                  id:
+                    type: string
+                  image:
+                    type: string
+                  imageUUID:
+                    type: string
+                  ip:
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  name:
+                    type: string
+                  networks:
+                    items:
+                      description: Network represents basic information about an OpenStack
+                        Neutron Network associated with an instance's port.
+                      properties:
+                        apiServerLoadBalancer:
+                          description: Be careful when using APIServerLoadBalancer,
+                            because this field is optional and therefore not set in
+                            all cases
+                          properties:
+                            allowedCIDRs:
+                              items:
+                                type: string
+                              type: array
+                            id:
+                              type: string
+                            internalIP:
+                              type: string
+                            ip:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                          - id
+                          - internalIP
+                          - ip
+                          - name
+                          type: object
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        port:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        router:
+                          description: Router represents basic information about the
+                            associated OpenStack Neutron Router.
+                          properties:
+                            id:
+                              type: string
+                            ips:
+                              items:
+                                type: string
+                              type: array
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - id
+                          - name
+                          type: object
+                        subnet:
+                          description: Subnet represents basic information about the
+                            associated OpenStack Neutron Subnet.
+                          properties:
+                            cidr:
+                              type: string
+                            id:
+                              type: string
+                            name:
+                              type: string
+                            tags:
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - cidr
+                          - id
+                          - name
+                          type: object
+                        tags:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - id
+                      - name
+                      type: object
+                    type: array
+                  rootVolume:
+                    properties:
+                      availabilityZone:
+                        type: string
+                      diskSize:
+                        type: integer
+                      volumeType:
+                        type: string
+                    type: object
+                  securigyGroups:
+                    items:
+                      type: string
+                    type: array
+                  serverGroupID:
+                    type: string
+                  sshKeyName:
+                    type: string
+                  state:
+                    description: InstanceState describes the state of an OpenStack
+                      instance.
+                    type: string
+                  subnet:
+                    type: string
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                  trunk:
+                    type: boolean
+                  userData:
+                    type: string
+                type: object
+              bastionSecurityGroup:
+                description: SecurityGroup represents the basic information of the
+                  associated OpenStack Neutron Security Group.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              controlPlaneSecurityGroup:
+                description: 'ControlPlaneSecurityGroups contains all the information
+                  about the OpenStack Security Group that needs to be applied to control
+                  plane nodes. TODO: Maybe instead of two properties, we add a property
+                  to the group?'
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+              externalNetwork:
+                description: External Network contains information about the created
+                  OpenStack external network.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      allowedCIDRs:
+                        items:
+                          type: string
+                        type: array
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnet:
+                              description: Subnet is an openstack subnet query that
+                                will return the id of a subnet to create the fixed
+                                IP of a port in. This query must not return more than
+                                one subnet.
+                              properties:
+                                cidr:
+                                  type: string
+                                description:
+                                  type: string
+                                gateway_ip:
+                                  type: string
+                                id:
+                                  type: string
+                                ipVersion:
+                                  type: integer
+                                ipv6AddressMode:
+                                  type: string
+                                ipv6RaMode:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      network:
+                        description: Network is a query for an openstack network that
+                          the port will be created or discovered on. This will fail
+                          if the query returns more than one network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroupFilters:
+                        description: The names, uuids, filters or any combination
+                          these of the security groups to assign to the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      securityGroups:
+                        description: The uuids of the security groups to assign to
+                          the instance
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      ips:
+                        items:
+                          type: string
+                        type: array
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              failureDomains:
+                additionalProperties:
+                  description: FailureDomainSpec is the Schema for Cluster API failure
+                    domains. It allows controllers to understand how many failure
+                    domains a cluster can optionally span across.
+                  properties:
+                    attributes:
+                      additionalProperties:
+                        type: string
+                      description: Attributes is a free form map of attributes an
+                        infrastructure provider might use or require.
+                      type: object
+                    controlPlane:
+                      description: ControlPlane determines if this failure domain
+                        is suitable for use by control plane machines.
+                      type: boolean
+                  type: object
+                description: FailureDomains represent OpenStack availability zones
+                type: object
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a more verbose string suitable for logging and human consumption.
+                  \n This field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the OpenStackCluster's spec or the configuration of the
+                  controller, and that manual intervention is required. Examples of
+                  terminal errors would be invalid combinations of settings in the
+                  spec, values that are unsupported by the controller, or the responsible
+                  controller itself being critically misconfigured. \n Any transient
+                  errors that occur during the reconciliation of OpenStackClusters
+                  can be added as events to the OpenStackCluster object and/or logged
+                  in the controller's output."
+                type: string
+              failureReason:
+                description: "FailureReason will be set in the event that there is
+                  a terminal problem reconciling the OpenStackCluster and will contain
+                  a succinct value suitable for machine interpretation. \n This field
+                  should not be set for transitive errors that a controller faces
+                  that are expected to be fixed automatically over time (like service
+                  outages), but instead indicate that something is fundamentally wrong
+                  with the OpenStackCluster's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of OpenStackClusters can be added
+                  as events to the OpenStackCluster object and/or logged in the controller's
+                  output."
+                type: string
+              network:
+                description: Network contains all information about the created OpenStack
+                  Network. It includes Subnets and Router.
+                properties:
+                  apiServerLoadBalancer:
+                    description: Be careful when using APIServerLoadBalancer, because
+                      this field is optional and therefore not set in all cases
+                    properties:
+                      allowedCIDRs:
+                        items:
+                          type: string
+                        type: array
+                      id:
+                        type: string
+                      internalIP:
+                        type: string
+                      ip:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - id
+                    - internalIP
+                    - ip
+                    - name
+                    type: object
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  port:
+                    properties:
+                      adminStateUp:
+                        type: boolean
+                      allowedAddressPairs:
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            macAddress:
+                              type: string
+                          type: object
+                        type: array
+                      description:
+                        type: string
+                      disablePortSecurity:
+                        description: DisablePortSecurity enables or disables the port
+                          security when set. When not set, it takes the value of the
+                          corresponding field at the network level.
+                        type: boolean
+                      fixedIPs:
+                        description: Specify pairs of subnet and/or IP address. These
+                          should be subnets of the network with the given NetworkID.
+                        items:
+                          properties:
+                            ipAddress:
+                              type: string
+                            subnet:
+                              description: Subnet is an openstack subnet query that
+                                will return the id of a subnet to create the fixed
+                                IP of a port in. This query must not return more than
+                                one subnet.
+                              properties:
+                                cidr:
+                                  type: string
+                                description:
+                                  type: string
+                                gateway_ip:
+                                  type: string
+                                id:
+                                  type: string
+                                ipVersion:
+                                  type: integer
+                                ipv6AddressMode:
+                                  type: string
+                                ipv6RaMode:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      hostId:
+                        description: The ID of the host where the port is allocated
+                        type: string
+                      macAddress:
+                        type: string
+                      nameSuffix:
+                        description: Used to make the name of the port unique. If
+                          unspecified, instead the 0-based index of the port in the
+                          list is used.
+                        type: string
+                      network:
+                        description: Network is a query for an openstack network that
+                          the port will be created or discovered on. This will fail
+                          if the query returns more than one network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      profile:
+                        additionalProperties:
+                          type: string
+                        description: A dictionary that enables the application running
+                          on the specified host to pass and receive virtual network
+                          interface (VIF) port-specific information to the plug-in.
+                        type: object
+                      projectId:
+                        type: string
+                      securityGroupFilters:
+                        description: The names, uuids, filters or any combination
+                          these of the security groups to assign to the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      securityGroups:
+                        description: The uuids of the security groups to assign to
+                          the instance
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      tags:
+                        description: Tags applied to the port (and corresponding trunk,
+                          if a trunk is configured.) These tags are applied in addition
+                          to the instance's tags, which will also be applied to the
+                          port.
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      tenantId:
+                        type: string
+                      trunk:
+                        description: Enables and disables trunk at port level. If
+                          not provided, openStackMachine.Spec.Trunk is inherited.
+                        type: boolean
+                      vnicType:
+                        description: The virtual network interface card (vNIC) type
+                          that is bound to the neutron port.
+                        type: string
+                    type: object
+                  router:
+                    description: Router represents basic information about the associated
+                      OpenStack Neutron Router.
+                    properties:
+                      id:
+                        type: string
+                      ips:
+                        items:
+                          type: string
+                        type: array
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - id
+                    - name
+                    type: object
+                  subnet:
+                    description: Subnet represents basic information about the associated
+                      OpenStack Neutron Subnet.
+                    properties:
+                      cidr:
+                        type: string
+                      id:
+                        type: string
+                      name:
+                        type: string
+                      tags:
+                        items:
+                          type: string
+                        type: array
+                    required:
+                    - cidr
+                    - id
+                    - name
+                    type: object
+                  tags:
+                    items:
+                      type: string
+                    type: array
+                required:
+                - id
+                - name
+                type: object
+              ready:
+                type: boolean
+              workerSecurityGroup:
+                description: WorkerSecurityGroup contains all the information about
+                  the OpenStack Security Group that needs to be applied to worker
+                  nodes.
+                properties:
+                  id:
+                    type: string
+                  name:
+                    type: string
+                  rules:
+                    items:
+                      description: SecurityGroupRule represent the basic information
+                        of the associated OpenStack Security Group Role.
+                      properties:
+                        description:
+                          type: string
+                        direction:
+                          type: string
+                        etherType:
+                          type: string
+                        name:
+                          type: string
+                        portRangeMax:
+                          type: integer
+                        portRangeMin:
+                          type: integer
+                        protocol:
+                          type: string
+                        remoteGroupID:
+                          type: string
+                        remoteIPPrefix:
+                          type: string
+                        securityGroupID:
+                          type: string
+                      required:
+                      - description
+                      - direction
+                      - etherType
+                      - name
+                      - portRangeMax
+                      - portRangeMin
+                      - protocol
+                      - remoteGroupID
+                      - remoteIPPrefix
+                      - securityGroupID
+                      type: object
+                    type: array
+                required:
+                - id
+                - name
+                - rules
+                type: object
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+    controller-gen.kubebuilder.io/version: v0.9.2
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+  name: openstackclustertemplates.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capo-webhook-service
+          namespace: capo-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: OpenStackClusterTemplate
+    listKind: OpenStackClusterTemplateList
+    plural: openstackclustertemplates
+    shortNames:
+    - osct
+    singular: openstackclustertemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterTemplateSpec defines the desired state of
+              OpenStackClusterTemplate.
+            properties:
+              template:
+                description: OpenStackClusterTemplateResource describes the data needed
+                  to create a OpenStackCluster from a template.
+                properties:
+                  spec:
+                    description: OpenStackClusterSpec defines the desired state of
+                      OpenStackCluster.
+                    properties:
+                      allowAllInClusterTraffic:
+                        description: AllowAllInClusterTraffic is only used when managed
+                          security groups are in use. If set to true, the rules for
+                          the managed security groups are configured so that all ingress
+                          and egress between cluster nodes is permitted, allowing
+                          CNIs other than Calico to be used.
+                        type: boolean
+                      apiServerFixedIP:
+                        description: APIServerFixedIP is the fixed IP which will be
+                          associated with the API server. In the case where the API
+                          server has a floating IP but not a managed load balancer,
+                          this field is not used. If a managed load balancer is used
+                          and this field is not specified, a fixed IP will be dynamically
+                          allocated for the load balancer. If a managed load balancer
+                          is not used AND the API server floating IP is disabled,
+                          this field MUST be specified and should correspond to a
+                          pre-allocated port that holds the fixed IP to be used as
+                          a VIP.
+                        type: string
+                      apiServerFloatingIP:
+                        description: APIServerFloatingIP is the floatingIP which will
+                          be associated with the API server. The floatingIP will be
+                          created if it does not already exist. If not specified,
+                          a new floatingIP is allocated. This field is not used if
+                          DisableAPIServerFloatingIP is set to true.
+                        type: string
+                      apiServerLoadBalancerAdditionalPorts:
+                        description: APIServerLoadBalancerAdditionalPorts adds additional
+                          ports to the APIServerLoadBalancer
+                        items:
+                          type: integer
+                        type: array
+                      apiServerPort:
+                        description: APIServerPort is the port on which the listener
+                          on the APIServer will be created
+                        type: integer
+                      bastion:
+                        description: "Bastion is the OpenStack instance to login the
+                          nodes \n As a rolling update is not ideal during a bastion
+                          host session, we prevent changes to a running bastion configuration.
+                          Set `enabled: false` to make changes."
+                        properties:
+                          availabilityZone:
+                            type: string
+                          enabled:
+                            type: boolean
+                          instance:
+                            description: Instance for the bastion itself
+                            properties:
+                              cloudName:
+                                description: The name of the cloud to use from the
+                                  clouds secret
+                                type: string
+                              configDrive:
+                                description: Config Drive support
+                                type: boolean
+                              flavor:
+                                description: The flavor reference for the flavor for
+                                  your server instance.
+                                type: string
+                              floatingIP:
+                                description: The floatingIP which will be associated
+                                  to the machine, only used for master. The floatingIP
+                                  should have been created and haven't been associated.
+                                type: string
+                              identityRef:
+                                description: IdentityRef is a reference to a identity
+                                  to be used when reconciling this cluster
+                                properties:
+                                  kind:
+                                    description: Kind of the identity. Must be supported
+                                      by the infrastructure provider and may be either
+                                      cluster or namespace-scoped.
+                                    minLength: 1
+                                    type: string
+                                  name:
+                                    description: Name of the infrastructure identity
+                                      to be used. Must be either a cluster-scoped
+                                      resource, or namespaced-scoped resource the
+                                      same namespace as the resource(s) being provisioned.
+                                    type: string
+                                required:
+                                - kind
+                                - name
+                                type: object
+                              image:
+                                description: The name of the image to use for your
+                                  server instance. If the RootVolume is specified,
+                                  this will be ignored and use rootVolume directly.
+                                type: string
+                              instanceID:
+                                description: InstanceID is the OpenStack instance
+                                  ID for this machine.
+                                type: string
+                              networks:
+                                description: A networks object. Required parameter
+                                  when there are multiple networks defined for the
+                                  tenant. When you do not specify both networks and
+                                  ports parameters, the server attaches to the only
+                                  network created for the current tenant.
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters for optional network query
+                                      properties:
+                                        adminStateUp:
+                                          type: boolean
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        limit:
+                                          type: integer
+                                        marker:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        shared:
+                                          type: boolean
+                                        sortDir:
+                                          type: string
+                                        sortKey:
+                                          type: string
+                                        status:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                        tenantId:
+                                          type: string
+                                      type: object
+                                    fixedIP:
+                                      description: A fixed IPv4 address for the NIC.
+                                      type: string
+                                    subnets:
+                                      description: Subnet within a network to use
+                                      items:
+                                        properties:
+                                          filter:
+                                            description: Filters for optional subnet
+                                              query
+                                            properties:
+                                              cidr:
+                                                type: string
+                                              description:
+                                                type: string
+                                              enableDhcp:
+                                                type: boolean
+                                              gateway_ip:
+                                                type: string
+                                              id:
+                                                type: string
+                                              ipVersion:
+                                                type: integer
+                                              ipv6AddressMode:
+                                                type: string
+                                              ipv6RaMode:
+                                                type: string
+                                              limit:
+                                                type: integer
+                                              marker:
+                                                type: string
+                                              name:
+                                                type: string
+                                              networkId:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              sortDir:
+                                                type: string
+                                              sortKey:
+                                                type: string
+                                              subnetpoolId:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                              tenantId:
+                                                type: string
+                                            type: object
+                                          uuid:
+                                            description: Optional UUID of the subnet.
+                                              If specified this will not be validated
+                                              prior to server creation. If specified,
+                                              the enclosing `NetworkParam` must also
+                                              be specified by UUID.
+                                            type: string
+                                        type: object
+                                      type: array
+                                    uuid:
+                                      description: Optional UUID of the network. If
+                                        specified this will not be validated prior
+                                        to server creation. Required if `Subnets`
+                                        specifies a subnet by UUID.
+                                      type: string
+                                  type: object
+                                type: array
+                              ports:
+                                description: Ports to be attached to the server instance.
+                                  They are created if a port with the given name does
+                                  not already exist. When you do not specify both
+                                  networks and ports parameters, the server attaches
+                                  to the only network created for the current tenant.
+                                items:
+                                  properties:
+                                    adminStateUp:
+                                      type: boolean
+                                    allowedAddressPairs:
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          macAddress:
+                                            type: string
+                                        type: object
+                                      type: array
+                                    description:
+                                      type: string
+                                    disablePortSecurity:
+                                      description: DisablePortSecurity enables or
+                                        disables the port security when set. When
+                                        not set, it takes the value of the corresponding
+                                        field at the network level.
+                                      type: boolean
+                                    fixedIPs:
+                                      description: Specify pairs of subnet and/or
+                                        IP address. These should be subnets of the
+                                        network with the given NetworkID.
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          subnetId:
+                                            type: string
+                                        required:
+                                        - subnetId
+                                        type: object
+                                      type: array
+                                    hostId:
+                                      description: The ID of the host where the port
+                                        is allocated
+                                      type: string
+                                    macAddress:
+                                      type: string
+                                    nameSuffix:
+                                      description: Used to make the name of the port
+                                        unique. If unspecified, instead the 0-based
+                                        index of the port in the list is used.
+                                      type: string
+                                    networkId:
+                                      description: ID of the OpenStack network on
+                                        which to create the port. If unspecified,
+                                        create the port on the default cluster network.
+                                      type: string
+                                    profile:
+                                      additionalProperties:
+                                        type: string
+                                      description: A dictionary that enables the application
+                                        running on the specified host to pass and
+                                        receive virtual network interface (VIF) port-specific
+                                        information to the plug-in.
+                                      type: object
+                                    projectId:
+                                      type: string
+                                    securityGroups:
+                                      items:
+                                        type: string
+                                      type: array
+                                    tags:
+                                      description: Tags applied to the port (and corresponding
+                                        trunk, if a trunk is configured.) These tags
+                                        are applied in addition to the instance's
+                                        tags, which will also be applied to the port.
+                                      items:
+                                        type: string
+                                      type: array
+                                    tenantId:
+                                      type: string
+                                    trunk:
+                                      description: Enables and disables trunk at port
+                                        level. If not provided, openStackMachine.Spec.Trunk
+                                        is inherited.
+                                      type: boolean
+                                    vnicType:
+                                      description: The virtual network interface card
+                                        (vNIC) type that is bound to the neutron port.
+                                      type: string
+                                  type: object
+                                type: array
+                              providerID:
+                                description: ProviderID is the unique identifier as
+                                  specified by the cloud provider.
+                                type: string
+                              rootVolume:
+                                description: The volume metadata to boot from
+                                properties:
+                                  deviceType:
+                                    type: string
+                                  diskSize:
+                                    type: integer
+                                  sourceType:
+                                    type: string
+                                  sourceUUID:
+                                    type: string
+                                type: object
+                              securityGroups:
+                                description: The names of the security groups to assign
+                                  to the instance
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters used to query security
+                                        groups in openstack
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        limit:
+                                          type: integer
+                                        marker:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        sortDir:
+                                          type: string
+                                        sortKey:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                        tenantId:
+                                          type: string
+                                      type: object
+                                    name:
+                                      description: Security Group name
+                                      type: string
+                                    uuid:
+                                      description: Security Group UID
+                                      type: string
+                                  type: object
+                                type: array
+                              serverGroupID:
+                                description: The server group to assign the machine
+                                  to
+                                type: string
+                              serverMetadata:
+                                additionalProperties:
+                                  type: string
+                                description: Metadata mapping. Allows you to create
+                                  a map of key value pairs to add to the server instance.
+                                type: object
+                              sshKeyName:
+                                description: The ssh key to inject in the instance
+                                type: string
+                              subnet:
+                                description: UUID, IP address of a port from this
+                                  subnet will be marked as AccessIPv4 on the created
+                                  compute instance
+                                type: string
+                              tags:
+                                description: Machine tags Requires Nova api 2.52 minimum!
+                                items:
+                                  type: string
+                                type: array
+                              trunk:
+                                description: Whether the server instance is created
+                                  on a trunk port or not.
+                                type: boolean
+                            required:
+                            - flavor
+                            type: object
+                        type: object
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      controlPlaneAvailabilityZones:
+                        description: ControlPlaneAvailabilityZones is the az to deploy
+                          control plane to
+                        items:
+                          type: string
+                        type: array
+                      controlPlaneEndpoint:
+                        description: ControlPlaneEndpoint represents the endpoint
+                          used to communicate with the control plane.
+                        properties:
+                          host:
+                            description: The hostname on which the API server is serving.
+                            type: string
+                          port:
+                            description: The port on which the API server is serving.
+                            format: int32
+                            type: integer
+                        required:
+                        - host
+                        - port
+                        type: object
+                      disableAPIServerFloatingIP:
+                        description: DisableAPIServerFloatingIP determines whether
+                          or not to attempt to attach a floating IP to the API server.
+                          This allows for the creation of clusters when attaching
+                          a floating IP to the API server (and hence, in many cases,
+                          exposing the API server to the internet) is not possible
+                          or desirable, e.g. if using a shared VLAN for communication
+                          between management and workload clusters or when the management
+                          cluster is inside the project network. This option requires
+                          that the API server use a VIP on the cluster network so
+                          that the underlying machines can change without changing
+                          ControlPlaneEndpoint.Host. When using a managed load balancer,
+                          this VIP will be managed automatically. If not using a managed
+                          load balancer, cluster configuration will fail without additional
+                          configuration to manage the VIP on the control plane machines,
+                          which falls outside of the scope of this controller.
+                        type: boolean
+                      disablePortSecurity:
+                        description: DisablePortSecurity disables the port security
+                          of the network created for the Kubernetes cluster, which
+                          also disables SecurityGroups
+                        type: boolean
+                      dnsNameservers:
+                        description: DNSNameservers is the list of nameservers for
+                          OpenStack Subnet being created. Set this value when you
+                          need create a new network/subnet while the access through
+                          DNS is required.
+                        items:
+                          type: string
+                        type: array
+                      externalNetworkId:
+                        description: ExternalNetworkID is the ID of an external OpenStack
+                          Network. This is necessary to get public internet to the
+                          VMs.
+                        type: string
+                      externalRouterIPs:
+                        description: ExternalRouterIPs is an array of externalIPs
+                          on the respective subnets. This is necessary if the router
+                          needs a fixed ip in a specific subnet.
+                        items:
+                          properties:
+                            fixedIP:
+                              description: The FixedIP in the corresponding subnet
+                              type: string
+                            subnet:
+                              description: The subnet in which the FixedIP is used
+                                for the Gateway of this router
+                              properties:
+                                filter:
+                                  description: Filters for optional subnet query
+                                  properties:
+                                    cidr:
+                                      type: string
+                                    description:
+                                      type: string
+                                    enableDhcp:
+                                      type: boolean
+                                    gateway_ip:
+                                      type: string
+                                    id:
+                                      type: string
+                                    ipVersion:
+                                      type: integer
+                                    ipv6AddressMode:
+                                      type: string
+                                    ipv6RaMode:
+                                      type: string
+                                    limit:
+                                      type: integer
+                                    marker:
+                                      type: string
+                                    name:
+                                      type: string
+                                    networkId:
+                                      type: string
+                                    notTags:
+                                      type: string
+                                    notTagsAny:
+                                      type: string
+                                    projectId:
+                                      type: string
+                                    sortDir:
+                                      type: string
+                                    sortKey:
+                                      type: string
+                                    subnetpoolId:
+                                      type: string
+                                    tags:
+                                      type: string
+                                    tagsAny:
+                                      type: string
+                                    tenantId:
+                                      type: string
+                                  type: object
+                                uuid:
+                                  description: Optional UUID of the subnet. If specified
+                                    this will not be validated prior to server creation.
+                                    If specified, the enclosing `NetworkParam` must
+                                    also be specified by UUID.
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      managedAPIServerLoadBalancer:
+                        description: ManagedAPIServerLoadBalancer defines whether
+                          a LoadBalancer for the APIServer should be created.
+                        type: boolean
+                      managedSecurityGroups:
+                        description: ManagedSecurityGroups determines whether OpenStack
+                          security groups for the cluster will be managed by the OpenStack
+                          provider or whether pre-existing security groups will be
+                          specified as part of the configuration. By default, the
+                          managed security groups have rules that allow the Kubelet,
+                          etcd, the Kubernetes API server and the Calico CNI plugin
+                          to function correctly.
+                        type: boolean
+                      network:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing network.
+                        properties:
+                          adminStateUp:
+                            type: boolean
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          limit:
+                            type: integer
+                          marker:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          shared:
+                            type: boolean
+                          sortDir:
+                            type: string
+                          sortKey:
+                            type: string
+                          status:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                          tenantId:
+                            type: string
+                        type: object
+                      nodeCidr:
+                        description: NodeCIDR is the OpenStack Subnet to be created.
+                          Cluster actuator will create a network, a subnet with NodeCIDR,
+                          and a router connected to this subnet. If you leave this
+                          empty, no network will be created.
+                        type: string
+                      subnet:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing subnet.
+                        properties:
+                          cidr:
+                            type: string
+                          description:
+                            type: string
+                          enableDhcp:
+                            type: boolean
+                          gateway_ip:
+                            type: string
+                          id:
+                            type: string
+                          ipVersion:
+                            type: integer
+                          ipv6AddressMode:
+                            type: string
+                          ipv6RaMode:
+                            type: string
+                          limit:
+                            type: integer
+                          marker:
+                            type: string
+                          name:
+                            type: string
+                          networkId:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          sortDir:
+                            type: string
+                          sortKey:
+                            type: string
+                          subnetpoolId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                          tenantId:
+                            type: string
+                        type: object
+                      tags:
+                        description: Tags for all resources in cluster
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha5
+    schema:
+      openAPIV3Schema:
+        description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterTemplateSpec defines the desired state of
+              OpenStackClusterTemplate.
+            properties:
+              template:
+                description: OpenStackClusterTemplateResource describes the data needed
+                  to create a OpenStackCluster from a template.
+                properties:
+                  spec:
+                    description: OpenStackClusterSpec defines the desired state of
+                      OpenStackCluster.
+                    properties:
+                      allowAllInClusterTraffic:
+                        description: AllowAllInClusterTraffic is only used when managed
+                          security groups are in use. If set to true, the rules for
+                          the managed security groups are configured so that all ingress
+                          and egress between cluster nodes is permitted, allowing
+                          CNIs other than Calico to be used.
+                        type: boolean
+                      apiServerFixedIP:
+                        description: APIServerFixedIP is the fixed IP which will be
+                          associated with the API server. In the case where the API
+                          server has a floating IP but not a managed load balancer,
+                          this field is not used. If a managed load balancer is used
+                          and this field is not specified, a fixed IP will be dynamically
+                          allocated for the load balancer. If a managed load balancer
+                          is not used AND the API server floating IP is disabled,
+                          this field MUST be specified and should correspond to a
+                          pre-allocated port that holds the fixed IP to be used as
+                          a VIP.
+                        type: string
+                      apiServerFloatingIP:
+                        description: APIServerFloatingIP is the floatingIP which will
+                          be associated with the API server. The floatingIP will be
+                          created if it does not already exist. If not specified,
+                          a new floatingIP is allocated. This field is not used if
+                          DisableAPIServerFloatingIP is set to true.
+                        type: string
+                      apiServerLoadBalancer:
+                        description: 'APIServerLoadBalancer configures the optional
+                          LoadBalancer for the APIServer. It must be activated by
+                          setting `enabled: true`.'
+                        properties:
+                          additionalPorts:
+                            description: AdditionalPorts adds additional tcp ports
+                              to the load balancer.
+                            items:
+                              type: integer
+                            type: array
+                          allowedCidrs:
+                            description: AllowedCIDRs restrict access to all API-Server
+                              listeners to the given address CIDRs.
+                            items:
+                              type: string
+                            type: array
+                          enabled:
+                            description: Enabled defines whether a load balancer should
+                              be created.
+                            type: boolean
+                        type: object
+                      apiServerPort:
+                        description: APIServerPort is the port on which the listener
+                          on the APIServer will be created
+                        type: integer
+                      bastion:
+                        description: "Bastion is the OpenStack instance to login the
+                          nodes \n As a rolling update is not ideal during a bastion
+                          host session, we prevent changes to a running bastion configuration.
+                          Set `enabled: false` to make changes."
+                        properties:
+                          availabilityZone:
+                            type: string
+                          enabled:
+                            type: boolean
+                          instance:
+                            description: Instance for the bastion itself
+                            properties:
+                              cloudName:
+                                description: The name of the cloud to use from the
+                                  clouds secret
+                                type: string
+                              configDrive:
+                                description: Config Drive support
+                                type: boolean
+                              flavor:
+                                description: The flavor reference for the flavor for
+                                  your server instance.
+                                type: string
+                              floatingIP:
+                                description: The floatingIP which will be associated
+                                  to the machine, only used for master. The floatingIP
+                                  should have been created and haven't been associated.
+                                type: string
+                              identityRef:
+                                description: IdentityRef is a reference to a identity
+                                  to be used when reconciling this cluster
+                                properties:
+                                  kind:
+                                    description: Kind of the identity. Must be supported
+                                      by the infrastructure provider and may be either
+                                      cluster or namespace-scoped.
+                                    minLength: 1
+                                    type: string
+                                  name:
+                                    description: Name of the infrastructure identity
+                                      to be used. Must be either a cluster-scoped
+                                      resource, or namespaced-scoped resource the
+                                      same namespace as the resource(s) being provisioned.
+                                    type: string
+                                required:
+                                - kind
+                                - name
+                                type: object
+                              image:
+                                description: The name of the image to use for your
+                                  server instance. If the RootVolume is specified,
+                                  this will be ignored and use rootVolume directly.
+                                type: string
+                              imageUUID:
+                                description: The uuid of the image to use for your
+                                  server instance. if it's empty, Image name will
+                                  be used
+                                type: string
+                              instanceID:
+                                description: InstanceID is the OpenStack instance
+                                  ID for this machine.
+                                type: string
+                              networks:
+                                description: A networks object. Required parameter
+                                  when there are multiple networks defined for the
+                                  tenant. When you do not specify both networks and
+                                  ports parameters, the server attaches to the only
+                                  network created for the current tenant.
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters for optional network query
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                      type: object
+                                    fixedIP:
+                                      description: A fixed IPv4 address for the NIC.
+                                      type: string
+                                    subnets:
+                                      description: Subnet within a network to use
+                                      items:
+                                        properties:
+                                          filter:
+                                            description: Filters for optional subnet
+                                              query
+                                            properties:
+                                              cidr:
+                                                type: string
+                                              description:
+                                                type: string
+                                              gateway_ip:
+                                                type: string
+                                              id:
+                                                type: string
+                                              ipVersion:
+                                                type: integer
+                                              ipv6AddressMode:
+                                                type: string
+                                              ipv6RaMode:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                            type: object
+                                          uuid:
+                                            description: Optional UUID of the subnet.
+                                              If specified this will not be validated
+                                              prior to server creation. If specified,
+                                              the enclosing `NetworkParam` must also
+                                              be specified by UUID.
+                                            type: string
+                                        type: object
+                                      type: array
+                                    uuid:
+                                      description: Optional UUID of the network. If
+                                        specified this will not be validated prior
+                                        to server creation. Required if `Subnets`
+                                        specifies a subnet by UUID.
+                                      type: string
+                                  type: object
+                                type: array
+                              ports:
+                                description: Ports to be attached to the server instance.
+                                  They are created if a port with the given name does
+                                  not already exist. When you do not specify both
+                                  networks and ports parameters, the server attaches
+                                  to the only network created for the current tenant.
+                                items:
+                                  properties:
+                                    adminStateUp:
+                                      type: boolean
+                                    allowedAddressPairs:
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          macAddress:
+                                            type: string
+                                        type: object
+                                      type: array
+                                    description:
+                                      type: string
+                                    disablePortSecurity:
+                                      description: DisablePortSecurity enables or
+                                        disables the port security when set. When
+                                        not set, it takes the value of the corresponding
+                                        field at the network level.
+                                      type: boolean
+                                    fixedIPs:
+                                      description: Specify pairs of subnet and/or
+                                        IP address. These should be subnets of the
+                                        network with the given NetworkID.
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          subnet:
+                                            description: Subnet is an openstack subnet
+                                              query that will return the id of a subnet
+                                              to create the fixed IP of a port in.
+                                              This query must not return more than
+                                              one subnet.
+                                            properties:
+                                              cidr:
+                                                type: string
+                                              description:
+                                                type: string
+                                              gateway_ip:
+                                                type: string
+                                              id:
+                                                type: string
+                                              ipVersion:
+                                                type: integer
+                                              ipv6AddressMode:
+                                                type: string
+                                              ipv6RaMode:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                            type: object
+                                        required:
+                                        - subnet
+                                        type: object
+                                      type: array
+                                    hostId:
+                                      description: The ID of the host where the port
+                                        is allocated
+                                      type: string
+                                    macAddress:
+                                      type: string
+                                    nameSuffix:
+                                      description: Used to make the name of the port
+                                        unique. If unspecified, instead the 0-based
+                                        index of the port in the list is used.
+                                      type: string
+                                    network:
+                                      description: Network is a query for an openstack
+                                        network that the port will be created or discovered
+                                        on. This will fail if the query returns more
+                                        than one network.
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                      type: object
+                                    profile:
+                                      additionalProperties:
+                                        type: string
+                                      description: A dictionary that enables the application
+                                        running on the specified host to pass and
+                                        receive virtual network interface (VIF) port-specific
+                                        information to the plug-in.
+                                      type: object
+                                    projectId:
+                                      type: string
+                                    securityGroupFilters:
+                                      description: The names, uuids, filters or any
+                                        combination these of the security groups to
+                                        assign to the instance
+                                      items:
+                                        properties:
+                                          filter:
+                                            description: Filters used to query security
+                                              groups in openstack
+                                            properties:
+                                              description:
+                                                type: string
+                                              id:
+                                                type: string
+                                              limit:
+                                                type: integer
+                                              marker:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              sortDir:
+                                                type: string
+                                              sortKey:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                              tenantId:
+                                                type: string
+                                            type: object
+                                          name:
+                                            description: Security Group name
+                                            type: string
+                                          uuid:
+                                            description: Security Group UID
+                                            type: string
+                                        type: object
+                                      type: array
+                                    securityGroups:
+                                      description: The uuids of the security groups
+                                        to assign to the instance
+                                      items:
+                                        type: string
+                                      type: array
+                                    tags:
+                                      description: Tags applied to the port (and corresponding
+                                        trunk, if a trunk is configured.) These tags
+                                        are applied in addition to the instance's
+                                        tags, which will also be applied to the port.
+                                      items:
+                                        type: string
+                                      type: array
+                                    tenantId:
+                                      type: string
+                                    trunk:
+                                      description: Enables and disables trunk at port
+                                        level. If not provided, openStackMachine.Spec.Trunk
+                                        is inherited.
+                                      type: boolean
+                                    vnicType:
+                                      description: The virtual network interface card
+                                        (vNIC) type that is bound to the neutron port.
+                                      type: string
+                                  type: object
+                                type: array
+                              providerID:
+                                description: ProviderID is the unique identifier as
+                                  specified by the cloud provider.
+                                type: string
+                              rootVolume:
+                                description: The volume metadata to boot from
+                                properties:
+                                  availabilityZone:
+                                    type: string
+                                  diskSize:
+                                    type: integer
+                                  volumeType:
+                                    type: string
+                                type: object
+                              securityGroups:
+                                description: The names of the security groups to assign
+                                  to the instance
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters used to query security
+                                        groups in openstack
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        limit:
+                                          type: integer
+                                        marker:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        sortDir:
+                                          type: string
+                                        sortKey:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                        tenantId:
+                                          type: string
+                                      type: object
+                                    name:
+                                      description: Security Group name
+                                      type: string
+                                    uuid:
+                                      description: Security Group UID
+                                      type: string
+                                  type: object
+                                type: array
+                              serverGroupID:
+                                description: The server group to assign the machine
+                                  to
+                                type: string
+                              serverMetadata:
+                                additionalProperties:
+                                  type: string
+                                description: Metadata mapping. Allows you to create
+                                  a map of key value pairs to add to the server instance.
+                                type: object
+                              sshKeyName:
+                                description: The ssh key to inject in the instance
+                                type: string
+                              subnet:
+                                description: UUID, IP address of a port from this
+                                  subnet will be marked as AccessIPv4 on the created
+                                  compute instance
+                                type: string
+                              tags:
+                                description: Machine tags Requires Nova api 2.52 minimum!
+                                items:
+                                  type: string
+                                type: array
+                              trunk:
+                                description: Whether the server instance is created
+                                  on a trunk port or not.
+                                type: boolean
+                            required:
+                            - flavor
+                            type: object
+                        type: object
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      controlPlaneAvailabilityZones:
+                        description: ControlPlaneAvailabilityZones is the az to deploy
+                          control plane to
+                        items:
+                          type: string
+                        type: array
+                      controlPlaneEndpoint:
+                        description: ControlPlaneEndpoint represents the endpoint
+                          used to communicate with the control plane.
+                        properties:
+                          host:
+                            description: The hostname on which the API server is serving.
+                            type: string
+                          port:
+                            description: The port on which the API server is serving.
+                            format: int32
+                            type: integer
+                        required:
+                        - host
+                        - port
+                        type: object
+                      disableAPIServerFloatingIP:
+                        description: DisableAPIServerFloatingIP determines whether
+                          or not to attempt to attach a floating IP to the API server.
+                          This allows for the creation of clusters when attaching
+                          a floating IP to the API server (and hence, in many cases,
+                          exposing the API server to the internet) is not possible
+                          or desirable, e.g. if using a shared VLAN for communication
+                          between management and workload clusters or when the management
+                          cluster is inside the project network. This option requires
+                          that the API server use a VIP on the cluster network so
+                          that the underlying machines can change without changing
+                          ControlPlaneEndpoint.Host. When using a managed load balancer,
+                          this VIP will be managed automatically. If not using a managed
+                          load balancer, cluster configuration will fail without additional
+                          configuration to manage the VIP on the control plane machines,
+                          which falls outside of the scope of this controller.
+                        type: boolean
+                      disablePortSecurity:
+                        description: DisablePortSecurity disables the port security
+                          of the network created for the Kubernetes cluster, which
+                          also disables SecurityGroups
+                        type: boolean
+                      dnsNameservers:
+                        description: DNSNameservers is the list of nameservers for
+                          OpenStack Subnet being created. Set this value when you
+                          need create a new network/subnet while the access through
+                          DNS is required.
+                        items:
+                          type: string
+                        type: array
+                      externalNetworkId:
+                        description: ExternalNetworkID is the ID of an external OpenStack
+                          Network. This is necessary to get public internet to the
+                          VMs.
+                        type: string
+                      externalRouterIPs:
+                        description: ExternalRouterIPs is an array of externalIPs
+                          on the respective subnets. This is necessary if the router
+                          needs a fixed ip in a specific subnet.
+                        items:
+                          properties:
+                            fixedIP:
+                              description: The FixedIP in the corresponding subnet
+                              type: string
+                            subnet:
+                              description: The subnet in which the FixedIP is used
+                                for the Gateway of this router
+                              properties:
+                                filter:
+                                  description: Filters for optional subnet query
+                                  properties:
+                                    cidr:
+                                      type: string
+                                    description:
+                                      type: string
+                                    gateway_ip:
+                                      type: string
+                                    id:
+                                      type: string
+                                    ipVersion:
+                                      type: integer
+                                    ipv6AddressMode:
+                                      type: string
+                                    ipv6RaMode:
+                                      type: string
+                                    name:
+                                      type: string
+                                    notTags:
+                                      type: string
+                                    notTagsAny:
+                                      type: string
+                                    projectId:
+                                      type: string
+                                    tags:
+                                      type: string
+                                    tagsAny:
+                                      type: string
+                                  type: object
+                                uuid:
+                                  description: Optional UUID of the subnet. If specified
+                                    this will not be validated prior to server creation.
+                                    If specified, the enclosing `NetworkParam` must
+                                    also be specified by UUID.
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      managedSecurityGroups:
+                        description: ManagedSecurityGroups determines whether OpenStack
+                          security groups for the cluster will be managed by the OpenStack
+                          provider or whether pre-existing security groups will be
+                          specified as part of the configuration. By default, the
+                          managed security groups have rules that allow the Kubelet,
+                          etcd, the Kubernetes API server and the Calico CNI plugin
+                          to function correctly.
+                        type: boolean
+                      network:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      nodeCidr:
+                        description: NodeCIDR is the OpenStack Subnet to be created.
+                          Cluster actuator will create a network, a subnet with NodeCIDR,
+                          and a router connected to this subnet. If you leave this
+                          empty, no network will be created.
+                        type: string
+                      subnet:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing subnet.
+                        properties:
+                          cidr:
+                            type: string
+                          description:
+                            type: string
+                          gateway_ip:
+                            type: string
+                          id:
+                            type: string
+                          ipVersion:
+                            type: integer
+                          ipv6AddressMode:
+                            type: string
+                          ipv6RaMode:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      tags:
+                        description: Tags for all resources in cluster
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha6
+    schema:
+      openAPIV3Schema:
+        description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackClusterTemplateSpec defines the desired state of
+              OpenStackClusterTemplate.
+            properties:
+              template:
+                description: OpenStackClusterTemplateResource describes the data needed
+                  to create a OpenStackCluster from a template.
+                properties:
+                  spec:
+                    description: OpenStackClusterSpec defines the desired state of
+                      OpenStackCluster.
+                    properties:
+                      allowAllInClusterTraffic:
+                        description: AllowAllInClusterTraffic is only used when managed
+                          security groups are in use. If set to true, the rules for
+                          the managed security groups are configured so that all ingress
+                          and egress between cluster nodes is permitted, allowing
+                          CNIs other than Calico to be used.
+                        type: boolean
+                      apiServerFixedIP:
+                        description: APIServerFixedIP is the fixed IP which will be
+                          associated with the API server. In the case where the API
+                          server has a floating IP but not a managed load balancer,
+                          this field is not used. If a managed load balancer is used
+                          and this field is not specified, a fixed IP will be dynamically
+                          allocated for the load balancer. If a managed load balancer
+                          is not used AND the API server floating IP is disabled,
+                          this field MUST be specified and should correspond to a
+                          pre-allocated port that holds the fixed IP to be used as
+                          a VIP.
+                        type: string
+                      apiServerFloatingIP:
+                        description: APIServerFloatingIP is the floatingIP which will
+                          be associated with the API server. The floatingIP will be
+                          created if it does not already exist. If not specified,
+                          a new floatingIP is allocated. This field is not used if
+                          DisableAPIServerFloatingIP is set to true.
+                        type: string
+                      apiServerLoadBalancer:
+                        description: 'APIServerLoadBalancer configures the optional
+                          LoadBalancer for the APIServer. It must be activated by
+                          setting `enabled: true`.'
+                        properties:
+                          additionalPorts:
+                            description: AdditionalPorts adds additional tcp ports
+                              to the load balancer.
+                            items:
+                              type: integer
+                            type: array
+                          allowedCidrs:
+                            description: AllowedCIDRs restrict access to all API-Server
+                              listeners to the given address CIDRs.
+                            items:
+                              type: string
+                            type: array
+                          enabled:
+                            description: Enabled defines whether a load balancer should
+                              be created.
+                            type: boolean
+                        type: object
+                      apiServerPort:
+                        description: APIServerPort is the port on which the listener
+                          on the APIServer will be created
+                        type: integer
+                      bastion:
+                        description: "Bastion is the OpenStack instance to login the
+                          nodes \n As a rolling update is not ideal during a bastion
+                          host session, we prevent changes to a running bastion configuration.
+                          Set `enabled: false` to make changes."
+                        properties:
+                          availabilityZone:
+                            type: string
+                          enabled:
+                            type: boolean
+                          instance:
+                            description: Instance for the bastion itself
+                            properties:
+                              cloudName:
+                                description: The name of the cloud to use from the
+                                  clouds secret
+                                type: string
+                              configDrive:
+                                description: Config Drive support
+                                type: boolean
+                              flavor:
+                                description: The flavor reference for the flavor for
+                                  your server instance.
+                                type: string
+                              floatingIP:
+                                description: The floatingIP which will be associated
+                                  to the machine, only used for master. The floatingIP
+                                  should have been created and haven't been associated.
+                                type: string
+                              identityRef:
+                                description: IdentityRef is a reference to a identity
+                                  to be used when reconciling this cluster
+                                properties:
+                                  kind:
+                                    description: Kind of the identity. Must be supported
+                                      by the infrastructure provider and may be either
+                                      cluster or namespace-scoped.
+                                    minLength: 1
+                                    type: string
+                                  name:
+                                    description: Name of the infrastructure identity
+                                      to be used. Must be either a cluster-scoped
+                                      resource, or namespaced-scoped resource the
+                                      same namespace as the resource(s) being provisioned.
+                                    type: string
+                                required:
+                                - kind
+                                - name
+                                type: object
+                              image:
+                                description: The name of the image to use for your
+                                  server instance. If the RootVolume is specified,
+                                  this will be ignored and use rootVolume directly.
+                                type: string
+                              imageUUID:
+                                description: The uuid of the image to use for your
+                                  server instance. if it's empty, Image name will
+                                  be used
+                                type: string
+                              instanceID:
+                                description: InstanceID is the OpenStack instance
+                                  ID for this machine.
+                                type: string
+                              networks:
+                                description: A networks object. Required parameter
+                                  when there are multiple networks defined for the
+                                  tenant. When you do not specify both networks and
+                                  ports parameters, the server attaches to the only
+                                  network created for the current tenant.
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters for optional network query
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                      type: object
+                                    fixedIP:
+                                      description: A fixed IPv4 address for the NIC.
+                                      type: string
+                                    subnets:
+                                      description: Subnet within a network to use
+                                      items:
+                                        properties:
+                                          filter:
+                                            description: Filters for optional subnet
+                                              query
+                                            properties:
+                                              cidr:
+                                                type: string
+                                              description:
+                                                type: string
+                                              gateway_ip:
+                                                type: string
+                                              id:
+                                                type: string
+                                              ipVersion:
+                                                type: integer
+                                              ipv6AddressMode:
+                                                type: string
+                                              ipv6RaMode:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                            type: object
+                                          uuid:
+                                            description: Optional UUID of the subnet.
+                                              If specified this will not be validated
+                                              prior to server creation. If specified,
+                                              the enclosing `NetworkParam` must also
+                                              be specified by UUID.
+                                            type: string
+                                        type: object
+                                      type: array
+                                    uuid:
+                                      description: Optional UUID of the network. If
+                                        specified this will not be validated prior
+                                        to server creation. Required if `Subnets`
+                                        specifies a subnet by UUID.
+                                      type: string
+                                  type: object
+                                type: array
+                              ports:
+                                description: Ports to be attached to the server instance.
+                                  They are created if a port with the given name does
+                                  not already exist. When you do not specify both
+                                  networks and ports parameters, the server attaches
+                                  to the only network created for the current tenant.
+                                items:
+                                  properties:
+                                    adminStateUp:
+                                      type: boolean
+                                    allowedAddressPairs:
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          macAddress:
+                                            type: string
+                                        type: object
+                                      type: array
+                                    description:
+                                      type: string
+                                    disablePortSecurity:
+                                      description: DisablePortSecurity enables or
+                                        disables the port security when set. When
+                                        not set, it takes the value of the corresponding
+                                        field at the network level.
+                                      type: boolean
+                                    fixedIPs:
+                                      description: Specify pairs of subnet and/or
+                                        IP address. These should be subnets of the
+                                        network with the given NetworkID.
+                                      items:
+                                        properties:
+                                          ipAddress:
+                                            type: string
+                                          subnet:
+                                            description: Subnet is an openstack subnet
+                                              query that will return the id of a subnet
+                                              to create the fixed IP of a port in.
+                                              This query must not return more than
+                                              one subnet.
+                                            properties:
+                                              cidr:
+                                                type: string
+                                              description:
+                                                type: string
+                                              gateway_ip:
+                                                type: string
+                                              id:
+                                                type: string
+                                              ipVersion:
+                                                type: integer
+                                              ipv6AddressMode:
+                                                type: string
+                                              ipv6RaMode:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                            type: object
+                                        required:
+                                        - subnet
+                                        type: object
+                                      type: array
+                                    hostId:
+                                      description: The ID of the host where the port
+                                        is allocated
+                                      type: string
+                                    macAddress:
+                                      type: string
+                                    nameSuffix:
+                                      description: Used to make the name of the port
+                                        unique. If unspecified, instead the 0-based
+                                        index of the port in the list is used.
+                                      type: string
+                                    network:
+                                      description: Network is a query for an openstack
+                                        network that the port will be created or discovered
+                                        on. This will fail if the query returns more
+                                        than one network.
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                      type: object
+                                    profile:
+                                      additionalProperties:
+                                        type: string
+                                      description: A dictionary that enables the application
+                                        running on the specified host to pass and
+                                        receive virtual network interface (VIF) port-specific
+                                        information to the plug-in.
+                                      type: object
+                                    projectId:
+                                      type: string
+                                    securityGroupFilters:
+                                      description: The names, uuids, filters or any
+                                        combination these of the security groups to
+                                        assign to the instance
+                                      items:
+                                        properties:
+                                          filter:
+                                            description: Filters used to query security
+                                              groups in openstack
+                                            properties:
+                                              description:
+                                                type: string
+                                              id:
+                                                type: string
+                                              limit:
+                                                type: integer
+                                              marker:
+                                                type: string
+                                              name:
+                                                type: string
+                                              notTags:
+                                                type: string
+                                              notTagsAny:
+                                                type: string
+                                              projectId:
+                                                type: string
+                                              sortDir:
+                                                type: string
+                                              sortKey:
+                                                type: string
+                                              tags:
+                                                type: string
+                                              tagsAny:
+                                                type: string
+                                              tenantId:
+                                                type: string
+                                            type: object
+                                          name:
+                                            description: Security Group name
+                                            type: string
+                                          uuid:
+                                            description: Security Group UID
+                                            type: string
+                                        type: object
+                                      type: array
+                                    securityGroups:
+                                      description: The uuids of the security groups
+                                        to assign to the instance
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                    tags:
+                                      description: Tags applied to the port (and corresponding
+                                        trunk, if a trunk is configured.) These tags
+                                        are applied in addition to the instance's
+                                        tags, which will also be applied to the port.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: set
+                                    tenantId:
+                                      type: string
+                                    trunk:
+                                      description: Enables and disables trunk at port
+                                        level. If not provided, openStackMachine.Spec.Trunk
+                                        is inherited.
+                                      type: boolean
+                                    vnicType:
+                                      description: The virtual network interface card
+                                        (vNIC) type that is bound to the neutron port.
+                                      type: string
+                                  type: object
+                                type: array
+                              providerID:
+                                description: ProviderID is the unique identifier as
+                                  specified by the cloud provider.
+                                type: string
+                              rootVolume:
+                                description: The volume metadata to boot from
+                                properties:
+                                  availabilityZone:
+                                    type: string
+                                  diskSize:
+                                    type: integer
+                                  volumeType:
+                                    type: string
+                                type: object
+                              securityGroups:
+                                description: The names of the security groups to assign
+                                  to the instance
+                                items:
+                                  properties:
+                                    filter:
+                                      description: Filters used to query security
+                                        groups in openstack
+                                      properties:
+                                        description:
+                                          type: string
+                                        id:
+                                          type: string
+                                        limit:
+                                          type: integer
+                                        marker:
+                                          type: string
+                                        name:
+                                          type: string
+                                        notTags:
+                                          type: string
+                                        notTagsAny:
+                                          type: string
+                                        projectId:
+                                          type: string
+                                        sortDir:
+                                          type: string
+                                        sortKey:
+                                          type: string
+                                        tags:
+                                          type: string
+                                        tagsAny:
+                                          type: string
+                                        tenantId:
+                                          type: string
+                                      type: object
+                                    name:
+                                      description: Security Group name
+                                      type: string
+                                    uuid:
+                                      description: Security Group UID
+                                      type: string
+                                  type: object
+                                type: array
+                              serverGroupID:
+                                description: The server group to assign the machine
+                                  to
+                                type: string
+                              serverMetadata:
+                                additionalProperties:
+                                  type: string
+                                description: Metadata mapping. Allows you to create
+                                  a map of key value pairs to add to the server instance.
+                                type: object
+                              sshKeyName:
+                                description: The ssh key to inject in the instance
+                                type: string
+                              subnet:
+                                description: UUID, IP address of a port from this
+                                  subnet will be marked as AccessIPv4 on the created
+                                  compute instance
+                                type: string
+                              tags:
+                                description: Machine tags Requires Nova api 2.52 minimum!
+                                items:
+                                  type: string
+                                type: array
+                                x-kubernetes-list-type: set
+                              trunk:
+                                description: Whether the server instance is created
+                                  on a trunk port or not.
+                                type: boolean
+                            required:
+                            - flavor
+                            type: object
+                        type: object
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      controlPlaneAvailabilityZones:
+                        description: ControlPlaneAvailabilityZones is the az to deploy
+                          control plane to
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      controlPlaneEndpoint:
+                        description: ControlPlaneEndpoint represents the endpoint
+                          used to communicate with the control plane.
+                        properties:
+                          host:
+                            description: The hostname on which the API server is serving.
+                            type: string
+                          port:
+                            description: The port on which the API server is serving.
+                            format: int32
+                            type: integer
+                        required:
+                        - host
+                        - port
+                        type: object
+                      controlPlaneOmitAvailabilityZone:
+                        description: Indicates whether to omit the az for control
+                          plane nodes, allowing the Nova scheduler to make a decision
+                          on which az to use based on other scheduling constraints
+                        type: boolean
+                      disableAPIServerFloatingIP:
+                        description: DisableAPIServerFloatingIP determines whether
+                          or not to attempt to attach a floating IP to the API server.
+                          This allows for the creation of clusters when attaching
+                          a floating IP to the API server (and hence, in many cases,
+                          exposing the API server to the internet) is not possible
+                          or desirable, e.g. if using a shared VLAN for communication
+                          between management and workload clusters or when the management
+                          cluster is inside the project network. This option requires
+                          that the API server use a VIP on the cluster network so
+                          that the underlying machines can change without changing
+                          ControlPlaneEndpoint.Host. When using a managed load balancer,
+                          this VIP will be managed automatically. If not using a managed
+                          load balancer, cluster configuration will fail without additional
+                          configuration to manage the VIP on the control plane machines,
+                          which falls outside of the scope of this controller.
+                        type: boolean
+                      disablePortSecurity:
+                        description: DisablePortSecurity disables the port security
+                          of the network created for the Kubernetes cluster, which
+                          also disables SecurityGroups
+                        type: boolean
+                      dnsNameservers:
+                        description: DNSNameservers is the list of nameservers for
+                          OpenStack Subnet being created. Set this value when you
+                          need create a new network/subnet while the access through
+                          DNS is required.
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      externalNetworkId:
+                        description: ExternalNetworkID is the ID of an external OpenStack
+                          Network. This is necessary to get public internet to the
+                          VMs.
+                        type: string
+                      externalRouterIPs:
+                        description: ExternalRouterIPs is an array of externalIPs
+                          on the respective subnets. This is necessary if the router
+                          needs a fixed ip in a specific subnet.
+                        items:
+                          properties:
+                            fixedIP:
+                              description: The FixedIP in the corresponding subnet
+                              type: string
+                            subnet:
+                              description: The subnet in which the FixedIP is used
+                                for the Gateway of this router
+                              properties:
+                                filter:
+                                  description: Filters for optional subnet query
+                                  properties:
+                                    cidr:
+                                      type: string
+                                    description:
+                                      type: string
+                                    gateway_ip:
+                                      type: string
+                                    id:
+                                      type: string
+                                    ipVersion:
+                                      type: integer
+                                    ipv6AddressMode:
+                                      type: string
+                                    ipv6RaMode:
+                                      type: string
+                                    name:
+                                      type: string
+                                    notTags:
+                                      type: string
+                                    notTagsAny:
+                                      type: string
+                                    projectId:
+                                      type: string
+                                    tags:
+                                      type: string
+                                    tagsAny:
+                                      type: string
+                                  type: object
+                                uuid:
+                                  description: Optional UUID of the subnet. If specified
+                                    this will not be validated prior to server creation.
+                                    If specified, the enclosing `NetworkParam` must
+                                    also be specified by UUID.
+                                  type: string
+                              type: object
+                          required:
+                          - subnet
+                          type: object
+                        type: array
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      managedSecurityGroups:
+                        description: ManagedSecurityGroups determines whether OpenStack
+                          security groups for the cluster will be managed by the OpenStack
+                          provider or whether pre-existing security groups will be
+                          specified as part of the configuration. By default, the
+                          managed security groups have rules that allow the Kubelet,
+                          etcd, the Kubernetes API server and the Calico CNI plugin
+                          to function correctly.
+                        type: boolean
+                      network:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing network.
+                        properties:
+                          description:
+                            type: string
+                          id:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      nodeCidr:
+                        description: NodeCIDR is the OpenStack Subnet to be created.
+                          Cluster actuator will create a network, a subnet with NodeCIDR,
+                          and a router connected to this subnet. If you leave this
+                          empty, no network will be created.
+                        type: string
+                      subnet:
+                        description: If NodeCIDR cannot be set this can be used to
+                          detect an existing subnet.
+                        properties:
+                          cidr:
+                            type: string
+                          description:
+                            type: string
+                          gateway_ip:
+                            type: string
+                          id:
+                            type: string
+                          ipVersion:
+                            type: integer
+                          ipv6AddressMode:
+                            type: string
+                          ipv6RaMode:
+                            type: string
+                          name:
+                            type: string
+                          notTags:
+                            type: string
+                          notTagsAny:
+                            type: string
+                          projectId:
+                            type: string
+                          tags:
+                            type: string
+                          tagsAny:
+                            type: string
+                        type: object
+                      tags:
+                        description: Tags for all resources in cluster
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+    controller-gen.kubebuilder.io/version: v0.9.2
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+  name: openstackmachines.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capo-webhook-service
+          namespace: capo-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: OpenStackMachine
+    listKind: OpenStackMachineList
+    plural: openstackmachines
+    shortNames:
+    - osm
+    singular: openstackmachine
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: OpenStack instance state
+      jsonPath: .status.instanceState
+      name: InstanceState
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: OpenStack instance ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine object which owns with this OpenStackMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    - description: Time duration since creation of OpenStackMachine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachine is the Schema for the openstackmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+            properties:
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              cloudsSecret:
+                description: The name of the secret containing the openstack credentials
+                properties:
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+              configDrive:
+                description: Config Drive support
+                type: boolean
+              flavor:
+                description: The flavor reference for the flavor for your server instance.
+                type: string
+              floatingIP:
+                description: The floatingIP which will be associated to the machine,
+                  only used for master. The floatingIP should have been created and
+                  haven't been associated.
+                type: string
+              image:
+                description: The name of the image to use for your server instance.
+                  If the RootVolume is specified, this will be ignored and use rootVolume
+                  directly.
+                type: string
+              instanceID:
+                description: InstanceID is the OpenStack instance ID for this machine.
+                type: string
+              networks:
+                description: A networks object. Required parameter when there are
+                  multiple networks defined for the tenant. When you do not specify
+                  the networks parameter, the server attaches to the only network
+                  created for the current tenant.
+                items:
+                  properties:
+                    filter:
+                      description: Filters for optional network query
+                      properties:
+                        adminStateUp:
+                          type: boolean
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        shared:
+                          type: boolean
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        status:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    fixedIp:
+                      description: A fixed IPv4 address for the NIC.
+                      type: string
+                    subnets:
+                      description: Subnet within a network to use
+                      items:
+                        properties:
+                          filter:
+                            description: Filters for optional network query
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              enableDhcp:
+                                type: boolean
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              limit:
+                                type: integer
+                              marker:
+                                type: string
+                              name:
+                                type: string
+                              networkId:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              sortDir:
+                                type: string
+                              sortKey:
+                                type: string
+                              subnetpoolId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                              tenantId:
+                                type: string
+                            type: object
+                          uuid:
+                            description: The UUID of the network. Required if you
+                              omit the port attribute.
+                            type: string
+                        type: object
+                      type: array
+                    uuid:
+                      description: The UUID of the network. Required if you omit the
+                        port attribute.
+                      type: string
+                  type: object
+                type: array
+              providerID:
+                description: ProviderID is the unique identifier as specified by the
+                  cloud provider.
+                type: string
+              rootVolume:
+                description: The volume metadata to boot from
+                properties:
+                  deviceType:
+                    type: string
+                  diskSize:
+                    type: integer
+                  sourceType:
+                    type: string
+                  sourceUUID:
+                    type: string
+                type: object
+              securityGroups:
+                description: The names of the security groups to assign to the instance
+                items:
+                  properties:
+                    filter:
+                      description: Filters used to query security groups in openstack
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    name:
+                      description: Security Group name
+                      type: string
+                    uuid:
+                      description: Security Group UID
+                      type: string
+                  type: object
+                type: array
+              serverGroupID:
+                description: The server group to assign the machine to
+                type: string
+              serverMetadata:
+                additionalProperties:
+                  type: string
+                description: Metadata mapping. Allows you to create a map of key value
+                  pairs to add to the server instance.
+                type: object
+              sshKeyName:
+                description: The ssh key to inject in the instance
+                type: string
+              subnet:
+                description: UUID, IP address of a port from this subnet will be marked
+                  as AccessIPv4 on the created compute instance
+                type: string
+              tags:
+                description: Machine tags Requires Nova api 2.52 minimum!
+                items:
+                  type: string
+                type: array
+              trunk:
+                description: Whether the server instance is created on a trunk port
+                  or not.
+                type: boolean
+              userDataSecret:
+                description: The name of the secret containing the user data (startup
+                  script in most cases)
+                properties:
+                  name:
+                    description: name is unique within a namespace to reference a
+                      secret resource.
+                    type: string
+                  namespace:
+                    description: namespace defines the space within which the secret
+                      name must be unique.
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
+            required:
+            - flavor
+            type: object
+          status:
+            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+            properties:
+              addresses:
+                description: Addresses contains the OpenStack instance associated
+                  addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              errorMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              errorReason:
+                description: MachineStatusError defines errors states for Machine
+                  objects.
+                type: string
+              instanceState:
+                description: InstanceState is the state of the OpenStack instance
+                  for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: OpenStack instance state
+      jsonPath: .status.instanceState
+      name: InstanceState
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: OpenStack instance ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine object which owns with this OpenStackMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    - description: Time duration since creation of OpenStackMachine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachine is the Schema for the openstackmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+            properties:
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              configDrive:
+                description: Config Drive support
+                type: boolean
+              flavor:
+                description: The flavor reference for the flavor for your server instance.
+                type: string
+              floatingIP:
+                description: The floatingIP which will be associated to the machine,
+                  only used for master. The floatingIP should have been created and
+                  haven't been associated.
+                type: string
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              image:
+                description: The name of the image to use for your server instance.
+                  If the RootVolume is specified, this will be ignored and use rootVolume
+                  directly.
+                type: string
+              instanceID:
+                description: InstanceID is the OpenStack instance ID for this machine.
+                type: string
+              networks:
+                description: A networks object. Required parameter when there are
+                  multiple networks defined for the tenant. When you do not specify
+                  both networks and ports parameters, the server attaches to the only
+                  network created for the current tenant.
+                items:
+                  properties:
+                    filter:
+                      description: Filters for optional network query
+                      properties:
+                        adminStateUp:
+                          type: boolean
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        shared:
+                          type: boolean
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        status:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    fixedIP:
+                      description: A fixed IPv4 address for the NIC.
+                      type: string
+                    subnets:
+                      description: Subnet within a network to use
+                      items:
+                        properties:
+                          filter:
+                            description: Filters for optional subnet query
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              enableDhcp:
+                                type: boolean
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              limit:
+                                type: integer
+                              marker:
+                                type: string
+                              name:
+                                type: string
+                              networkId:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              sortDir:
+                                type: string
+                              sortKey:
+                                type: string
+                              subnetpoolId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                              tenantId:
+                                type: string
+                            type: object
+                          uuid:
+                            description: Optional UUID of the subnet. If specified
+                              this will not be validated prior to server creation.
+                              If specified, the enclosing `NetworkParam` must also
+                              be specified by UUID.
+                            type: string
+                        type: object
+                      type: array
+                    uuid:
+                      description: Optional UUID of the network. If specified this
+                        will not be validated prior to server creation. Required if
+                        `Subnets` specifies a subnet by UUID.
+                      type: string
+                  type: object
+                type: array
+              ports:
+                description: Ports to be attached to the server instance. They are
+                  created if a port with the given name does not already exist. When
+                  you do not specify both networks and ports parameters, the server
+                  attaches to the only network created for the current tenant.
+                items:
+                  properties:
+                    adminStateUp:
+                      type: boolean
+                    allowedAddressPairs:
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          macAddress:
+                            type: string
+                        type: object
+                      type: array
+                    description:
+                      type: string
+                    disablePortSecurity:
+                      description: DisablePortSecurity enables or disables the port
+                        security when set. When not set, it takes the value of the
+                        corresponding field at the network level.
+                      type: boolean
+                    fixedIPs:
+                      description: Specify pairs of subnet and/or IP address. These
+                        should be subnets of the network with the given NetworkID.
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          subnetId:
+                            type: string
+                        required:
+                        - subnetId
+                        type: object
+                      type: array
+                    hostId:
+                      description: The ID of the host where the port is allocated
+                      type: string
+                    macAddress:
+                      type: string
+                    nameSuffix:
+                      description: Used to make the name of the port unique. If unspecified,
+                        instead the 0-based index of the port in the list is used.
+                      type: string
+                    networkId:
+                      description: ID of the OpenStack network on which to create
+                        the port. If unspecified, create the port on the default cluster
+                        network.
+                      type: string
+                    profile:
+                      additionalProperties:
+                        type: string
+                      description: A dictionary that enables the application running
+                        on the specified host to pass and receive virtual network
+                        interface (VIF) port-specific information to the plug-in.
+                      type: object
+                    projectId:
+                      type: string
+                    securityGroups:
+                      items:
+                        type: string
+                      type: array
+                    tags:
+                      description: Tags applied to the port (and corresponding trunk,
+                        if a trunk is configured.) These tags are applied in addition
+                        to the instance's tags, which will also be applied to the
+                        port.
+                      items:
+                        type: string
+                      type: array
+                    tenantId:
+                      type: string
+                    trunk:
+                      description: Enables and disables trunk at port level. If not
+                        provided, openStackMachine.Spec.Trunk is inherited.
+                      type: boolean
+                    vnicType:
+                      description: The virtual network interface card (vNIC) type
+                        that is bound to the neutron port.
+                      type: string
+                  type: object
+                type: array
+              providerID:
+                description: ProviderID is the unique identifier as specified by the
+                  cloud provider.
+                type: string
+              rootVolume:
+                description: The volume metadata to boot from
+                properties:
+                  deviceType:
+                    type: string
+                  diskSize:
+                    type: integer
+                  sourceType:
+                    type: string
+                  sourceUUID:
+                    type: string
+                type: object
+              securityGroups:
+                description: The names of the security groups to assign to the instance
+                items:
+                  properties:
+                    filter:
+                      description: Filters used to query security groups in openstack
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    name:
+                      description: Security Group name
+                      type: string
+                    uuid:
+                      description: Security Group UID
+                      type: string
+                  type: object
+                type: array
+              serverGroupID:
+                description: The server group to assign the machine to
+                type: string
+              serverMetadata:
+                additionalProperties:
+                  type: string
+                description: Metadata mapping. Allows you to create a map of key value
+                  pairs to add to the server instance.
+                type: object
+              sshKeyName:
+                description: The ssh key to inject in the instance
+                type: string
+              subnet:
+                description: UUID, IP address of a port from this subnet will be marked
+                  as AccessIPv4 on the created compute instance
+                type: string
+              tags:
+                description: Machine tags Requires Nova api 2.52 minimum!
+                items:
+                  type: string
+                type: array
+              trunk:
+                description: Whether the server instance is created on a trunk port
+                  or not.
+                type: boolean
+            required:
+            - flavor
+            type: object
+          status:
+            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+            properties:
+              addresses:
+                description: Addresses contains the OpenStack instance associated
+                  addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              errorMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              errorReason:
+                description: MachineStatusError defines errors states for Machine
+                  objects.
+                type: string
+              instanceState:
+                description: InstanceState is the state of the OpenStack instance
+                  for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: OpenStack instance state
+      jsonPath: .status.instanceState
+      name: InstanceState
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: OpenStack instance ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine object which owns with this OpenStackMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    - description: Time duration since creation of OpenStackMachine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha5
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachine is the Schema for the openstackmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+            properties:
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              configDrive:
+                description: Config Drive support
+                type: boolean
+              flavor:
+                description: The flavor reference for the flavor for your server instance.
+                type: string
+              floatingIP:
+                description: The floatingIP which will be associated to the machine,
+                  only used for master. The floatingIP should have been created and
+                  haven't been associated.
+                type: string
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              image:
+                description: The name of the image to use for your server instance.
+                  If the RootVolume is specified, this will be ignored and use rootVolume
+                  directly.
+                type: string
+              imageUUID:
+                description: The uuid of the image to use for your server instance.
+                  if it's empty, Image name will be used
+                type: string
+              instanceID:
+                description: InstanceID is the OpenStack instance ID for this machine.
+                type: string
+              networks:
+                description: A networks object. Required parameter when there are
+                  multiple networks defined for the tenant. When you do not specify
+                  both networks and ports parameters, the server attaches to the only
+                  network created for the current tenant.
+                items:
+                  properties:
+                    filter:
+                      description: Filters for optional network query
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                      type: object
+                    fixedIP:
+                      description: A fixed IPv4 address for the NIC.
+                      type: string
+                    subnets:
+                      description: Subnet within a network to use
+                      items:
+                        properties:
+                          filter:
+                            description: Filters for optional subnet query
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                            type: object
+                          uuid:
+                            description: Optional UUID of the subnet. If specified
+                              this will not be validated prior to server creation.
+                              If specified, the enclosing `NetworkParam` must also
+                              be specified by UUID.
+                            type: string
+                        type: object
+                      type: array
+                    uuid:
+                      description: Optional UUID of the network. If specified this
+                        will not be validated prior to server creation. Required if
+                        `Subnets` specifies a subnet by UUID.
+                      type: string
+                  type: object
+                type: array
+              ports:
+                description: Ports to be attached to the server instance. They are
+                  created if a port with the given name does not already exist. When
+                  you do not specify both networks and ports parameters, the server
+                  attaches to the only network created for the current tenant.
+                items:
+                  properties:
+                    adminStateUp:
+                      type: boolean
+                    allowedAddressPairs:
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          macAddress:
+                            type: string
+                        type: object
+                      type: array
+                    description:
+                      type: string
+                    disablePortSecurity:
+                      description: DisablePortSecurity enables or disables the port
+                        security when set. When not set, it takes the value of the
+                        corresponding field at the network level.
+                      type: boolean
+                    fixedIPs:
+                      description: Specify pairs of subnet and/or IP address. These
+                        should be subnets of the network with the given NetworkID.
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          subnet:
+                            description: Subnet is an openstack subnet query that
+                              will return the id of a subnet to create the fixed IP
+                              of a port in. This query must not return more than one
+                              subnet.
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                            type: object
+                        required:
+                        - subnet
+                        type: object
+                      type: array
+                    hostId:
+                      description: The ID of the host where the port is allocated
+                      type: string
+                    macAddress:
+                      type: string
+                    nameSuffix:
+                      description: Used to make the name of the port unique. If unspecified,
+                        instead the 0-based index of the port in the list is used.
+                      type: string
+                    network:
+                      description: Network is a query for an openstack network that
+                        the port will be created or discovered on. This will fail
+                        if the query returns more than one network.
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                      type: object
+                    profile:
+                      additionalProperties:
+                        type: string
+                      description: A dictionary that enables the application running
+                        on the specified host to pass and receive virtual network
+                        interface (VIF) port-specific information to the plug-in.
+                      type: object
+                    projectId:
+                      type: string
+                    securityGroupFilters:
+                      description: The names, uuids, filters or any combination these
+                        of the security groups to assign to the instance
+                      items:
+                        properties:
+                          filter:
+                            description: Filters used to query security groups in
+                              openstack
+                            properties:
+                              description:
+                                type: string
+                              id:
+                                type: string
+                              limit:
+                                type: integer
+                              marker:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              sortDir:
+                                type: string
+                              sortKey:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                              tenantId:
+                                type: string
+                            type: object
+                          name:
+                            description: Security Group name
+                            type: string
+                          uuid:
+                            description: Security Group UID
+                            type: string
+                        type: object
+                      type: array
+                    securityGroups:
+                      description: The uuids of the security groups to assign to the
+                        instance
+                      items:
+                        type: string
+                      type: array
+                    tags:
+                      description: Tags applied to the port (and corresponding trunk,
+                        if a trunk is configured.) These tags are applied in addition
+                        to the instance's tags, which will also be applied to the
+                        port.
+                      items:
+                        type: string
+                      type: array
+                    tenantId:
+                      type: string
+                    trunk:
+                      description: Enables and disables trunk at port level. If not
+                        provided, openStackMachine.Spec.Trunk is inherited.
+                      type: boolean
+                    vnicType:
+                      description: The virtual network interface card (vNIC) type
+                        that is bound to the neutron port.
+                      type: string
+                  type: object
+                type: array
+              providerID:
+                description: ProviderID is the unique identifier as specified by the
+                  cloud provider.
+                type: string
+              rootVolume:
+                description: The volume metadata to boot from
+                properties:
+                  availabilityZone:
+                    type: string
+                  diskSize:
+                    type: integer
+                  volumeType:
+                    type: string
+                type: object
+              securityGroups:
+                description: The names of the security groups to assign to the instance
+                items:
+                  properties:
+                    filter:
+                      description: Filters used to query security groups in openstack
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    name:
+                      description: Security Group name
+                      type: string
+                    uuid:
+                      description: Security Group UID
+                      type: string
+                  type: object
+                type: array
+              serverGroupID:
+                description: The server group to assign the machine to
+                type: string
+              serverMetadata:
+                additionalProperties:
+                  type: string
+                description: Metadata mapping. Allows you to create a map of key value
+                  pairs to add to the server instance.
+                type: object
+              sshKeyName:
+                description: The ssh key to inject in the instance
+                type: string
+              subnet:
+                description: UUID, IP address of a port from this subnet will be marked
+                  as AccessIPv4 on the created compute instance
+                type: string
+              tags:
+                description: Machine tags Requires Nova api 2.52 minimum!
+                items:
+                  type: string
+                type: array
+              trunk:
+                description: Whether the server instance is created on a trunk port
+                  or not.
+                type: boolean
+            required:
+            - flavor
+            type: object
+          status:
+            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+            properties:
+              addresses:
+                description: Addresses contains the OpenStack instance associated
+                  addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: MachineStatusError defines errors states for Machine
+                  objects.
+                type: string
+              instanceState:
+                description: InstanceState is the state of the OpenStack instance
+                  for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - description: Cluster to which this OpenStackMachine belongs
+      jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+      name: Cluster
+      type: string
+    - description: OpenStack instance state
+      jsonPath: .status.instanceState
+      name: InstanceState
+      type: string
+    - description: Machine ready status
+      jsonPath: .status.ready
+      name: Ready
+      type: string
+    - description: OpenStack instance ID
+      jsonPath: .spec.providerID
+      name: ProviderID
+      type: string
+    - description: Machine object which owns with this OpenStackMachine
+      jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+      name: Machine
+      type: string
+    - description: Time duration since creation of OpenStackMachine
+      jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha6
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachine is the Schema for the openstackmachines API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+            properties:
+              cloudName:
+                description: The name of the cloud to use from the clouds secret
+                type: string
+              configDrive:
+                description: Config Drive support
+                type: boolean
+              flavor:
+                description: The flavor reference for the flavor for your server instance.
+                type: string
+              floatingIP:
+                description: The floatingIP which will be associated to the machine,
+                  only used for master. The floatingIP should have been created and
+                  haven't been associated.
+                type: string
+              identityRef:
+                description: IdentityRef is a reference to a identity to be used when
+                  reconciling this cluster
+                properties:
+                  kind:
+                    description: Kind of the identity. Must be supported by the infrastructure
+                      provider and may be either cluster or namespace-scoped.
+                    minLength: 1
+                    type: string
+                  name:
+                    description: Name of the infrastructure identity to be used. Must
+                      be either a cluster-scoped resource, or namespaced-scoped resource
+                      the same namespace as the resource(s) being provisioned.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              image:
+                description: The name of the image to use for your server instance.
+                  If the RootVolume is specified, this will be ignored and use rootVolume
+                  directly.
+                type: string
+              imageUUID:
+                description: The uuid of the image to use for your server instance.
+                  if it's empty, Image name will be used
+                type: string
+              instanceID:
+                description: InstanceID is the OpenStack instance ID for this machine.
+                type: string
+              networks:
+                description: A networks object. Required parameter when there are
+                  multiple networks defined for the tenant. When you do not specify
+                  both networks and ports parameters, the server attaches to the only
+                  network created for the current tenant.
+                items:
+                  properties:
+                    filter:
+                      description: Filters for optional network query
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                      type: object
+                    fixedIP:
+                      description: A fixed IPv4 address for the NIC.
+                      type: string
+                    subnets:
+                      description: Subnet within a network to use
+                      items:
+                        properties:
+                          filter:
+                            description: Filters for optional subnet query
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                            type: object
+                          uuid:
+                            description: Optional UUID of the subnet. If specified
+                              this will not be validated prior to server creation.
+                              If specified, the enclosing `NetworkParam` must also
+                              be specified by UUID.
+                            type: string
+                        type: object
+                      type: array
+                    uuid:
+                      description: Optional UUID of the network. If specified this
+                        will not be validated prior to server creation. Required if
+                        `Subnets` specifies a subnet by UUID.
+                      type: string
+                  type: object
+                type: array
+              ports:
+                description: Ports to be attached to the server instance. They are
+                  created if a port with the given name does not already exist. When
+                  you do not specify both networks and ports parameters, the server
+                  attaches to the only network created for the current tenant.
+                items:
+                  properties:
+                    adminStateUp:
+                      type: boolean
+                    allowedAddressPairs:
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          macAddress:
+                            type: string
+                        type: object
+                      type: array
+                    description:
+                      type: string
+                    disablePortSecurity:
+                      description: DisablePortSecurity enables or disables the port
+                        security when set. When not set, it takes the value of the
+                        corresponding field at the network level.
+                      type: boolean
+                    fixedIPs:
+                      description: Specify pairs of subnet and/or IP address. These
+                        should be subnets of the network with the given NetworkID.
+                      items:
+                        properties:
+                          ipAddress:
+                            type: string
+                          subnet:
+                            description: Subnet is an openstack subnet query that
+                              will return the id of a subnet to create the fixed IP
+                              of a port in. This query must not return more than one
+                              subnet.
+                            properties:
+                              cidr:
+                                type: string
+                              description:
+                                type: string
+                              gateway_ip:
+                                type: string
+                              id:
+                                type: string
+                              ipVersion:
+                                type: integer
+                              ipv6AddressMode:
+                                type: string
+                              ipv6RaMode:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                            type: object
+                        required:
+                        - subnet
+                        type: object
+                      type: array
+                    hostId:
+                      description: The ID of the host where the port is allocated
+                      type: string
+                    macAddress:
+                      type: string
+                    nameSuffix:
+                      description: Used to make the name of the port unique. If unspecified,
+                        instead the 0-based index of the port in the list is used.
+                      type: string
+                    network:
+                      description: Network is a query for an openstack network that
+                        the port will be created or discovered on. This will fail
+                        if the query returns more than one network.
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                      type: object
+                    profile:
+                      additionalProperties:
+                        type: string
+                      description: A dictionary that enables the application running
+                        on the specified host to pass and receive virtual network
+                        interface (VIF) port-specific information to the plug-in.
+                      type: object
+                    projectId:
+                      type: string
+                    securityGroupFilters:
+                      description: The names, uuids, filters or any combination these
+                        of the security groups to assign to the instance
+                      items:
+                        properties:
+                          filter:
+                            description: Filters used to query security groups in
+                              openstack
+                            properties:
+                              description:
+                                type: string
+                              id:
+                                type: string
+                              limit:
+                                type: integer
+                              marker:
+                                type: string
+                              name:
+                                type: string
+                              notTags:
+                                type: string
+                              notTagsAny:
+                                type: string
+                              projectId:
+                                type: string
+                              sortDir:
+                                type: string
+                              sortKey:
+                                type: string
+                              tags:
+                                type: string
+                              tagsAny:
+                                type: string
+                              tenantId:
+                                type: string
+                            type: object
+                          name:
+                            description: Security Group name
+                            type: string
+                          uuid:
+                            description: Security Group UID
+                            type: string
+                        type: object
+                      type: array
+                    securityGroups:
+                      description: The uuids of the security groups to assign to the
+                        instance
+                      items:
+                        type: string
+                      type: array
+                      x-kubernetes-list-type: set
+                    tags:
+                      description: Tags applied to the port (and corresponding trunk,
+                        if a trunk is configured.) These tags are applied in addition
+                        to the instance's tags, which will also be applied to the
+                        port.
+                      items:
+                        type: string
+                      type: array
+                      x-kubernetes-list-type: set
+                    tenantId:
+                      type: string
+                    trunk:
+                      description: Enables and disables trunk at port level. If not
+                        provided, openStackMachine.Spec.Trunk is inherited.
+                      type: boolean
+                    vnicType:
+                      description: The virtual network interface card (vNIC) type
+                        that is bound to the neutron port.
+                      type: string
+                  type: object
+                type: array
+              providerID:
+                description: ProviderID is the unique identifier as specified by the
+                  cloud provider.
+                type: string
+              rootVolume:
+                description: The volume metadata to boot from
+                properties:
+                  availabilityZone:
+                    type: string
+                  diskSize:
+                    type: integer
+                  volumeType:
+                    type: string
+                type: object
+              securityGroups:
+                description: The names of the security groups to assign to the instance
+                items:
+                  properties:
+                    filter:
+                      description: Filters used to query security groups in openstack
+                      properties:
+                        description:
+                          type: string
+                        id:
+                          type: string
+                        limit:
+                          type: integer
+                        marker:
+                          type: string
+                        name:
+                          type: string
+                        notTags:
+                          type: string
+                        notTagsAny:
+                          type: string
+                        projectId:
+                          type: string
+                        sortDir:
+                          type: string
+                        sortKey:
+                          type: string
+                        tags:
+                          type: string
+                        tagsAny:
+                          type: string
+                        tenantId:
+                          type: string
+                      type: object
+                    name:
+                      description: Security Group name
+                      type: string
+                    uuid:
+                      description: Security Group UID
+                      type: string
+                  type: object
+                type: array
+              serverGroupID:
+                description: The server group to assign the machine to
+                type: string
+              serverMetadata:
+                additionalProperties:
+                  type: string
+                description: Metadata mapping. Allows you to create a map of key value
+                  pairs to add to the server instance.
+                type: object
+              sshKeyName:
+                description: The ssh key to inject in the instance
+                type: string
+              subnet:
+                description: UUID, IP address of a port from this subnet will be marked
+                  as AccessIPv4 on the created compute instance
+                type: string
+              tags:
+                description: Machine tags Requires Nova api 2.52 minimum!
+                items:
+                  type: string
+                type: array
+                x-kubernetes-list-type: set
+              trunk:
+                description: Whether the server instance is created on a trunk port
+                  or not.
+                type: boolean
+            required:
+            - flavor
+            type: object
+          status:
+            description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+            properties:
+              addresses:
+                description: Addresses contains the OpenStack instance associated
+                  addresses.
+                items:
+                  description: NodeAddress contains information for the node's address.
+                  properties:
+                    address:
+                      description: The node address.
+                      type: string
+                    type:
+                      description: Node address type, one of Hostname, ExternalIP
+                        or InternalIP.
+                      type: string
+                  required:
+                  - address
+                  - type
+                  type: object
+                type: array
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition. This field may be empty.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase. The specific API may choose whether or not this
+                        field is considered a guaranteed API. This field may not be
+                        empty.
+                      type: string
+                    severity:
+                      description: Severity provides an explicit classification of
+                        Reason code, so the users or machines can immediately understand
+                        the current situation and act accordingly. The Severity field
+                        MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureMessage:
+                description: "FailureMessage will be set in the event that there is
+                  a terminal problem reconciling the Machine and will contain a more
+                  verbose string suitable for logging and human consumption. \n This
+                  field should not be set for transitive errors that a controller
+                  faces that are expected to be fixed automatically over time (like
+                  service outages), but instead indicate that something is fundamentally
+                  wrong with the Machine's spec or the configuration of the controller,
+                  and that manual intervention is required. Examples of terminal errors
+                  would be invalid combinations of settings in the spec, values that
+                  are unsupported by the controller, or the responsible controller
+                  itself being critically misconfigured. \n Any transient errors that
+                  occur during the reconciliation of Machines can be added as events
+                  to the Machine object and/or logged in the controller's output."
+                type: string
+              failureReason:
+                description: MachineStatusError defines errors states for Machine
+                  objects.
+                type: string
+              instanceState:
+                description: InstanceState is the state of the OpenStack instance
+                  for this machine.
+                type: string
+              ready:
+                description: Ready is true when the provider resource is ready.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+    controller-gen.kubebuilder.io/version: v0.9.2
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+    cluster.x-k8s.io/v1alpha3: v1alpha3
+    cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+  name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: capo-webhook-service
+          namespace: capo-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: OpenStackMachineTemplate
+    listKind: OpenStackMachineTemplateList
+    plural: openstackmachinetemplates
+    shortNames:
+    - osmt
+    singular: openstackmachinetemplate
+  scope: Namespaced
+  versions:
+  - name: v1alpha3
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineTemplateSpec defines the desired state of
+              OpenStackMachineTemplate.
+            properties:
+              template:
+                description: OpenStackMachineTemplateResource describes the data needed
+                  to create a OpenStackMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior
+                      of the machine.
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      cloudsSecret:
+                        description: The name of the secret containing the openstack
+                          credentials
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify the networks parameter, the server attaches
+                          to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                adminStateUp:
+                                  type: boolean
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                shared:
+                                  type: boolean
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                status:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            fixedIp:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional network query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      enableDhcp:
+                                        type: boolean
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      networkId:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      subnetpoolId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: The UUID of the network. Required
+                                      if you omit the port attribute.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: The UUID of the network. Required if you
+                                omit the port attribute.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          deviceType:
+                            type: string
+                          diskSize:
+                            type: integer
+                          sourceType:
+                            type: string
+                          sourceUUID:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                      userDataSecret:
+                        description: The name of the secret containing the user data
+                          (startup script in most cases)
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    required:
+                    - flavor
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha4
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineTemplateSpec defines the desired state of
+              OpenStackMachineTemplate.
+            properties:
+              template:
+                description: OpenStackMachineTemplateResource describes the data needed
+                  to create a OpenStackMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior
+                      of the machine.
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                adminStateUp:
+                                  type: boolean
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                shared:
+                                  type: boolean
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                status:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      enableDhcp:
+                                        type: boolean
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      networkId:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      subnetpoolId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnetId:
+                                    type: string
+                                required:
+                                - subnetId
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            networkId:
+                              description: ID of the OpenStack network on which to
+                                create the port. If unspecified, create the port on
+                                the default cluster network.
+                              type: string
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroups:
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          deviceType:
+                            type: string
+                          diskSize:
+                            type: integer
+                          sourceType:
+                            type: string
+                          sourceUUID:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha5
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineTemplateSpec defines the desired state of
+              OpenStackMachineTemplate.
+            properties:
+              template:
+                description: OpenStackMachineTemplateResource describes the data needed
+                  to create a OpenStackMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior
+                      of the machine.
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      imageUUID:
+                        description: The uuid of the image to use for your server
+                          instance. if it's empty, Image name will be used
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          availabilityZone:
+                            type: string
+                          diskSize:
+                            type: integer
+                          volumeType:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: false
+  - name: v1alpha6
+    schema:
+      openAPIV3Schema:
+        description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OpenStackMachineTemplateSpec defines the desired state of
+              OpenStackMachineTemplate.
+            properties:
+              template:
+                description: OpenStackMachineTemplateResource describes the data needed
+                  to create a OpenStackMachine from a template.
+                properties:
+                  spec:
+                    description: Spec is the specification of the desired behavior
+                      of the machine.
+                    properties:
+                      cloudName:
+                        description: The name of the cloud to use from the clouds
+                          secret
+                        type: string
+                      configDrive:
+                        description: Config Drive support
+                        type: boolean
+                      flavor:
+                        description: The flavor reference for the flavor for your
+                          server instance.
+                        type: string
+                      floatingIP:
+                        description: The floatingIP which will be associated to the
+                          machine, only used for master. The floatingIP should have
+                          been created and haven't been associated.
+                        type: string
+                      identityRef:
+                        description: IdentityRef is a reference to a identity to be
+                          used when reconciling this cluster
+                        properties:
+                          kind:
+                            description: Kind of the identity. Must be supported by
+                              the infrastructure provider and may be either cluster
+                              or namespace-scoped.
+                            minLength: 1
+                            type: string
+                          name:
+                            description: Name of the infrastructure identity to be
+                              used. Must be either a cluster-scoped resource, or namespaced-scoped
+                              resource the same namespace as the resource(s) being
+                              provisioned.
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                      image:
+                        description: The name of the image to use for your server
+                          instance. If the RootVolume is specified, this will be ignored
+                          and use rootVolume directly.
+                        type: string
+                      imageUUID:
+                        description: The uuid of the image to use for your server
+                          instance. if it's empty, Image name will be used
+                        type: string
+                      instanceID:
+                        description: InstanceID is the OpenStack instance ID for this
+                          machine.
+                        type: string
+                      networks:
+                        description: A networks object. Required parameter when there
+                          are multiple networks defined for the tenant. When you do
+                          not specify both networks and ports parameters, the server
+                          attaches to the only network created for the current tenant.
+                        items:
+                          properties:
+                            filter:
+                              description: Filters for optional network query
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            fixedIP:
+                              description: A fixed IPv4 address for the NIC.
+                              type: string
+                            subnets:
+                              description: Subnet within a network to use
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters for optional subnet query
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                  uuid:
+                                    description: Optional UUID of the subnet. If specified
+                                      this will not be validated prior to server creation.
+                                      If specified, the enclosing `NetworkParam` must
+                                      also be specified by UUID.
+                                    type: string
+                                type: object
+                              type: array
+                            uuid:
+                              description: Optional UUID of the network. If specified
+                                this will not be validated prior to server creation.
+                                Required if `Subnets` specifies a subnet by UUID.
+                              type: string
+                          type: object
+                        type: array
+                      ports:
+                        description: Ports to be attached to the server instance.
+                          They are created if a port with the given name does not
+                          already exist. When you do not specify both networks and
+                          ports parameters, the server attaches to the only network
+                          created for the current tenant.
+                        items:
+                          properties:
+                            adminStateUp:
+                              type: boolean
+                            allowedAddressPairs:
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  macAddress:
+                                    type: string
+                                type: object
+                              type: array
+                            description:
+                              type: string
+                            disablePortSecurity:
+                              description: DisablePortSecurity enables or disables
+                                the port security when set. When not set, it takes
+                                the value of the corresponding field at the network
+                                level.
+                              type: boolean
+                            fixedIPs:
+                              description: Specify pairs of subnet and/or IP address.
+                                These should be subnets of the network with the given
+                                NetworkID.
+                              items:
+                                properties:
+                                  ipAddress:
+                                    type: string
+                                  subnet:
+                                    description: Subnet is an openstack subnet query
+                                      that will return the id of a subnet to create
+                                      the fixed IP of a port in. This query must not
+                                      return more than one subnet.
+                                    properties:
+                                      cidr:
+                                        type: string
+                                      description:
+                                        type: string
+                                      gateway_ip:
+                                        type: string
+                                      id:
+                                        type: string
+                                      ipVersion:
+                                        type: integer
+                                      ipv6AddressMode:
+                                        type: string
+                                      ipv6RaMode:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                    type: object
+                                required:
+                                - subnet
+                                type: object
+                              type: array
+                            hostId:
+                              description: The ID of the host where the port is allocated
+                              type: string
+                            macAddress:
+                              type: string
+                            nameSuffix:
+                              description: Used to make the name of the port unique.
+                                If unspecified, instead the 0-based index of the port
+                                in the list is used.
+                              type: string
+                            network:
+                              description: Network is a query for an openstack network
+                                that the port will be created or discovered on. This
+                                will fail if the query returns more than one network.
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                              type: object
+                            profile:
+                              additionalProperties:
+                                type: string
+                              description: A dictionary that enables the application
+                                running on the specified host to pass and receive
+                                virtual network interface (VIF) port-specific information
+                                to the plug-in.
+                              type: object
+                            projectId:
+                              type: string
+                            securityGroupFilters:
+                              description: The names, uuids, filters or any combination
+                                these of the security groups to assign to the instance
+                              items:
+                                properties:
+                                  filter:
+                                    description: Filters used to query security groups
+                                      in openstack
+                                    properties:
+                                      description:
+                                        type: string
+                                      id:
+                                        type: string
+                                      limit:
+                                        type: integer
+                                      marker:
+                                        type: string
+                                      name:
+                                        type: string
+                                      notTags:
+                                        type: string
+                                      notTagsAny:
+                                        type: string
+                                      projectId:
+                                        type: string
+                                      sortDir:
+                                        type: string
+                                      sortKey:
+                                        type: string
+                                      tags:
+                                        type: string
+                                      tagsAny:
+                                        type: string
+                                      tenantId:
+                                        type: string
+                                    type: object
+                                  name:
+                                    description: Security Group name
+                                    type: string
+                                  uuid:
+                                    description: Security Group UID
+                                    type: string
+                                type: object
+                              type: array
+                            securityGroups:
+                              description: The uuids of the security groups to assign
+                                to the instance
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tags:
+                              description: Tags applied to the port (and corresponding
+                                trunk, if a trunk is configured.) These tags are applied
+                                in addition to the instance's tags, which will also
+                                be applied to the port.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: set
+                            tenantId:
+                              type: string
+                            trunk:
+                              description: Enables and disables trunk at port level.
+                                If not provided, openStackMachine.Spec.Trunk is inherited.
+                              type: boolean
+                            vnicType:
+                              description: The virtual network interface card (vNIC)
+                                type that is bound to the neutron port.
+                              type: string
+                          type: object
+                        type: array
+                      providerID:
+                        description: ProviderID is the unique identifier as specified
+                          by the cloud provider.
+                        type: string
+                      rootVolume:
+                        description: The volume metadata to boot from
+                        properties:
+                          availabilityZone:
+                            type: string
+                          diskSize:
+                            type: integer
+                          volumeType:
+                            type: string
+                        type: object
+                      securityGroups:
+                        description: The names of the security groups to assign to
+                          the instance
+                        items:
+                          properties:
+                            filter:
+                              description: Filters used to query security groups in
+                                openstack
+                              properties:
+                                description:
+                                  type: string
+                                id:
+                                  type: string
+                                limit:
+                                  type: integer
+                                marker:
+                                  type: string
+                                name:
+                                  type: string
+                                notTags:
+                                  type: string
+                                notTagsAny:
+                                  type: string
+                                projectId:
+                                  type: string
+                                sortDir:
+                                  type: string
+                                sortKey:
+                                  type: string
+                                tags:
+                                  type: string
+                                tagsAny:
+                                  type: string
+                                tenantId:
+                                  type: string
+                              type: object
+                            name:
+                              description: Security Group name
+                              type: string
+                            uuid:
+                              description: Security Group UID
+                              type: string
+                          type: object
+                        type: array
+                      serverGroupID:
+                        description: The server group to assign the machine to
+                        type: string
+                      serverMetadata:
+                        additionalProperties:
+                          type: string
+                        description: Metadata mapping. Allows you to create a map
+                          of key value pairs to add to the server instance.
+                        type: object
+                      sshKeyName:
+                        description: The ssh key to inject in the instance
+                        type: string
+                      subnet:
+                        description: UUID, IP address of a port from this subnet will
+                          be marked as AccessIPv4 on the created compute instance
+                        type: string
+                      tags:
+                        description: Machine tags Requires Nova api 2.52 minimum!
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      trunk:
+                        description: Whether the server instance is created on a trunk
+                          port or not.
+                        type: boolean
+                    required:
+                    - flavor
+                    type: object
+                required:
+                - spec
+                type: object
+            required:
+            - template
+            type: object
+        type: object
+    served: true
+    storage: true
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-manager
+  namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-leader-election-role
+  namespace: capo-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  - machines/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - openstackclusters
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - openstackclusters/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - openstackmachines
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - openstackmachines/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-leader-election-rolebinding
+  namespace: capo-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capo-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: capo-manager
+  namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capo-manager-role
+subjects:
+- kind: ServiceAccount
+  name: capo-manager
+  namespace: capo-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-webhook-service
+  namespace: capo-system
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+    control-plane: capo-controller-manager
+  name: capo-controller-manager
+  namespace: capo-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: infrastructure-openstack
+      control-plane: capo-controller-manager
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/provider: infrastructure-openstack
+        control-plane: capo-controller-manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        - --v=2
+        - --metrics-bind-addr=127.0.0.1:8080
+        command:
+        - /manager
+        image: gcr.io/k8s-staging-capi-openstack/capi-openstack-controller:nightly_main_20221109
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: healthz
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        - containerPort: 9440
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: healthz
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: capo-manager
+      terminationGracePeriodSeconds: 10
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: capo-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-serving-cert
+  namespace: capo-system
+spec:
+  dnsNames:
+  - capo-webhook-service.capo-system.svc
+  - capo-webhook-service.capo-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: capo-selfsigned-issuer
+  secretName: capo-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-selfsigned-issuer
+  namespace: capo-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackcluster
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.openstackcluster.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclusters
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackclustertemplate
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.openstackclustertemplate.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclustertemplates
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachine
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: default.openstackmachine.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackmachines
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+  labels:
+    cluster.x-k8s.io/provider: infrastructure-openstack
+  name: capo-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackcluster
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.openstackcluster.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclusters
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackclustertemplate
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclustertemplates
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachine
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.openstackmachine.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackmachines
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: capo-webhook-service
+      namespace: capo-system
+      path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachinetemplate
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - infrastructure.cluster.x-k8s.io
+    apiVersions:
+    - v1alpha6
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackmachinetemplates
+  sideEffects: None
diff --git a/atmosphere/operator/manifests/capi-rbac.yml b/atmosphere/operator/manifests/capi-rbac.yml
new file mode 100644
index 0000000..f1f2fdc
--- /dev/null
+++ b/atmosphere/operator/manifests/capi-rbac.yml
@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: magnum-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: magnum-cluster-api
+  namespace: magnum-system
+rules:
+  - apiGroups: [""]
+    resources: [namespaces]
+    verbs: [patch]
+  - apiGroups: [""]
+    resources: [configmaps, secrets]
+    verbs: [create, update, patch, get, delete]
+  - apiGroups: [cluster.x-k8s.io]
+    resources: [clusters]
+    verbs: [create, update, patch, get, delete]
+  - apiGroups: [cluster.x-k8s.io]
+    resources: [clusterclasses]
+    verbs: [create, update, patch]
+  - apiGroups: [cluster.x-k8s.io]
+    resources: [machinedeployments]
+    verbs: [list]
+  - apiGroups: [bootstrap.cluster.x-k8s.io]
+    resources: [kubeadmconfigtemplates]
+    verbs: [create, update, patch]
+  - apiGroups: [controlplane.cluster.x-k8s.io]
+    resources: [kubeadmcontrolplanes]
+    verbs: [list]
+  - apiGroups: [controlplane.cluster.x-k8s.io]
+    resources: [kubeadmcontrolplanetemplates]
+    verbs: [create, update, patch]
+  - apiGroups: [infrastructure.cluster.x-k8s.io]
+    resources: [openstackclustertemplates, openstackmachinetemplates]
+    verbs: [create, update, patch]
+  - apiGroups: [addons.cluster.x-k8s.io]
+    resources: [clusterresourcesets]
+    verbs: [create, update, patch, delete]
+  - apiGroups: [source.toolkit.fluxcd.io]
+    resources: [helmrepositories]
+    verbs: [create, update, patch]
+  - apiGroups: [helm.toolkit.fluxcd.io]
+    resources: [helmreleases]
+    verbs: [delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: magnum-cluster-api
+  namespace: magnum-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: magnum-cluster-api
+subjects:
+  - kind: ServiceAccount
+    name: magnum-conductor
+    namespace: openstack
diff --git a/atmosphere/operator/tasks.py b/atmosphere/operator/tasks.py
new file mode 100644
index 0000000..c9a5c6e
--- /dev/null
+++ b/atmosphere/operator/tasks.py
@@ -0,0 +1,618 @@
+import glob
+import json
+import logging
+import os
+import subprocess
+
+import mergedeep
+import pkg_resources
+import pykube
+import yaml
+from oslo_utils import strutils
+from taskflow import task
+from tenacity import retry, retry_if_result, stop_after_delay, wait_fixed
+
+from atmosphere import clients
+
+LOG = logging.getLogger(__name__)
+
+
+class BuildApiClient(task.Task):
+    default_provides = "api"
+
+    def execute(self) -> pykube.HTTPClient:
+        return clients.get_pykube_api()
+
+
+class ApplyKubernetesObjectTask(task.Task):
+    @property
+    def api(self):
+        return clients.get_pykube_api()
+
+    def generate_object(self, *args, **kwargs) -> pykube.objects.APIObject:
+        raise NotImplementedError
+
+    def wait_for_resource(self, resource: pykube.objects.APIObject):
+        return resource
+
+    def _apply(self, resource: pykube.objects.APIObject) -> pykube.objects.APIObject:
+        resp = resource.api.patch(
+            **resource.api_kwargs(
+                headers={
+                    "Content-Type": "application/apply-patch+yaml",
+                },
+                params={
+                    "fieldManager": "atmosphere-operator",
+                    "force": True,
+                },
+                data=json.dumps(resource.obj),
+            )
+        )
+
+        resource.api.raise_for_status(resp)
+        resource.set_obj(resp.json())
+
+        return self.wait_for_resource(resource)
+
+
+class InstallClusterApiTask(task.Task):
+    def execute(self):
+        # TODO(mnaser): Move CAPI and CAPO to run on control plane
+        manifests_path = pkg_resources.resource_filename(__name__, "manifests")
+        manifest_files = glob.glob(os.path.join(manifests_path, "capi-*.yml"))
+
+        for manifest in manifest_files:
+            with open(manifest) as fd:
+                subprocess.check_call(
+                    "kubectl apply -f -",
+                    shell=True,
+                    stdin=fd,
+                    stdout=subprocess.DEVNULL,
+                    stderr=subprocess.DEVNULL,
+                )
+
+
+class RabbitmqCluster(pykube.objects.NamespacedAPIObject):
+    version = "rabbitmq.com/v1beta1"
+    endpoint = "rabbitmqclusters"
+    kind = "RabbitmqCluster"
+
+
+class ApplyRabbitmqClusterTask(ApplyKubernetesObjectTask):
+    def execute(self, api: pykube.HTTPClient, namespace: str, chart_name: str) -> dict:
+        resource = RabbitmqCluster(
+            api,
+            {
+                "apiVersion": RabbitmqCluster.version,
+                "kind": RabbitmqCluster.kind,
+                "metadata": {
+                    "name": f"rabbitmq-{chart_name}",
+                    "namespace": namespace,
+                },
+                "spec": {
+                    "affinity": {
+                        "nodeAffinity": {
+                            "requiredDuringSchedulingIgnoredDuringExecution": {
+                                "nodeSelectorTerms": [
+                                    {
+                                        "matchExpressions": [
+                                            {
+                                                "key": "openstack-control-plane",
+                                                "operator": "In",
+                                                "values": ["enabled"],
+                                            }
+                                        ]
+                                    }
+                                ]
+                            }
+                        }
+                    },
+                    "rabbitmq": {
+                        "additionalConfig": "vm_memory_high_watermark.relative = 0.9\n"
+                    },
+                    "resources": {
+                        "requests": {"cpu": "500m", "memory": "1Gi"},
+                        "limits": {"cpu": "1", "memory": "2Gi"},
+                    },
+                    "terminationGracePeriodSeconds": 15,
+                },
+            },
+        )
+
+        return self._apply(resource)
+
+
+class HelmRelease(pykube.objects.NamespacedAPIObject):
+    version = "helm.toolkit.fluxcd.io/v2beta1"
+    endpoint = "helmreleases"
+    kind = "HelmRelease"
+
+
+class ApplyHelmReleaseTask(ApplyKubernetesObjectTask):
+    def execute(
+        self,
+        api: pykube.HTTPClient,
+        namespace: str,
+        release_name: str,
+        helm_repository: str,
+        chart_name: str,
+        chart_version: str,
+        values: dict,
+        values_from: list,
+    ) -> HelmRelease:
+        resource = HelmRelease(
+            api,
+            {
+                "apiVersion": HelmRelease.version,
+                "kind": HelmRelease.kind,
+                "metadata": {
+                    "name": release_name,
+                    "namespace": namespace,
+                },
+                "spec": {
+                    "interval": "60s",
+                    "chart": {
+                        "spec": {
+                            "chart": chart_name,
+                            "version": chart_version,
+                            "sourceRef": {
+                                "kind": "HelmRepository",
+                                "name": helm_repository,
+                            },
+                        }
+                    },
+                    "install": {
+                        "crds": "CreateReplace",
+                        "disableWait": True,
+                    },
+                    "upgrade": {
+                        "crds": "CreateReplace",
+                        "disableWait": True,
+                    },
+                    "values": values,
+                    "valuesFrom": values_from,
+                },
+            },
+        )
+
+        return self._apply(resource)
+
+    @retry(
+        retry=retry_if_result(lambda f: f is False),
+        stop=stop_after_delay(300),
+        wait=wait_fixed(1),
+    )
+    def wait_for_resource(self, resource: HelmRelease, *args, **kwargs) -> bool:
+        # TODO(mnaser): detect potential changes and wait
+        resource.reload()
+
+        conditions = {
+            condition["type"]: strutils.bool_from_string(condition["status"])
+            for condition in resource.obj["status"].get("conditions", [])
+        }
+
+        if not conditions.get("Ready", False) and conditions.get("Released", False):
+            return False
+        return resource
+
+
+class GenerateSecrets(ApplyKubernetesObjectTask):
+    def execute(
+        self, api: pykube.HTTPClient, namespace: str, name: str
+    ) -> pykube.Secret:
+        # TODO(mnaser): We should generate this if it's missing, but for now
+        #               assume that it exists.
+        secret_name = f"{name}-secrets"
+        return pykube.Secret.objects(api, namespace=namespace).get(name=secret_name)
+
+
+class GenerateImageTagsConfigMap(ApplyKubernetesObjectTask):
+    def execute(
+        self, api: pykube.HTTPClient, namespace: str, name: str, spec: dict
+    ) -> pykube.ConfigMap:
+        image_repository = spec["imageRepository"]
+        resource = pykube.ConfigMap(
+            api,
+            {
+                "apiVersion": pykube.ConfigMap.version,
+                "kind": pykube.ConfigMap.kind,
+                "metadata": {
+                    "name": f"{name}-images",
+                    "namespace": namespace,
+                },
+                "data": {
+                    "values.yaml": yaml.dump(
+                        {
+                            "images": {
+                                "tags": {
+                                    "bootstrap": f"{image_repository}/heat:zed",
+                                    "db_drop": f"{image_repository}/heat:zed",
+                                    "db_init": f"{image_repository}/heat:zed",
+                                    "dep_check": f"{image_repository}/kubernetes-entrypoint:latest",
+                                    "ks_endpoints": f"{image_repository}/heat:zed",
+                                    "ks_service": f"{image_repository}/heat:zed",
+                                    "ks_user": f"{image_repository}/heat:zed",
+                                    "magnum_api": f"{image_repository}/magnum@sha256:46e7c910780864f4532ecc85574f159a36794f37aac6be65e4b48c46040ced17",  # noqa
+                                    "magnum_conductor": f"{image_repository}/magnum@sha256:46e7c910780864f4532ecc85574f159a36794f37aac6be65e4b48c46040ced17",  # noqa
+                                    "magnum_db_sync": f"{image_repository}/magnum@sha256:46e7c910780864f4532ecc85574f159a36794f37aac6be65e4b48c46040ced17",  # noqa
+                                    "rabbit_init": f"{image_repository}/rabbitmq:3.8.23-management",
+                                }
+                            }
+                        }
+                    )
+                },
+            },
+        )
+
+        return self._apply(resource)
+
+
+class GetChartValues(task.Task):
+    def execute(
+        self,
+        helm_repository: str,
+        helm_repository_url: str,
+        chart_name: str,
+        chart_version: str,
+    ) -> dict:
+        # TODO(mnaser): Once we move towards air-gapped deployments, we should
+        #               refactor this to pull from local OCI registry instead.
+        subprocess.check_call(
+            f"helm repo add --force-update {helm_repository} {helm_repository_url}",
+            shell=True,
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        subprocess.check_call(
+            "helm repo update",
+            shell=True,
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        data = subprocess.check_output(
+            f"helm show values {helm_repository}/{chart_name} --version {chart_version}",
+            shell=True,
+        )
+        return yaml.safe_load(data)
+
+
+class GenerateReleaseValues(task.Task):
+    def _generate_base(self, rabbitmq: RabbitmqCluster, spec: dict) -> dict:
+        return {
+            "endpoints": {
+                "identity": {
+                    "auth": {
+                        "admin": {
+                            "username": f"admin-{spec['regionName']}",
+                            "region_name": spec["regionName"],
+                        },
+                    },
+                },
+                "oslo_db": {
+                    "hosts": {
+                        # TODO(mnaser): Move this into a dependency
+                        "default": "percona-xtradb-haproxy",
+                    },
+                },
+                "oslo_messaging": {
+                    "statefulset": None,
+                    "hosts": {
+                        # TODO(mnaser): handle scenario when those don't exist
+                        "default": rabbitmq.name,
+                    },
+                },
+            },
+        }
+
+    def _generate_magnum(self, spec: dict) -> dict:
+        return {
+            "endpoints": {
+                "container_infra": {
+                    "host_fqdn_override": {
+                        "public": {"host": spec["magnum"]["endpoint"]}
+                    },
+                    "port": {"api": {"public": 443}},
+                    "scheme": {"public": "https"},
+                },
+                "identity": {
+                    "auth": {
+                        "magnum": {
+                            "username": f"magnum-{spec['regionName']}",
+                            "region_name": spec["regionName"],
+                        },
+                        "magnum_stack_user": {
+                            "username": f"magnum-domain-{spec['regionName']}",
+                            "region_name": spec["regionName"],
+                        },
+                    },
+                },
+            },
+            "conf": {
+                "magnum": {
+                    "DEFAULT": {"log_config_append": None},
+                    "barbican_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "cinder_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "cluster_template": {
+                        "kubernetes_allowed_network_drivers": "calico",
+                        "kubernetes_default_network_driver": "calico",
+                    },
+                    "conductor": {"workers": 4},
+                    "drivers": {
+                        "verify_ca": False,
+                    },
+                    "glance_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "heat_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "keystone_auth": {
+                        "auth_url": "http://keystone-api.openstack.svc.cluster.local:5000/v3",
+                        "user_domain_name": "service",
+                        "username": f"magnum-{spec['regionName']}",
+                        # NOTE(mnaser): Magnum does not allow changing the interface to internal
+                        #               so we workaround with this for now.
+                        "insecure": True,
+                    },
+                    "keystone_authtoken": {
+                        # NOTE(mnaser): Magnum does not allow changing the interface to internal
+                        #               so we workaround with this for now.
+                        "insecure": True,
+                    },
+                    "magnum_client": {"region_name": spec["regionName"]},
+                    "neutron_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "nova_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                    "octavia_client": {
+                        "endpoint_type": "internalURL",
+                        "region_name": spec["regionName"],
+                    },
+                }
+            },
+            "pod": {
+                "replicas": {
+                    "api": 3,
+                    "conductor": 3,
+                },
+            },
+            "manifests": {
+                "ingress_api": False,
+                "service_ingress_api": False,
+            },
+        }
+
+    def execute(self, chart_name: str, rabbitmq: RabbitmqCluster, spec: dict) -> dict:
+        return mergedeep.merge(
+            {},
+            self._generate_base(rabbitmq, spec),
+            getattr(self, f"_generate_{chart_name}")(spec),
+            spec[chart_name].get("overrides", {}),
+        )
+
+
+class GenerateMagnumChartValuesFrom(task.Task):
+    def execute(
+        self,
+        image_tags: pykube.ConfigMap,
+        secrets: pykube.Secret,
+        rabbitmq: RabbitmqCluster,
+    ) -> dict:
+        return [
+            {
+                "kind": pykube.ConfigMap.kind,
+                "name": image_tags.name,
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "conf.magnum.keystone_auth.password",
+                "valuesKey": "magnum-keystone-password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.oslo_cache.auth.memcache_secret_key",
+                "valuesKey": "memcache-secret-key",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.identity.auth.admin.password",
+                "valuesKey": "keystone-admin-password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.identity.auth.magnum.password",
+                "valuesKey": "magnum-keystone-password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.identity.auth.magnum_stack_user.password",
+                "valuesKey": "magnum-keystone-password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": "percona-xtradb",
+                "targetPath": "endpoints.oslo_db.auth.admin.password",
+                "valuesKey": "root",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.oslo_db.auth.magnum.password",
+                "valuesKey": "magnum-database-password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": f"{rabbitmq.name}-default-user",
+                "targetPath": "endpoints.oslo_messaging.auth.admin.username",
+                "valuesKey": "username",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": f"{rabbitmq.name}-default-user",
+                "targetPath": "endpoints.oslo_messaging.auth.admin.password",
+                "valuesKey": "password",
+            },
+            {
+                "kind": pykube.Secret.kind,
+                "name": secrets.name,
+                "targetPath": "endpoints.oslo_messaging.auth.magnum.password",
+                "valuesKey": "magnum-rabbitmq-password",
+            },
+        ]
+
+
+class ApplyIngressTask(ApplyKubernetesObjectTask):
+    def execute(
+        self,
+        api: pykube.HTTPClient,
+        namespace: str,
+        endpoint: str,
+        spec: dict,
+        chart_values: dict,
+        release_values: dict,
+    ) -> pykube.Ingress:
+        host = release_values["endpoints"][endpoint]["host_fqdn_override"]["public"][
+            "host"
+        ]
+        service_name = chart_values["endpoints"][endpoint]["hosts"]["default"]
+        service_port = chart_values["endpoints"][endpoint]["port"]["api"]["default"]
+
+        resource = pykube.Ingress(
+            api,
+            {
+                "apiVersion": pykube.Ingress.version,
+                "kind": pykube.Ingress.kind,
+                "metadata": {
+                    "name": endpoint.replace("_", "-"),
+                    "namespace": namespace,
+                    "annotations": {
+                        "cert-manager.io/cluster-issuer": spec[
+                            "certManagerClusterIssuer"
+                        ],
+                    },
+                },
+                "spec": {
+                    "ingressClassName": spec["ingressClassName"],
+                    "rules": [
+                        {
+                            "host": host,
+                            "http": {
+                                "paths": [
+                                    {
+                                        "path": "/",
+                                        "pathType": "Prefix",
+                                        "backend": {
+                                            "service": {
+                                                "name": service_name,
+                                                "port": {
+                                                    "number": service_port,
+                                                },
+                                            },
+                                        },
+                                    },
+                                ],
+                            },
+                        },
+                    ],
+                    "tls": [{"secretName": f"{service_name}-certs", "hosts": [host]}],
+                },
+            },
+        )
+
+        return self._apply(resource)
+
+
+class GenerateOpenStackHelmEndpoints(task.Task):
+    SKIPPED_ENDPOINTS = (
+        "cluster_domain_suffix",
+        "local_image_registry",
+        "oci_image_registry",
+        "fluentd",
+    )
+
+    def __init__(
+        self,
+        repository_name: str,
+        repository_url: str,
+        chart_name: str,
+        chart_version: str,
+        *args,
+        **kwargs,
+    ):
+        self._repository_name = repository_name
+        self._repository_url = repository_url
+        self._chart_name = chart_name
+        self._chart_version = chart_version
+
+        super().__init__(*args, **kwargs)
+
+    def _get_values(self):
+        # TODO(mnaser): Once we move towards air-gapped deployments, we should
+        #               refactor this to pull from local OCI registry instead.
+        subprocess.check_call(
+            f"helm repo add --force-update {self._repository_name} {self._repository_url}",
+            shell=True,
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        subprocess.check_call(
+            "helm repo update",
+            shell=True,
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        data = subprocess.check_output(
+            f"helm show values {self._repository_name}/{self._chart_name} --version {self._chart_version}",
+            shell=True,
+        )
+        return yaml.safe_load(data)
+
+    def _generate_oslo_messaging(self):
+        return {
+            "statefulset": None,
+            "hosts": {
+                "default": f"rabbitmq-{self._chart_name}",
+            },
+        }
+
+    def _generate_orchestration(self):
+        return {}
+
+    def _generate_key_manager(self):
+        return {}
+
+    def _generate_oslo_db(self):
+        return {"hosts": {"default": "percona-xtradb-haproxy"}}
+
+    def _generate_identity(self):
+        return {}
+
+    def _generate_oslo_cache(self):
+        # TODO: only generate if we're getting endpoints for memcached chart
+        return {}
+
+    def _generate_container_infra(self):
+        return {}
+
+    def execute(self, *args, **kwargs):
+        endpoints = (
+            self._get_values().get("endpoints", {}).keys() - self.SKIPPED_ENDPOINTS
+        )
+        return {"endpoints": {k: getattr(self, "_generate_" + k)() for k in endpoints}}
diff --git a/docs/coe.md b/docs/coe.md
new file mode 100644
index 0000000..65190af
--- /dev/null
+++ b/docs/coe.md
@@ -0,0 +1,28 @@
+# Coe
+
+Create COE k8s cluster templates.
+
+```shell
+for version in v1.23.13 v1.24.7 v1.25.3; do
+  openstack coe cluster template create \
+        --image $(openstack image show ubuntu-2004-${version} -c id -f value) \
+        --external-network public \
+        --dns-nameserver 8.8.8.8 \
+        --master-lb-enabled \
+        --master-flavor m1.medium \
+        --flavor m1.medium \
+        --network-driver calico \
+        --docker-storage-driver overlay2 \
+        --coe kubernetes \
+        --label kube_tag=${version} \
+        k8s-${version};
+done;
+```
+
+A container registry which includes all container images required for COE k8s
+clusters is installed along side with Magnum. Instead of using external container
+registries, you can use this internal one.
+
+Append `--label container_infra_prefix="${magnum_registry_host}/magnum/"` in
+cluster create command. Replace `magnum_registry_host` with
+`openstack_helm_endpoints_magnum_registry_host` ansible variable.
diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 9214452..44043b1 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml
@@ -224,6 +224,8 @@
           openstack_helm_endpoints_octavia_api_host: "load-balancer.{{ domain_name }}"
           openstack_helm_endpoints_placement_api_host: "placement.{{ domain_name }}"
           openstack_helm_endpoints_senlin_api_host: "clustering.{{ domain_name }}"
+          openstack_helm_endpoints_magnum_api_host: "container-infra.{{ domain_name }}"
+          openstack_helm_endpoints_magnum_registry_host: "container-infra-registry.{{ domain_name }}"
 
     - name: Write new endpoints file to disk
       ansible.builtin.copy:
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 355a488..91eb0c9 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -121,6 +121,10 @@
       tags:
         - openstack-helm-octavia
 
+    - role: openstack_helm_magnum
+      tags:
+        - openstack-helm-magnum
+
     - role: openstack_helm_horizon
       tags:
         - openstack-helm-horizon
diff --git a/roles/atmosphere/tasks/main.yml b/roles/atmosphere/tasks/main.yml
index e88694e..e6ac04b 100644
--- a/roles/atmosphere/tasks/main.yml
+++ b/roles/atmosphere/tasks/main.yml
@@ -8,12 +8,9 @@
   kubernetes.core.k8s:
     state: present
     template:
-      - cluster_role.yml
       - cluster_role_binding.yml
       - namespace.yml
-      - role.yml
       - service_account.yml
-      - role_binding.yml
       - secret.yml
       - deployment.yml
       - resources.yml
diff --git a/roles/atmosphere/templates/cluster_role.yml b/roles/atmosphere/templates/cluster_role.yml
deleted file mode 100644
index 2f2795f..0000000
--- a/roles/atmosphere/templates/cluster_role.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: atmosphere
-rules:
-  # Framework: knowing which other operators are running (i.e. peering).
-  - apiGroups: [kopf.dev]
-    resources: [clusterkopfpeerings, kopfpeerings]
-    verbs: [list, watch, patch, get]
-  # Framework: runtime observation of namespaces & CRDs (addition/deletion).
-  - apiGroups: [apiextensions.k8s.io]
-    resources: [customresourcedefinitions]
-    verbs: [list, watch]
-  - apiGroups: [""]
-    resources: [namespaces]
-    verbs: [list, watch]
-  # Framework: admission webhook configuration management.
-  - apiGroups: [admissionregistration.k8s.io, admissionregistration.k8s.io]
-    resources: [validatingwebhookconfigurations, mutatingwebhookconfigurations]
-    verbs: [create, patch]
-  # Framework: posting the events about the handlers progress/errors.
-  - apiGroups: [""]
-    resources: [events]
-    verbs: [create]
-  # Application: read-only access for watching cluster-wide.
-  - apiGroups: [identity.openstack.atmosphere.vexxhost.com]
-    resources: [endpoints, impliedroles, roles, services]
-    verbs: [get, list, watch, patch]
-  # Application: other resources it produces and manipulates.
-  - apiGroups: [""]
-    resources: ["namespaces", "services", "configmaps", "secrets"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources: ["helmreleases"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "clusterissuers"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["ceph.rook.io"]
-    resources: ["cephclusters", "cephobjectstores"]
-    verbs: ["get", "create", "patch"]
diff --git a/roles/atmosphere/templates/cluster_role_binding.yml b/roles/atmosphere/templates/cluster_role_binding.yml
index db8ce31..ab615b5 100644
--- a/roles/atmosphere/templates/cluster_role_binding.yml
+++ b/roles/atmosphere/templates/cluster_role_binding.yml
@@ -9,5 +9,5 @@
     namespace: openstack
 roleRef:
   kind: ClusterRole
-  name: atmosphere
+  name: cluster-admin
   apiGroup: rbac.authorization.k8s.io
diff --git a/roles/atmosphere/templates/crds.yml b/roles/atmosphere/templates/crds.yml
index 2507006..2a31263 100644
--- a/roles/atmosphere/templates/crds.yml
+++ b/roles/atmosphere/templates/crds.yml
@@ -2,6 +2,32 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  name: clouds.atmosphere.vexxhost.com
+spec:
+  scope: Namespaced
+  group: atmosphere.vexxhost.com
+  names:
+    kind: Cloud
+    plural: clouds
+    singular: cloud
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+            status:
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
   name: endpoints.identity.openstack.atmosphere.vexxhost.com
 spec:
   scope: Namespaced
diff --git a/roles/atmosphere/templates/resources.yml b/roles/atmosphere/templates/resources.yml
index 6e7dc4d..0644527 100644
--- a/roles/atmosphere/templates/resources.yml
+++ b/roles/atmosphere/templates/resources.yml
@@ -23,3 +23,28 @@
     name: member
   impliedRoleRef:
     name: load-balancer-member
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: atmosphere-secrets
+  namespace: openstack
+stringData:
+  keystone-admin-password: "{{ openstack_helm_endpoints_keystone_admin_password }}"
+  magnum-database-password: "{{ openstack_helm_endpoints_magnum_mariadb_password }}"
+  magnum-keystone-password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
+  magnum-rabbitmq-password: "{{ openstack_helm_endpoints_magnum_rabbitmq_password }}"
+  memcache-secret-key: "{{ openstack_helm_endpoints_memcached_secret_key }}"
+---
+apiVersion: atmosphere.vexxhost.com/v1alpha1
+kind: Cloud
+metadata:
+  name: atmosphere
+  namespace: openstack
+spec:
+  imageRepository: "{{ atmosphere_image_repository | default('quay.io/vexxhost') }}"
+  ingressClassName: "{{ openstack_helm_ingress_class_name | default('openstack') }}"
+  certManagerClusterIssuer: "{{ openstack_helm_ingress_cluster_issuer | default('atmosphere') }}"
+  regionName: "{{ openstack_helm_endpoints_region_name }}"
+  magnum:
+    endpoint: "{{ openstack_helm_endpoints_magnum_api_host }}"
diff --git a/roles/atmosphere/templates/role.yml b/roles/atmosphere/templates/role.yml
deleted file mode 100644
index 21040ab..0000000
--- a/roles/atmosphere/templates/role.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  namespace: openstack
-  name: atmosphere
-rules:
-  - apiGroups: ["pxc.percona.com"]
-    resources: ["perconaxtradbclusters"]
-    verbs: ["get", "create", "patch"]
-  - apiGroups: ["rabbitmq.com"]
-    resources: ["rabbitmqclusters"]
-    verbs: ["get", "create", "patch"]
diff --git a/roles/atmosphere/templates/role_binding.yml b/roles/atmosphere/templates/role_binding.yml
deleted file mode 100644
index 3603d36..0000000
--- a/roles/atmosphere/templates/role_binding.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: atmosphere
-  namespace: openstack
-subjects:
-  - kind: ServiceAccount
-    name: atmosphere
-    namespace: openstack
-roleRef:
-  kind: Role
-  name: atmosphere
-  apiGroup: rbac.authorization.k8s.io
diff --git a/roles/openstack_helm_endpoints/defaults/main.yml b/roles/openstack_helm_endpoints/defaults/main.yml
index 7008143..2c32e4d 100644
--- a/roles/openstack_helm_endpoints/defaults/main.yml
+++ b/roles/openstack_helm_endpoints/defaults/main.yml
@@ -335,6 +335,42 @@
 openstack_helm_endpoints_octavia_rabbitmq_password: "{{ undef(hint='You must specify an Octavia RabbitMQ password') }}"
 
                                                                    # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_api_host [[[
+#
+# API hostname for OpenStack COE Service
+openstack_helm_endpoints_magnum_api_host: "{{ undef(hint='You must specify an Magnum API hostname') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_registry_host [[[
+#
+# API hostname for container registry of OpenStack COE Service
+openstack_helm_endpoints_magnum_registry_host: "{{ undef(hint='You must specify an Magnum Registry hostname') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_region_name [[[
+#
+# Region name for service
+openstack_helm_endpoints_magnum_region_name: "{{ openstack_helm_endpoints_region_name }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_keystone_password [[[
+#
+# Keystone password for service
+openstack_helm_endpoints_magnum_keystone_password: "{{ undef(hint='You must specify an Magnum Keystone password') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_mariadb_password [[[
+#
+# Database password for service
+openstack_helm_endpoints_magnum_mariadb_password: "{{ undef(hint='You must specify an Magnum MariaDB password') }}"
+
+                                                                   # ]]]
+# .. envvar:: openstack_helm_endpoints_magnum_rabbitmq_password [[[
+#
+# RabbitMQ password for service
+openstack_helm_endpoints_magnum_rabbitmq_password: "{{ undef(hint='You must specify an Magnum RabbitMQ password') }}"
+
+                                                                   # ]]]
 # .. envvar:: openstack_helm_endpoints_senlin_api_host [[[
 #
 # API hostname for OpenStack Clustering Service
diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml
index d6bfa22..98bb122 100644
--- a/roles/openstack_helm_endpoints/vars/main.yml
+++ b/roles/openstack_helm_endpoints/vars/main.yml
@@ -438,3 +438,37 @@
         region_name: "{{ openstack_helm_endpoints_tempest_region_name }}"
         username: "tempest-{{ openstack_helm_endpoints_tempest_region_name }}"
         password: "{{ openstack_helm_endpoints_tempest_keystone_password }}"
+
+_openstack_helm_endpoints_container_infra:
+  identity:
+    auth:
+      magnum:
+        region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
+        username: "magnum-{{ openstack_helm_endpoints_magnum_region_name }}"
+        password: "{{ openstack_helm_endpoints_magnum_keystone_password }}"
+  container_infra:
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        host: "{{ openstack_helm_endpoints_magnum_api_host }}"
+    port:
+      api:
+        public: 443
+  container_infra_registry:
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        host: "{{ openstack_helm_endpoints_magnum_registry_host }}"
+    port:
+      api:
+        public: 443
+  oslo_db:
+    auth:
+      magnum:
+        password: "{{ openstack_helm_endpoints_magnum_mariadb_password }}"
+  oslo_messaging:
+    auth:
+      magnum:
+        password: "{{ openstack_helm_endpoints_magnum_rabbitmq_password }}"
diff --git a/roles/openstack_helm_magnum/defaults/main.yml b/roles/openstack_helm_magnum/defaults/main.yml
new file mode 100644
index 0000000..b693bc7
--- /dev/null
+++ b/roles/openstack_helm_magnum/defaults/main.yml
@@ -0,0 +1,34 @@
+---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
+# .. Copyright (C) 2022 VEXXHOST, Inc.
+# .. SPDX-License-Identifier: Apache-2.0
+
+# Default variables
+# =================
+
+# .. contents:: Sections
+#    :local:
+
+
+# .. envvar:: openstack_helm_magnum_images [[[
+#
+# List of images for magnum clusters
+openstack_helm_magnum_images:
+  - name: ubuntu-2004-v1.23.13
+    source_url: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/
+    image_file: ubuntu-2004-v1.23.13.qcow2
+    disk_format: qcow2
+    container_format: bare
+  - name: ubuntu-2004-v1.24.7
+    source_url: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/
+    image_file: ubuntu-2004-v1.24.7.qcow2
+    disk_format: qcow2
+    container_format: bare
+  - name: ubuntu-2004-v1.25.3
+    source_url: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/
+    image_file: ubuntu-2004-v1.25.3.qcow2
+    disk_format: qcow2
+    container_format: bare
+
+                                                                   # ]]]
diff --git a/roles/openstack_helm_magnum/meta/main.yml b/roles/openstack_helm_magnum/meta/main.yml
new file mode 100644
index 0000000..f2e80be
--- /dev/null
+++ b/roles/openstack_helm_magnum/meta/main.yml
@@ -0,0 +1,29 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+  author: VEXXHOST, Inc.
+  description: Ansible role for OpenStack Magnum
+  license: Apache-2.0
+  min_ansible_version: 5.5.0
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+
+dependencies:
+  - role: openstacksdk
+  - role: openstack_cli
+  - role: openstack_helm_barbican
+  - role: openstack_helm_octavia
diff --git a/roles/openstack_helm_magnum/tasks/main.yml b/roles/openstack_helm_magnum/tasks/main.yml
new file mode 100644
index 0000000..46e08e3
--- /dev/null
+++ b/roles/openstack_helm_magnum/tasks/main.yml
@@ -0,0 +1,366 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate OpenStack-Helm endpoints
+  ansible.builtin.include_role:
+    name: openstack_helm_endpoints
+  vars:
+    openstack_helm_endpoints_repo_name: openstack-helm
+    openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/
+    openstack_helm_endpoints_chart: magnum
+
+- name: Deploy Helm chart
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      - apiVersion: v1
+        kind: PersistentVolumeClaim
+        metadata:
+          labels:
+            application: magnum
+            component: registry
+          name: magnum-registry
+          namespace: openstack
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 50Gi
+          storageClassName: general
+
+      - apiVersion: apps/v1
+        kind: Deployment
+        metadata:
+          labels:
+            application: magnum
+            component: registry
+          name: magnum-registry
+          namespace: openstack
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              application: magnum
+              component: registry
+          strategy:
+            type: Recreate
+          template:
+            metadata:
+              labels:
+                application: magnum
+                component: registry
+            spec:
+              containers:
+                - name: registry
+                  env:
+                    - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
+                      value: /var/lib/registry
+                    - name: REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED
+                      value: "true"
+                  image: docker.io/library/registry:2.7.1
+                  ports:
+                    - containerPort: 5000
+                      name: registry
+                      protocol: TCP
+                  livenessProbe:
+                    httpGet:
+                      path: /
+                      port: 5000
+                      scheme: HTTP
+                  readinessProbe:
+                    httpGet:
+                      path: /
+                      port: 5000
+                      scheme: HTTP
+                  volumeMounts:
+                    - mountPath: /var/lib/registry
+                      name: magnum-registry
+              nodeSelector:
+                openstack-control-plane: enabled
+              volumes:
+                - name: magnum-registry
+                  persistentVolumeClaim:
+                    claimName: magnum-registry
+
+      - apiVersion: v1
+        kind: Service
+        metadata:
+          labels:
+            application: magnum
+            component: registry
+          name: magnum-registry
+          namespace: openstack
+        spec:
+          ports:
+            - name: magnum
+              port: 5000
+              protocol: TCP
+              targetPort: 5000
+          selector:
+            application: magnum
+            component: registry
+          type: ClusterIP
+
+      - apiVersion: batch/v1
+        kind: Job
+        metadata:
+          labels:
+            application: magnum
+            component: registry
+          name: magnum-registry-init
+          namespace: openstack
+        spec:
+          backoffLimit: 5
+          template:
+            metadata:
+              labels:
+                application: magnum
+            spec:
+              restartPolicy: OnFailure
+              containers:
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/calico/cni:v3.13.1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/cni:v3.13.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-cni-v3-13-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/calico/kube-controllers:v3.13.1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/kube-controllers:v3.13.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-kube-controllers-v3-13-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/calico/node:v3.13.1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/node:v3.13.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-node-v3-13-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/calico/pod2daemon-flexvol:v3.13.1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/pod2daemon-flexvol:v3.13.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-pod2daemon-flexvol-v3-13-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/coredns/coredns:1.6.6
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/coredns:1.6.6
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-coredns-1-6-6
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/k8scloudprovider/cinder-csi-plugin:v1.18.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/cinder-csi-plugin:v1.18.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-cinder-csi-plugin-v1-18-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/k8scloudprovider/k8s-keystone-auth:v1.18.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/k8s-keystone-auth:v1.18.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-k8s-keystone-auth-v1-18-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/k8scloudprovider/magnum-auto-healer:v1.18.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/magnum-auto-healer:v1.18.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-magnum-auto-healer-v1-18-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.18.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/openstack-cloud-controller-manager:v1.18.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-openstack-cloud-controller-manager-v1-18-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/kubernetesui/dashboard:v2.0.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/dashboard:v2.0.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-dashboard-v2-0-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/kubernetesui/metrics-scraper:v1.0.4
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/metrics-scraper:v1.0.4
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-metrics-scraper-v1-0-4
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/openstackmagnum/cluster-autoscaler:v1.22.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/cluster-autoscaler:v1.22.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-cluster-autoscaler-v1-22-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/openstackmagnum/heat-container-agent:wallaby-stable-1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/heat-container-agent:wallaby-stable-1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-heat-container-agent-wallaby-stable-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/planetlabs/draino:abf028a
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/draino:abf028a
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-draino-abf028a
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/rancher/hyperkube:v1.19.11-rancher1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/hyperkube:v1.19.11
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-hyperkube-v1-19-11
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/rancher/hyperkube:v1.20.7-rancher1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/hyperkube:v1.20.7
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-hyperkube-v1-20-7
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://docker.io/rancher/hyperkube:v1.21.1-rancher1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/hyperkube:v1.21.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-hyperkube-v1-21-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.2
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/cluster-proportional-autoscaler-amd64:1.1.2
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-cluster-proportional-autoscaler-amd64-1-1-2
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://gcr.io/google_containers/metrics-server-amd64:v0.3.5
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/metrics-server-amd64:v0.3.5
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-metrics-server-amd64-v0-3-5
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://gcr.io/google_containers/node-problem-detector:v0.6.2
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/node-problem-detector:v0.6.2
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-node-problem-detector-v0-6-2
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://gcr.io/google_containers/pause:3.1
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/pause:3.1
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-pause-3-1
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/coreos/etcd:v3.4.6
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/etcd:v3.4.6
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-etcd-v3-4-6
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/k8scsi/csi-attacher:v2.0.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/csi-attacher:v2.0.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-csi-attacher-v2-0-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/csi-node-driver-registrar:v1.1.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-csi-node-driver-registrar-v1-1-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/k8scsi/csi-provisioner:v1.4.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/csi-provisioner:v1.4.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-csi-provisioner-v1-4-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/k8scsi/csi-resizer:v0.3.0
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/csi-resizer:v0.3.0
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-csi-resizer-v0-3-0
+                - args:
+                    - copy
+                    - --dest-tls-verify=false
+                    - docker://quay.io/k8scsi/csi-snapshotter:v1.2.2
+                    - docker://magnum-registry.openstack.svc.cluster.local:5000/magnum/csi-snapshotter:v1.2.2
+                  image: quay.io/skopeo/stable:latest
+                  name: magnum-csi-snapshotter-v1-2-2
+              nodeSelector:
+                openstack-control-plane: enabled
+
+- name: Create magnum registry Ingress
+  ansible.builtin.include_role:
+    name: openstack_helm_ingress
+  vars:
+    openstack_helm_ingress_endpoint: container_infra_registry
+    openstack_helm_ingress_service_name: magnum-registry
+    openstack_helm_ingress_service_port: 5000
+
+- name: Create k8s images
+  when: openstack_helm_magnum_images | length > 0
+  block:
+    - name: Wait until image service ready
+      kubernetes.core.k8s_info:
+        api_version: apps/v1
+        kind: Deployment
+        name: glance-api
+        namespace: openstack
+        wait_sleep: 10
+        wait_timeout: 600
+        wait: true
+        wait_condition:
+          type: Available
+          status: true
+
+    - name: Download images
+      ansible.builtin.get_url:
+        url: "{{ item.source_url | regex_replace('\\/$', '') }}/{{ item.image_file }}"
+        dest: "/tmp/{{ item.image_file }}"
+        mode: "0600"
+      loop: "{{ openstack_helm_magnum_images }}"
+
+    - name: Upload images
+      openstack.cloud.image:
+        cloud: atmosphere
+        name: "{{ item.name }}"
+        state: present
+        filename: "/tmp/{{ item.image_file }}"
+        container_format: "{{ item.container_format | default(omit) }}"
+        disk_format: "{{ item.disk_format | default(omit) }}"
+        properties:
+          os_distro: ubuntu-focal
+      loop: "{{ openstack_helm_magnum_images }}"