chore: Migrate cluster-api from atmosphere operator to ansible role
diff --git a/roles/cluster_api/README.md b/roles/cluster_api/README.md
new file mode 100644
index 0000000..a3d22cd
--- /dev/null
+++ b/roles/cluster_api/README.md
@@ -0,0 +1 @@
+# `cluster-api`
diff --git a/roles/cluster_api/meta/main.yml b/roles/cluster_api/meta/main.yml
new file mode 100644
index 0000000..d82cd11
--- /dev/null
+++ b/roles/cluster_api/meta/main.yml
@@ -0,0 +1,27 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for Cluster API
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ standalone: false
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+
+dependencies:
+ - role: defaults
diff --git a/roles/cluster_api/tasks/main.yml b/roles/cluster_api/tasks/main.yml
new file mode 100644
index 0000000..d56ada6
--- /dev/null
+++ b/roles/cluster_api/tasks/main.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy resources
+ kubernetes.core.k8s:
+ kubeconfig: /etc/kubernetes/admin.conf
+ state: present
+ template:
+ - path: 'templates/capi-bootstrap.yml'
+ - path: 'templates/capi-control-plane.yml'
+ - path: 'templates/capi-core.yml'
+ - path: 'templates/capi-provider.yml'
+ - path: 'templates/capi-rbac.yml'
+ run_once: true
diff --git a/roles/cluster_api/templates/capi-bootstrap.yml b/roles/cluster_api/templates/capi-bootstrap.yml
new file mode 100644
index 0000000..a4e0bc1
--- /dev/null
+++ b/roles/cluster_api/templates/capi-bootstrap.yml
@@ -0,0 +1,6570 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-bootstrap-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1alpha4: v1alpha4
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmconfigs.bootstrap.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmConfig
+ listKind: KubeadmConfigList
+ plural: kubeadmconfigs
+ singular: kubeadmconfig
+ scope: Namespaced
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined
+ or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or look
+ for all required certificates. NB: if not provided, this will
+ default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address or
+ DNS name for the control plane; it can be a valid IP address
+ or a RFC-1123 DNS subdomain, both with optional TCP port. In
+ case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+ + BindPort are used; in case the ControlPlaneEndpoint is specified
+ but without a TCP port, the BindPort is used. Possible usages
+ are: e.g. In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external load
+ balancer in front of the control plane instances. e.g. in environments
+ with enforced node recycling, the ControlPlaneEndpoint could
+ be used for assigning a stable DNS to the control plane. NB:
+ This value defaults to the first value in the Cluster object
+ status.apiEndpoints array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. if not set, the ImageRepository defined
+ in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically
+ the version of the above components during upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This value
+ defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file used
+ to secure etcd communication. Required if using a TLS
+ connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided to
+ the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to pull
+ images from. If empty, `k8s.gcr.io` will be used by default;
+ in case of kubernetes version is a CI build (kubernetes version
+ starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and for
+ kube-proxy, while `k8s.gcr.io` will be used for all the other
+ images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the control
+ plane. NB: This value defaults to the Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the Cluster
+ object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If unset,
+ the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+ if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should be
+ used for Kubernetes components instead of their respective separate
+ images
+ type: boolean
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing file
+ system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used for
+ Microsoft Azure that instructs cloud-init to replace a
+ file system of <FS_TYPE>. NOTE: unless you define a label,
+ this requires the use of the ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If it is
+ true, a single partition will be created for the entire
+ device. When layout is false, it means don't partition
+ or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default and
+ setups a MS-DOS partition table ''gpt'': setups a GPT
+ partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init` time
+ and describes a set of Bootstrap Tokens to create. This information
+ IS NOT uploaded to the kubeadm cluster configmap, partly because
+ of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message why
+ this token exists and what it's used for, so other administrators
+ can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this token
+ expires. Defaults to being set dynamically at runtime
+ based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that this
+ token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this token
+ can be used. Can by default be used for establishing bidirectional
+ trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the API
+ server instance that's deployed on this control plane node In
+ HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to each
+ individual API server. This configuration object lets you customize
+ what IP/DNS name and port the local API server advertises it's
+ accessible on. By default, kubeadm tries to auto-detect the
+ IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API Server
+ to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: {}` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate authority
+ used to secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+ there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no additional
+ control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when there
+ is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options for
+ bootstrap token based discovery BootstrapToken and File
+ are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public key
+ pins to verify when token-based discovery is used. The
+ root CA found during discovery must match one of these
+ values. Specifying an empty set disables root CA pinning,
+ which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject Public
+ Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: File is used to specify a file or URL to a kubeconfig
+ file from which to load cluster information BootstrapToken
+ and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: 'TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+ but can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain any
+ other authentication information TODO: revisit when there
+ is defaulting from k/k'
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: {}` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+ with a shell script with retries for joins. \n This is meant to
+ be an experimental temporary workaround on some environments where
+ joins fail due to timing (and other issues). The long term goal
+ is to add retries to kubeadm proper and use that functionality.
+ \n This will add about 40KB to userdata \n For more information,
+ refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ bootstrapData:
+ description: "BootstrapData will be a cloud-init script for now. \n
+ Deprecated: Switch to DataSecretName."
+ format: byte
+ type: string
+ conditions:
+ description: Conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined
+ or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or look
+ for all required certificates. NB: if not provided, this will
+ default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address or
+ DNS name for the control plane; it can be a valid IP address
+ or a RFC-1123 DNS subdomain, both with optional TCP port. In
+ case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+ + BindPort are used; in case the ControlPlaneEndpoint is specified
+ but without a TCP port, the BindPort is used. Possible usages
+ are: e.g. In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external load
+ balancer in front of the control plane instances. e.g. in environments
+ with enforced node recycling, the ControlPlaneEndpoint could
+ be used for assigning a stable DNS to the control plane. NB:
+ This value defaults to the first value in the Cluster object
+ status.apiEndpoints array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. if not set, the ImageRepository defined
+ in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically
+ the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This value
+ defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file used
+ to secure etcd communication. Required if using a TLS
+ connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided to
+ the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to pull
+ images from. If empty, `registry.k8s.io` will be used by default;
+ in case of kubernetes version is a CI build (kubernetes version
+ starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and for
+ kube-proxy, while `registry.k8s.io` will be used for all the
+ other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the control
+ plane. NB: This value defaults to the Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the Cluster
+ object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If unset,
+ the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+ if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing file
+ system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used for
+ Microsoft Azure that instructs cloud-init to replace a
+ file system of <FS_TYPE>. NOTE: unless you define a label,
+ this requires the use of the ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If it is
+ true, a single partition will be created for the entire
+ device. When layout is false, it means don't partition
+ or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default and
+ setups a MS-DOS partition table ''gpt'': setups a GPT
+ partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init` time
+ and describes a set of Bootstrap Tokens to create. This information
+ IS NOT uploaded to the kubeadm cluster configmap, partly because
+ of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message why
+ this token exists and what it's used for, so other administrators
+ can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this token
+ expires. Defaults to being set dynamically at runtime
+ based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that this
+ token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this token
+ can be used. Can by default be used for establishing bidirectional
+ trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the API
+ server instance that's deployed on this control plane node In
+ HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to each
+ individual API server. This configuration object lets you customize
+ what IP/DNS name and port the local API server advertises it's
+ accessible on. By default, kubeadm tries to auto-detect the
+ IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API Server
+ to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: {}` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate authority
+ used to secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+ there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no additional
+ control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when there
+ is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options for
+ bootstrap token based discovery BootstrapToken and File
+ are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public key
+ pins to verify when token-based discovery is used. The
+ root CA found during discovery must match one of these
+ values. Specifying an empty set disables root CA pinning,
+ which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject Public
+ Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL to a kubeconfig
+ file from which to load cluster information BootstrapToken
+ and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+ but can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain any
+ other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: {}` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+ with a shell script with retries for joins. \n This is meant to
+ be an experimental temporary workaround on some environments where
+ joins fail due to timing (and other issues). The long term goal
+ is to add retries to kubeadm proper and use that functionality.
+ \n This will add about 40KB to userdata \n For more information,
+ refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+ name: Cluster
+ type: string
+ - description: Time duration since creation of KubeadmConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfig is the Schema for the kubeadmconfigs API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be defined
+ or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API server
+ control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout that
+ we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or look
+ for all required certificates. NB: if not provided, this will
+ default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address or
+ DNS name for the control plane; it can be a valid IP address
+ or a RFC-1123 DNS subdomain, both with optional TCP port. In
+ case the ControlPlaneEndpoint is not specified, the AdvertiseAddress
+ + BindPort are used; in case the ControlPlaneEndpoint is specified
+ but without a TCP port, the BindPort is used. Possible usages
+ are: e.g. In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external load
+ balancer in front of the control plane instances. e.g. in environments
+ with enforced node recycling, the ControlPlaneEndpoint could
+ be used for assigning a stable DNS to the control plane. NB:
+ This value defaults to the first value in the Cluster object
+ status.apiEndpoints array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for the
+ controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. if not set, the ImageRepository defined
+ in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the image.
+ In case this value is set, kubeadm does not change automatically
+ the version of the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This value
+ defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file used
+ to secure etcd communication. Required if using a TLS
+ connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided to
+ the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to pull
+ images from. If empty, `registry.k8s.io` will be used by default;
+ in case of kubernetes version is a CI build (kubernetes version
+ starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and for
+ kube-proxy, while `registry.k8s.io` will be used for all the
+ other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the control
+ plane. NB: This value defaults to the Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the Cluster
+ object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If unset,
+ the API server will not allocate CIDR ranges for every node.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.services.cidrBlocks if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster object's
+ spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12"
+ if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass to
+ the control plane component. TODO: This is temporary and
+ ideally we would like to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that will
+ be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod where
+ hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems to
+ setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add to the
+ command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to be
+ used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing file
+ system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any", "none",
+ and <NUM>, where NUM is the actual partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used for
+ Microsoft Azure that instructs cloud-init to replace a
+ file system of <FS_TYPE>. NOTE: unless you define a label,
+ this requires the use of the ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions to
+ setup.
+ items:
+ description: Partition defines how to create and layout a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If it is
+ true, a single partition will be created for the entire
+ device. When layout is false, it means don't partition
+ or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default and
+ setups a MS-DOS partition table ''gpt'': setups a GPT
+ partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files in
+ cloud-init.
+ properties:
+ append:
+ description: Append specifies whether to append Content to existing
+ file if Path exists.
+ type: boolean
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content to
+ populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should populate
+ this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file, e.g.
+ "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where to store
+ the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: Ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: ContainerLinuxConfig contains CLC specific configuration.
+ properties:
+ additionalConfig:
+ description: "AdditionalConfig contains additional configuration
+ to be merged with the Ignition configuration generated by
+ the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+ \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+ type: string
+ strict:
+ description: Strict controls if AdditionalConfig should be
+ strictly parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration are
+ the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init` time
+ and describes a set of Bootstrap Tokens to create. This information
+ IS NOT uploaded to the kubeadm cluster configmap, partly because
+ of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token, stored
+ as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message why
+ this token exists and what it's used for, so other administrators
+ can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this token
+ expires. Defaults to being set dynamically at runtime
+ based on the TTL. Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that this
+ token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this token
+ can be used. Can by default be used for establishing bidirectional
+ trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the API
+ server instance that's deployed on this control plane node In
+ HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to each
+ individual API server. This configuration object lets you customize
+ what IP/DNS name and port the local API server advertises it's
+ accessible on. By default, kubeadm tries to auto-detect the
+ IP of the default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for the
+ API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API Server
+ to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: []` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying patches
+ to components deployed by kubeadm during "kubeadm init". The
+ minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that contains
+ files named "target[suffix][+patchtype].extension". For
+ example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+ "target" can be one of "kube-apiserver", "kube-controller-manager",
+ "kube-scheduler", "etcd". "patchtype" can be one of "strategic"
+ "merge" or "json" and they match the patch formats supported
+ by kubectl. The default "patchtype" is "strategic". "extension"
+ must be either "json" or "yaml". "suffix" is an optional
+ string that can be used to determine which patches are applied
+ first alpha-numerically. These files can be written into
+ the target directory via KubeadmConfig.Files which specifies
+ additional files to be created on the machine, either with
+ content inline or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during command
+ execution. The list of phases can be obtained with the "kubeadm
+ init --help" command. This option takes effect only on Kubernetes
+ >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for the
+ join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate authority
+ used to secure comunications between node and control-plane.
+ Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when
+ there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no additional
+ control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when there
+ is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options for
+ bootstrap token based discovery BootstrapToken and File
+ are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain name
+ to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public key
+ pins to verify when token-based discovery is used. The
+ root CA found during discovery must match one of these
+ values. Specifying an empty set disables root CA pinning,
+ which can be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject Public
+ Key Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL to a kubeconfig
+ file from which to load cluster information BootstrapToken
+ and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the actual
+ file path or URL to the kubeconfig file from which to
+ load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for TLS bootstrapping.
+ If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token,
+ but can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain any
+ other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to registering
+ the new control-plane node to the cluster. When used in the
+ context of control plane nodes, NodeRegistration should remain
+ consistent across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node API
+ object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of pre-flight
+ errors to be ignored when the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the kubelet
+ command line via the environment file kubeadm writes at
+ runtime for the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X ConfigMap
+ Flags have higher priority when parsing. These values are
+ local and specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the Node
+ API object that will be created in this `kubeadm init` or
+ `kubeadm join` operation. This field is also used in the
+ CommonName field of the kubelet's client certificate to
+ the API server. Defaults to the hostname of the node if
+ not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API object
+ should be registered with. If this field is unset, i.e.
+ nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}. If
+ you don''t want to taint your control-plane node, set this
+ field to an empty slice, i.e. `taints: []` in the YAML file.
+ This field is solely used for Node registration.'
+ items:
+ description: The node this Taint is attached to has the
+ "effect" on any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on pods
+ that do not tolerate the taint. Valid effects are
+ NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying patches
+ to components deployed by kubeadm during "kubeadm join". The
+ minimum kubernetes version needed to support Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that contains
+ files named "target[suffix][+patchtype].extension". For
+ example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+ "target" can be one of "kube-apiserver", "kube-controller-manager",
+ "kube-scheduler", "etcd". "patchtype" can be one of "strategic"
+ "merge" or "json" and they match the patch formats supported
+ by kubectl. The default "patchtype" is "strategic". "extension"
+ must be either "json" or "yaml". "suffix" is an optional
+ string that can be used to determine which patches are applied
+ first alpha-numerically. These files can be written into
+ the target directory via KubeadmConfig.Files which specifies
+ additional files to be created on the machine, either with
+ content inline or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during command
+ execution. The list of phases can be obtained with the "kubeadm
+ init --help" command. This option takes effect only on Kubernetes
+ >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run after
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run before
+ kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm command
+ with a shell script with retries for joins. \n This is meant to
+ be an experimental temporary workaround on some environments where
+ joins fail due to timing (and other issues). The long term goal
+ is to add retries to kubeadm proper and use that functionality.
+ \n This will add about 40KB to userdata \n For more information,
+ refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ \n Deprecated: This experimental fix is no longer needed and this
+ field will be removed in a future release. When removing also remove
+ from staticcheck exclude-rules for SA1019 in golangci.yml"
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for the
+ user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use for
+ the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user as
+ inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the user
+ type: string
+ passwdFrom:
+ description: PasswdFrom is a referenced source of passwd to
+ populate the passwd.
+ properties:
+ secret:
+ description: Secret represents a secret that should populate
+ this password.
+ properties:
+ key:
+ description: Key is the key in the secret's data map
+ for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for the
+ user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level verbosity.
+ It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ status:
+ description: KubeadmConfigStatus defines the observed state of KubeadmConfig.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the KubeadmConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script.
+ type: string
+ failureMessage:
+ description: FailureMessage will be set on non-retryable errors
+ type: string
+ failureReason:
+ description: FailureReason will be set on non-retryable errors
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready indicates the BootstrapData field is ready to be
+ consumed
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1alpha4: v1alpha4
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: bootstrap.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmConfigTemplate
+ listKind: KubeadmConfigTemplateList
+ plural: kubeadmconfigtemplates
+ singular: kubeadmconfigtemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be
+ defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store
+ or look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid
+ IP address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the
+ ControlPlaneEndpoint is specified but without a TCP
+ port, the BindPort is used. Possible usages are: e.g.
+ In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external
+ load balancer in front of the control plane instances.
+ e.g. in environments with enforced node recycling,
+ the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to
+ an external etcd cluster Local and External are
+ mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to
+ secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for
+ configuring the local etcd instance Local and External
+ are mutually exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will
+ place its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static
+ pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set, the
+ ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag
+ for the image. In case this value is set, kubeadm
+ does not change automatically the version of
+ the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. If empty, `k8s.gcr.io` will be
+ used by default; in case of kubernetes version is a
+ CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+ `gcr.io/k8s-staging-ci-images` will be used as a default
+ for control plane components and for kube-proxy, while
+ `k8s.gcr.io` will be used for all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version
+ of the control plane. NB: This value defaults to the
+ Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to
+ the Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR
+ ranges for every node. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s
+ services. Defaults to a comma-delimited string of
+ the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+ or to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should
+ be used for Kubernetes components instead of their respective
+ separate images
+ type: boolean
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: Label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to
+ overwrite any existing filesystem. If true, any
+ pre-existing file system will be destroyed. Use
+ with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive,
+ used for Microsoft Azure that instructs cloud-init
+ to replace a file system of <FS_TYPE>. NOTE: unless
+ you define a label, this requires the use of the
+ ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout.
+ If it is true, a single partition will be created
+ for the entire device. When layout is false, it
+ means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip
+ checks and create the partition if a partition
+ or filesystem is found on the device. Use with
+ caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm
+ init` time and describes a set of Bootstrap Tokens to
+ create. This information IS NOT uploaded to the kubeadm
+ cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for,
+ so other administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when
+ this token expires. Defaults to being set dynamically
+ at runtime based on the TTL. Expires and TTL are
+ mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for
+ authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for
+ joining nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this
+ token. Defaults to 24h. Expires and TTL are mutually
+ exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which
+ this token can be used. Can by default be used
+ for establishing bidirectional trust, but that
+ can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance that's deployed on this control
+ plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global
+ endpoint for the cluster, which then loadbalances the
+ requests to each individual API server. This configuration
+ object lets you customize what IP/DNS name and port
+ the local API server advertises it's accessible on.
+ By default, kubeadm tries to auto-detect the IP of the
+ default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ {}` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node
+ and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control
+ plane instance to be deployed on the joining node. If
+ nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for
+ the API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the
+ kubelet to use during the TLS Bootstrap process TODO:
+ revisit when there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken
+ and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of
+ public key pins to verify when token-based discovery
+ is used. The root CA found during discovery
+ must match one of these values. Specifying an
+ empty set disables root CA pinning, which can
+ be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject
+ Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using,
+ for example, OpenSSL: openssl x509 -pubkey -in
+ ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+ | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate
+ cluster information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since
+ other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: File is used to specify a file or URL
+ to a kubeconfig file from which to load cluster
+ information BootstrapToken and File are mutually
+ exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: 'TLSBootstrapToken is a token used for
+ TLS bootstrapping. If .BootstrapToken is set, this
+ field is defaulted to .BootstrapToken.Token, but
+ can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain
+ any other authentication information TODO: revisit
+ when there is defaulting from k/k'
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ {}` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and
+ use that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: Groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for
+ the user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfigTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be
+ defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store
+ or look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid
+ IP address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the
+ ControlPlaneEndpoint is specified but without a TCP
+ port, the BindPort is used. Possible usages are: e.g.
+ In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external
+ load balancer in front of the control plane instances.
+ e.g. in environments with enforced node recycling,
+ the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to
+ an external etcd cluster Local and External are
+ mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to
+ secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for
+ configuring the local etcd instance Local and External
+ are mutually exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will
+ place its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static
+ pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set, the
+ ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag
+ for the image. In case this value is set, kubeadm
+ does not change automatically the version of
+ the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. If empty, `registry.k8s.io` will
+ be used by default; in case of kubernetes version is
+ a CI build (kubernetes version starts with `ci/` or
+ `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be
+ used as a default for control plane components and for
+ kube-proxy, while `registry.k8s.io` will be used for
+ all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version
+ of the control plane. NB: This value defaults to the
+ Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to
+ the Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR
+ ranges for every node. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s
+ services. Defaults to a comma-delimited string of
+ the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+ or to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: Label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to
+ overwrite any existing filesystem. If true, any
+ pre-existing file system will be destroyed. Use
+ with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive,
+ used for Microsoft Azure that instructs cloud-init
+ to replace a file system of <FS_TYPE>. NOTE: unless
+ you define a label, this requires the use of the
+ ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout.
+ If it is true, a single partition will be created
+ for the entire device. When layout is false, it
+ means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip
+ checks and create the partition if a partition
+ or filesystem is found on the device. Use with
+ caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm
+ init` time and describes a set of Bootstrap Tokens to
+ create. This information IS NOT uploaded to the kubeadm
+ cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for,
+ so other administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when
+ this token expires. Defaults to being set dynamically
+ at runtime based on the TTL. Expires and TTL are
+ mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for
+ authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for
+ joining nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this
+ token. Defaults to 24h. Expires and TTL are mutually
+ exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which
+ this token can be used. Can by default be used
+ for establishing bidirectional trust, but that
+ can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance that's deployed on this control
+ plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global
+ endpoint for the cluster, which then loadbalances the
+ requests to each individual API server. This configuration
+ object lets you customize what IP/DNS name and port
+ the local API server advertises it's accessible on.
+ By default, kubeadm tries to auto-detect the IP of the
+ default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ {}` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node
+ and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control
+ plane instance to be deployed on the joining node. If
+ nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for
+ the API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the
+ kubelet to use during the TLS Bootstrap process TODO:
+ revisit when there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken
+ and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of
+ public key pins to verify when token-based discovery
+ is used. The root CA found during discovery
+ must match one of these values. Specifying an
+ empty set disables root CA pinning, which can
+ be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject
+ Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using,
+ for example, OpenSSL: openssl x509 -pubkey -in
+ ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+ | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate
+ cluster information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since
+ other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL
+ to a kubeconfig file from which to load cluster
+ information BootstrapToken and File are mutually
+ exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for
+ TLS bootstrapping. If .BootstrapToken is set, this
+ field is defaulted to .BootstrapToken.Token, but
+ can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain
+ any other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ {}` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and
+ use that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: Groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for
+ the user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmConfigTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate.
+ properties:
+ template:
+ description: KubeadmConfigTemplateResource defines the Template structure.
+ properties:
+ spec:
+ description: KubeadmConfigSpec defines the desired state of KubeadmConfig.
+ Either ClusterConfiguration and InitConfiguration should be
+ defined or the JoinConfiguration should be defined.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the
+ API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store
+ or look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid
+ IP address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the
+ ControlPlaneEndpoint is specified but without a TCP
+ port, the BindPort is used. Possible usages are: e.g.
+ In a cluster with more than one control plane instances,
+ this field should be assigned the address of the external
+ load balancer in front of the control plane instances.
+ e.g. in environments with enforced node recycling,
+ the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to
+ an external etcd cluster Local and External are
+ mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to
+ secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for
+ configuring the local etcd instance Local and External
+ are mutually exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will
+ place its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static
+ pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set, the
+ ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag
+ for the image. In case this value is set, kubeadm
+ does not change automatically the version of
+ the above components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. If empty, `registry.k8s.io` will
+ be used by default; in case of kubernetes version is
+ a CI build (kubernetes version starts with `ci/` or
+ `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be
+ used as a default for control plane components and for
+ kube-proxy, while `registry.k8s.io` will be used for
+ all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version
+ of the control plane. NB: This value defaults to the
+ Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to
+ the Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s
+ services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR
+ ranges for every node. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s
+ services. Defaults to a comma-delimited string of
+ the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+ or to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the
+ scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to
+ pass to the control plane component. TODO: This
+ is temporary and ideally we would like to switch
+ all components to use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host
+ that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the
+ pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod
+ template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to
+ be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to
+ add to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: Label specifies the file system label
+ to be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to
+ overwrite any existing filesystem. If true, any
+ pre-existing file system will be destroyed. Use
+ with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition
+ to use. The valid options are: "auto|any", "auto",
+ "any", "none", and <NUM>, where NUM is the actual
+ partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive,
+ used for Microsoft Azure that instructs cloud-init
+ to replace a file system of <FS_TYPE>. NOTE: unless
+ you define a label, this requires the use of the
+ ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout.
+ If it is true, a single partition will be created
+ for the entire device. When layout is false, it
+ means don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip
+ checks and create the partition if a partition
+ or filesystem is found on the device. Use with
+ caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: Append specifies whether to append Content
+ to existing file if Path exists.
+ type: boolean
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the
+ file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to
+ assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: Ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: ContainerLinuxConfig contains CLC specific
+ configuration.
+ properties:
+ additionalConfig:
+ description: "AdditionalConfig contains additional
+ configuration to be merged with the Ignition configuration
+ generated by the bootstrapper controller. More info:
+ https://coreos.github.io/ignition/operator-notes/#config-merging
+ \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+ type: string
+ strict:
+ description: Strict controls if AdditionalConfig should
+ be strictly parsed. If so, warnings are treated
+ as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm
+ init` time and describes a set of Bootstrap Tokens to
+ create. This information IS NOT uploaded to the kubeadm
+ cluster configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for,
+ so other administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when
+ this token expires. Defaults to being set dynamically
+ at runtime based on the TTL. Expires and TTL are
+ mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for
+ authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for
+ joining nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this
+ token. Defaults to 24h. Expires and TTL are mutually
+ exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which
+ this token can be used. Can by default be used
+ for establishing bidirectional trust, but that
+ can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance that's deployed on this control
+ plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global
+ endpoint for the cluster, which then loadbalances the
+ requests to each individual API server. This configuration
+ object lets you customize what IP/DNS name and port
+ the local API server advertises it's accessible on.
+ By default, kubeadm tries to auto-detect the IP of the
+ default interface and use that, but in case that process
+ fails you may set the desired value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ []` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during "kubeadm
+ init". The minimum kubernetes version needed to support
+ Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that
+ contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just
+ "etcd.json". "target" can be one of "kube-apiserver",
+ "kube-controller-manager", "kube-scheduler", "etcd".
+ "patchtype" can be one of "strategic" "merge" or
+ "json" and they match the patch formats supported
+ by kubectl. The default "patchtype" is "strategic".
+ "extension" must be either "json" or "yaml". "suffix"
+ is an optional string that can be used to determine
+ which patches are applied first alpha-numerically.
+ These files can be written into the target directory
+ via KubeadmConfig.Files which specifies additional
+ files to be created on the machine, either with
+ content inline or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during
+ command execution. The list of phases can be obtained
+ with the "kubeadm init --help" command. This option
+ takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal value,
+ and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node
+ and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control
+ plane instance to be deployed on the joining node. If
+ nil, no additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this
+ node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for
+ the API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the
+ kubelet to use during the TLS Bootstrap process TODO:
+ revisit when there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken
+ and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will
+ be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of
+ public key pins to verify when token-based discovery
+ is used. The root CA found during discovery
+ must match one of these values. Specifying an
+ empty set disables root CA pinning, which can
+ be unsafe. Each hash is specified as "<type>:<value>",
+ where the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the Subject
+ Public Key Info (SPKI) object in DER-encoded
+ ASN.1. These hashes can be calculated using,
+ for example, OpenSSL: openssl x509 -pubkey -in
+ ca.crt openssl rsa -pubin -outform der 2>&/dev/null
+ | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate
+ cluster information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since
+ other nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL
+ to a kubeconfig file from which to load cluster
+ information BootstrapToken and File are mutually
+ exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for
+ TLS bootstrapping. If .BootstrapToken is set, this
+ field is defaulted to .BootstrapToken.Token, but
+ can be overridden. If .File is set, this field **must
+ be set** in case the KubeConfigFile does not contain
+ any other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the
+ REST resource this object represents. Servers may infer
+ this from the endpoint the client submits requests to.
+ Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the cluster.
+ When used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration
+ and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice
+ of pre-flight errors to be ignored when the current
+ node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here are
+ passed to the kubelet command line via the environment
+ file kubeadm writes at runtime for the kubelet to
+ source. This overrides the generic base-level configuration
+ in the kubelet-config-1.X ConfigMap Flags have higher
+ priority when parsing. These values are local and
+ specific to the node kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of
+ the Node API object that will be created in this
+ `kubeadm init` or `kubeadm join` operation. This
+ field is also used in the CommonName field of the
+ kubelet's client certificate to the API server.
+ Defaults to the hostname of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node
+ API object should be registered with. If this field
+ is unset, i.e. nil, in the `kubeadm init` process
+ it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints:
+ []` in the YAML file. This field is solely used
+ for Node registration.'
+ items:
+ description: The node this Taint is attached to
+ has the "effect" on any pod that does not tolerate
+ the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint
+ on pods that do not tolerate the taint. Valid
+ effects are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at
+ which the taint was added. It is only written
+ for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to
+ the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during "kubeadm
+ join". The minimum kubernetes version needed to support
+ Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that
+ contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just
+ "etcd.json". "target" can be one of "kube-apiserver",
+ "kube-controller-manager", "kube-scheduler", "etcd".
+ "patchtype" can be one of "strategic" "merge" or
+ "json" and they match the patch formats supported
+ by kubectl. The default "patchtype" is "strategic".
+ "extension" must be either "json" or "yaml". "suffix"
+ is an optional string that can be used to determine
+ which patches are applied first alpha-numerically.
+ These files can be written into the target directory
+ via KubeadmConfig.Files which specifies additional
+ files to be created on the machine, either with
+ content inline or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during
+ command execution. The list of phases can be obtained
+ with the "kubeadm init --help" command. This option
+ takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be
+ setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to
+ run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and
+ use that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ \n Deprecated: This experimental fix is no longer needed
+ and this field will be removed in a future release. When
+ removing also remove from staticcheck exclude-rules for
+ SA1019 in golangci.yml"
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user
+ in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the
+ user
+ type: string
+ groups:
+ description: Groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to
+ use for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the
+ user as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login
+ should be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for
+ the user
+ type: string
+ passwdFrom:
+ description: PasswdFrom is a referenced source of passwd
+ to populate the passwd.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this password.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group
+ for the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh
+ authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-leader-election-role
+ namespace: capi-kubeadm-bootstrap-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - kubeadmconfigs
+ - kubeadmconfigs/finalizers
+ - kubeadmconfigs/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machinepools
+ - machinepools/status
+ - machines
+ - machines/status
+ - machinesets
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-leader-election-rolebinding
+ namespace: capi-kubeadm-bootstrap-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-kubeadm-bootstrap-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-kubeadm-bootstrap-system-capi-kubeadm-bootstrap-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-bootstrap-manager
+ namespace: capi-kubeadm-bootstrap-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-bootstrap-controller-manager
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --metrics-bind-addr=localhost:8080
+ - --feature-gates=MachinePool=false,KubeadmBootstrapFormatIgnition=false
+ - --bootstrap-token-ttl=15m
+ command:
+ - /manager
+ image: "{{ atmosphere_images['cluster_api_kubeadm_bootstrap_controller'] | vexxhost.atmosphere.docker_image('ref') }}"
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ serviceAccountName: capi-kubeadm-bootstrap-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-kubeadm-bootstrap-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-serving-cert
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ dnsNames:
+ - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc
+ - capi-kubeadm-bootstrap-webhook-service.capi-kubeadm-bootstrap-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-kubeadm-bootstrap-selfsigned-issuer
+ secretName: capi-kubeadm-bootstrap-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-selfsigned-issuer
+ namespace: capi-kubeadm-bootstrap-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+ failurePolicy: Fail
+ name: default.kubeadmconfig.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+ failurePolicy: Fail
+ name: default.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigtemplates
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-bootstrap-system/capi-kubeadm-bootstrap-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: bootstrap-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-bootstrap-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmconfig.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-bootstrap-webhook-service
+ namespace: capi-kubeadm-bootstrap-system
+ path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-kubeadmconfigtemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmconfigtemplate.bootstrap.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmconfigtemplates
+ sideEffects: None
diff --git a/roles/cluster_api/templates/capi-control-plane.yml b/roles/cluster_api/templates/capi-control-plane.yml
new file mode 100644
index 0000000..b867f3a
--- /dev/null
+++ b/roles/cluster_api/templates/capi-control-plane.yml
@@ -0,0 +1,6645 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-control-plane-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1alpha4: v1alpha4
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmControlPlane
+ listKind: KubeadmControlPlaneList
+ plural: kubeadmcontrolplanes
+ shortNames:
+ - kcp
+ singular: kubeadmcontrolplane
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ infrastructureTemplate:
+ description: InfrastructureTemplate is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ kubeadmConfigSpec:
+ description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+ and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or
+ look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid IP
+ address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+ is specified but without a TCP port, the BindPort is used.
+ Possible usages are: e.g. In a cluster with more than one
+ control plane instances, this field should be assigned the
+ address of the external load balancer in front of the control
+ plane instances. e.g. in environments with enforced node
+ recycling, the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ type:
+ description: Type defines the DNS add-on to be used
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. If empty, `k8s.gcr.io` will be used by
+ default; in case of kubernetes version is a CI build (kubernetes
+ version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and
+ for kube-proxy, while `k8s.gcr.io` will be used for all
+ the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the
+ control plane. NB: This value defaults to the Machine object
+ spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the
+ Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If
+ unset, the API server will not allocate CIDR ranges
+ for every node. Defaults to a comma-delimited string
+ of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster
+ object's spec.clusterNetwork.pods.cidrBlocks, or to
+ "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ useHyperKubeImage:
+ description: UseHyperKubeImage controls if hyperkube should
+ be used for Kubernetes components instead of their respective
+ separate images
+ type: boolean
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing
+ file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used
+ for Microsoft Azure that instructs cloud-init to replace
+ a file system of <FS_TYPE>. NOTE: unless you define
+ a label, this requires the use of the ''any'' partition
+ directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If
+ it is true, a single partition will be created for
+ the entire device. When layout is false, it means
+ don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default
+ is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init`
+ time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster
+ configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for, so other
+ administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this
+ token expires. Defaults to being set dynamically at
+ runtime based on the TTL. Expires and TTL are mutually
+ exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this
+ token can be used. Can by default be used for establishing
+ bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance that's deployed on this control plane
+ node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to
+ each individual API server. This configuration object lets
+ you customize what IP/DNS name and port the local API server
+ advertises it's accessible on. By default, kubeadm tries
+ to auto-detect the IP of the default interface and use that,
+ but in case that process fails you may set the desired value
+ here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: {}`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node and
+ control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no
+ additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ required:
+ - advertiseAddress
+ - bindPort
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when
+ there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken and
+ File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public
+ key pins to verify when token-based discovery is
+ used. The root CA found during discovery must match
+ one of these values. Specifying an empty set disables
+ root CA pinning, which can be unsafe. Each hash
+ is specified as "<type>:<value>", where the only
+ currently supported type is "sha256". This is a
+ hex-encoded SHA-256 hash of the Subject Public Key
+ Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ - unsafeSkipCAVerification
+ type: object
+ file:
+ description: File is used to specify a file or URL to
+ a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: 'TLSBootstrapToken is a token used for TLS
+ bootstrapping. If .BootstrapToken is set, this field
+ is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case
+ the KubeConfigFile does not contain any other authentication
+ information TODO: revisit when there is defaulting from
+ k/k'
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: {}`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and use
+ that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the
+ user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that the
+ controller will spend on draining a controlplane node The default
+ value is 0, meaning that the node can be drained without any time
+ limitations. NOTE: NodeDrainTimeout is different from `kubectl drain
+ --timeout`'
+ type: string
+ replicas:
+ description: Number of desired machines. Defaults to 1. When stacked
+ etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutStrategy:
+ description: The RolloutStrategy to use to replace control plane machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if RolloutStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of control planes that can
+ be scheduled above or under the desired number of control
+ planes. Value can be an absolute number 1 or 0. Defaults
+ to 1. Example: when this is set to 1, the control plane
+ can be scaled up immediately when the rolling update starts.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of rollout. Currently the only supported strategy
+ is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ upgradeAfter:
+ description: UpgradeAfter is a field to indicate an upgrade should
+ be performed after the specified time even if no changes have been
+ made to the KubeadmControlPlane
+ format: date-time
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ type: string
+ required:
+ - infrastructureTemplate
+ - kubeadmConfigSpec
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: ErrorMessage indicates that there is a terminal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a terminal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ initialized:
+ description: Initialized denotes whether or not the control plane
+ has the uploaded kubeadm-config configmap.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready denotes that the KubeadmControlPlane API Server
+ is ready to receive requests.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the label selector in string format to avoid
+ introspection by clients, and is used to provide the CRD-based integration
+ for the scale subresource and additional integrations for things
+ like kubectl describe.. The string will be in the same format as
+ the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ control plane. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet ready or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlane
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+ and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or
+ look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid IP
+ address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+ is specified but without a TCP port, the BindPort is used.
+ Possible usages are: e.g. In a cluster with more than one
+ control plane instances, this field should be assigned the
+ address of the external load balancer in front of the control
+ plane instances. e.g. in environments with enforced node
+ recycling, the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. If empty, `registry.k8s.io` will be used
+ by default; in case of kubernetes version is a CI build
+ (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and
+ for kube-proxy, while `registry.k8s.io` will be used for
+ all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the
+ control plane. NB: This value defaults to the Machine object
+ spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the
+ Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If
+ unset, the API server will not allocate CIDR ranges
+ for every node. Defaults to a comma-delimited string
+ of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster
+ object's spec.clusterNetwork.pods.cidrBlocks, or to
+ "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing
+ file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used
+ for Microsoft Azure that instructs cloud-init to replace
+ a file system of <FS_TYPE>. NOTE: unless you define
+ a label, this requires the use of the ''any'' partition
+ directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If
+ it is true, a single partition will be created for
+ the entire device. When layout is false, it means
+ don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default
+ is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init`
+ time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster
+ configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for, so other
+ administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this
+ token expires. Defaults to being set dynamically at
+ runtime based on the TTL. Expires and TTL are mutually
+ exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this
+ token can be used. Can by default be used for establishing
+ bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance that's deployed on this control plane
+ node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to
+ each individual API server. This configuration object lets
+ you customize what IP/DNS name and port the local API server
+ advertises it's accessible on. By default, kubeadm tries
+ to auto-detect the IP of the default interface and use that,
+ but in case that process fails you may set the desired value
+ here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: {}`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node and
+ control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no
+ additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when
+ there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken and
+ File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public
+ key pins to verify when token-based discovery is
+ used. The root CA found during discovery must match
+ one of these values. Specifying an empty set disables
+ root CA pinning, which can be unsafe. Each hash
+ is specified as "<type>:<value>", where the only
+ currently supported type is "sha256". This is a
+ hex-encoded SHA-256 hash of the Subject Public Key
+ Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL to
+ a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for TLS
+ bootstrapping. If .BootstrapToken is set, this field
+ is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case
+ the KubeConfigFile does not contain any other authentication
+ information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: {}`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and use
+ that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the
+ user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: MachineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that
+ the controller will spend on draining a controlplane node The
+ default value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different from
+ `kubectl drain --timeout`'
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ replicas:
+ description: Number of desired machines. Defaults to 1. When stacked
+ etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: RolloutAfter is a field to indicate a rollout should
+ be performed after the specified time even if no changes have been
+ made to the KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: The RolloutStrategy to use to replace control plane machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if RolloutStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of control planes that can
+ be scheduled above or under the desired number of control
+ planes. Value can be an absolute number 1 or 0. Defaults
+ to 1. Example: when this is set to 1, the control plane
+ can be scaled up immediately when the rolling update starts.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of rollout. Currently the only supported strategy
+ is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: Version defines the desired Kubernetes version.
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: ErrorMessage indicates that there is a terminal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a terminal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ initialized:
+ description: Initialized denotes whether or not the control plane
+ has the uploaded kubeadm-config configmap.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready denotes that the KubeadmControlPlane API Server
+ is ready to receive requests.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the label selector in string format to avoid
+ introspection by clients, and is used to provide the CRD-based integration
+ for the scale subresource and additional integrations for things
+ like kubectl describe.. The string will be in the same format as
+ the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ control plane. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet ready or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane that have the desired template spec.
+ format: int32
+ type: integer
+ version:
+ description: Version represents the minimum Kubernetes version for
+ the control plane machines in the cluster.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name']
+ name: Cluster
+ type: string
+ - description: This denotes whether or not the control plane has the uploaded
+ kubeadm-config configmap
+ jsonPath: .status.initialized
+ name: Initialized
+ type: boolean
+ - description: KubeadmControlPlane API Server is ready to receive requests
+ jsonPath: .status.ready
+ name: API Server Available
+ type: boolean
+ - description: Total number of machines desired by this control plane
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of fully running and ready control plane machines
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this control
+ plane that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this control plane
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ - description: Time duration since creation of KubeadmControlPlane
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this control plane
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlane is the Schema for the KubeadmControlPlane
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: KubeadmConfigSpec is a KubeadmConfigSpec to use for initializing
+ and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for the API
+ server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative Names
+ for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the timeout
+ that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store or
+ look for all required certificates. NB: if not provided,
+ this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP address
+ or DNS name for the control plane; it can be a valid IP
+ address or a RFC-1123 DNS subdomain, both with optional
+ TCP port. In case the ControlPlaneEndpoint is not specified,
+ the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint
+ is specified but without a TCP port, the BindPort is used.
+ Possible usages are: e.g. In a cluster with more than one
+ control plane instances, this field should be assigned the
+ address of the external load balancer in front of the control
+ plane instances. e.g. in environments with enforced node
+ recycling, the ControlPlaneEndpoint could be used for assigning
+ a stable DNS to the control plane. NB: This value defaults
+ to the first value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings for
+ the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on installed
+ in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for the
+ image. In case this value is set, kubeadm does not change
+ automatically the version of the above components during
+ upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB: This
+ value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect to an external
+ etcd cluster Local and External are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate Authority
+ file used to secure etcd communication. Required
+ if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification file
+ used to secure etcd communication. Required if using
+ a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required for
+ ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used to secure
+ etcd communication. Required if using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs for configuring
+ the local etcd instance Local and External are mutually
+ exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd will place
+ its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments provided
+ to the etcd binary when run inside a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. if not set, the ImageRepository
+ defined in ClusterConfiguration will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag for
+ the image. In case this value is set, kubeadm does
+ not change automatically the version of the above
+ components during upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject Alternative
+ Names for the etcd peer signing cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject Alternative
+ Names for the etcd server signing cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry to
+ pull images from. If empty, `registry.k8s.io` will be used
+ by default; in case of kubernetes version is a CI build
+ (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images`
+ will be used as a default for control plane components and
+ for kube-proxy, while `registry.k8s.io` will be used for
+ all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version of the
+ control plane. NB: This value defaults to the Machine object
+ spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the networking
+ topology of the cluster. NB: This value defaults to the
+ Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used by k8s services.
+ Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods. If
+ unset, the API server will not allocate CIDR ranges
+ for every node. Defaults to a comma-delimited string
+ of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used by k8s services.
+ Defaults to a comma-delimited string of the Cluster
+ object's spec.clusterNetwork.pods.cidrBlocks, or to
+ "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for the scheduler
+ control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags to pass
+ to the control plane component. TODO: This is temporary
+ and ideally we would like to switch all components to
+ use ComponentConfig + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host volumes,
+ mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements describing
+ volumes that are mounted from the host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the host that
+ will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside the pod
+ where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access to the
+ volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation of partition
+ tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file systems
+ to setup.
+ items:
+ description: Filesystem defines the file systems to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options to add
+ to the command for creating the file system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system type.
+ type: string
+ label:
+ description: Label specifies the file system label to
+ be used. If set to None, no label is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not to overwrite
+ any existing filesystem. If true, any pre-existing
+ file system will be destroyed. Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition to use.
+ The valid options are: "auto|any", "auto", "any",
+ "none", and <NUM>, where NUM is the actual partition
+ number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive, used
+ for Microsoft Azure that instructs cloud-init to replace
+ a file system of <FS_TYPE>. NOTE: unless you define
+ a label, this requires the use of the ''any'' partition
+ directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the partitions
+ to setup.
+ items:
+ description: Partition defines how to create and layout
+ a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout. If
+ it is true, a single partition will be created for
+ the entire device. When layout is false, it means
+ don't partition or ignore existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to skip checks
+ and create the partition if a partition or filesystem
+ is found on the device. Use with caution. Default
+ is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of partition
+ table. The following are supported: ''mbr'': default
+ and setups a MS-DOS partition table ''gpt'': setups
+ a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed to user_data
+ upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: Append specifies whether to append Content
+ to existing file if Path exists.
+ type: boolean
+ content:
+ description: Content is the actual content of the file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source of content
+ to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of the file
+ contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the file,
+ e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk where
+ to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions to assign
+ to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the bootstrap
+ data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: Ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: ContainerLinuxConfig contains CLC specific configuration.
+ properties:
+ additionalConfig:
+ description: "AdditionalConfig contains additional configuration
+ to be merged with the Ignition configuration generated
+ by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+ \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+ type: string
+ strict:
+ description: Strict controls if AdditionalConfig should
+ be strictly parsed. If so, warnings are treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm init`
+ time and describes a set of Bootstrap Tokens to create.
+ This information IS NOT uploaded to the kubeadm cluster
+ configmap, partly because of its sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap token,
+ stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly message
+ why this token exists and what it's used for, so other
+ administrators can know its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp when this
+ token expires. Defaults to being set dynamically at
+ runtime based on the TTL. Expires and TTL are mutually
+ exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups that
+ this token will authenticate as when/if used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing bidirectional
+ trust between nodes and control-planes. Used for joining
+ nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for this token.
+ Defaults to 24h. Expires and TTL are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which this
+ token can be used. Can by default be used for establishing
+ bidirectional trust, but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint of the
+ API server instance that's deployed on this control plane
+ node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint
+ in the sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests to
+ each individual API server. This configuration object lets
+ you customize what IP/DNS name and port the local API server
+ advertises it's accessible on. By default, kubeadm tries
+ to auto-detect the IP of the default interface and use that,
+ but in case that process fails you may set the desired value
+ here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address for
+ the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the API
+ Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: []`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during "kubeadm
+ init". The minimum kubernetes version needed to support
+ Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that contains
+ files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+ "target" can be one of "kube-apiserver", "kube-controller-manager",
+ "kube-scheduler", "etcd". "patchtype" can be one of
+ "strategic" "merge" or "json" and they match the patch
+ formats supported by kubectl. The default "patchtype"
+ is "strategic". "extension" must be either "json" or
+ "yaml". "suffix" is an optional string that can be used
+ to determine which patches are applied first alpha-numerically.
+ These files can be written into the target directory
+ via KubeadmConfig.Files which specifies additional files
+ to be created on the machine, either with content inline
+ or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during
+ command execution. The list of phases can be obtained with
+ the "kubeadm init --help" command. This option takes effect
+ only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration for
+ the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node and
+ control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control plane
+ instance to be deployed on the joining node. If nil, no
+ additional control plane instance will be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for the
+ API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for the kubelet
+ to use during the TLS Bootstrap process TODO: revisit when
+ there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the options
+ for bootstrap token based discovery BootstrapToken and
+ File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or domain
+ name to the API server from which info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set of public
+ key pins to verify when token-based discovery is
+ used. The root CA found during discovery must match
+ one of these values. Specifying an empty set disables
+ root CA pinning, which can be unsafe. Each hash
+ is specified as "<type>:<value>", where the only
+ currently supported type is "sha256". This is a
+ hex-encoded SHA-256 hash of the Subject Public Key
+ Info (SPKI) object in DER-encoded ASN.1. These hashes
+ can be calculated using, for example, OpenSSL: openssl
+ x509 -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256 -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate cluster
+ information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows token-based
+ discovery without CA verification via CACertHashes.
+ This can weaken the security of kubeadm since other
+ nodes can impersonate the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or URL to
+ a kubeconfig file from which to load cluster information
+ BootstrapToken and File are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify the
+ actual file path or URL to the kubeconfig file from
+ which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used for TLS
+ bootstrapping. If .BootstrapToken is set, this field
+ is defaulted to .BootstrapToken.Token, but can be overridden.
+ If .File is set, this field **must be set** in case
+ the KubeConfigFile does not contain any other authentication
+ information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate to
+ registering the new control-plane node to the cluster. When
+ used in the context of control plane nodes, NodeRegistration
+ should remain consistent across both InitConfiguration and
+ JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container runtime
+ info. This information will be annotated to the Node
+ API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a slice of
+ pre-flight errors to be ignored when the current node
+ is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra arguments
+ to the kubelet. The arguments here are passed to the
+ kubelet command line via the environment file kubeadm
+ writes at runtime for the kubelet to source. This overrides
+ the generic base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing. These
+ values are local and specific to the node kubeadm is
+ executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field of the
+ Node API object that will be created in this `kubeadm
+ init` or `kubeadm join` operation. This field is also
+ used in the CommonName field of the kubelet's client
+ certificate to the API server. Defaults to the hostname
+ of the node if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the Node API
+ object should be registered with. If this field is unset,
+ i.e. nil, in the `kubeadm init` process it will be defaulted
+ to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane node,
+ set this field to an empty slice, i.e. `taints: []`
+ in the YAML file. This field is solely used for Node
+ registration.'
+ items:
+ description: The node this Taint is attached to has
+ the "effect" on any pod that does not tolerate the
+ Taint.
+ properties:
+ effect:
+ description: Required. The effect of the taint on
+ pods that do not tolerate the taint. Valid effects
+ are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied
+ to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time at which
+ the taint was added. It is only written for NoExecute
+ taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the
+ taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during "kubeadm
+ join". The minimum kubernetes version needed to support
+ Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory that contains
+ files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or just "etcd.json".
+ "target" can be one of "kube-apiserver", "kube-controller-manager",
+ "kube-scheduler", "etcd". "patchtype" can be one of
+ "strategic" "merge" or "json" and they match the patch
+ formats supported by kubectl. The default "patchtype"
+ is "strategic". "extension" must be either "json" or
+ "yaml". "suffix" is an optional string that can be used
+ to determine which patches are applied first alpha-numerically.
+ These files can be written into the target directory
+ via KubeadmConfig.Files which specifies additional files
+ to be created on the machine, either with content inline
+ or by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip during
+ command execution. The list of phases can be obtained with
+ the "kubeadm init --help" command. This option takes effect
+ only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to be setup.
+ items:
+ description: MountPoints defines input for generated mounts
+ in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands to run
+ after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands to run
+ before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic kubeadm
+ command with a shell script with retries for joins. \n This
+ is meant to be an experimental temporary workaround on some
+ environments where joins fail due to timing (and other issues).
+ The long term goal is to add retries to kubeadm proper and use
+ that functionality. \n This will add about 40KB to userdata
+ \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ \n Deprecated: This experimental fix is no longer needed and
+ this field will be removed in a future release. When removing
+ also remove from staticcheck exclude-rules for SA1019 in golangci.yml"
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated user in
+ cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups for
+ the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory to use
+ for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark the user
+ as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password login should
+ be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password for the
+ user
+ type: string
+ passwdFrom:
+ description: PasswdFrom is a referenced source of passwd
+ to populate the passwd.
+ properties:
+ secret:
+ description: Secret represents a secret that should
+ populate this password.
+ properties:
+ key:
+ description: Key is the key in the secret's data
+ map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: PrimaryGroup specifies the primary group for
+ the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list of ssh authorized
+ keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log level
+ verbosity. It overrides the `--v` flag in kubeadm commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: MachineTemplate contains information about how machines
+ should be shaped when creating or updating a control plane.
+ properties:
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the machine
+ controller will attempt to delete the Node that the Machine
+ hosts after the Machine is marked for deletion. A duration of
+ 0 will retry deletion indefinitely. If no value is provided,
+ the default value for this property of the Machine resource
+ will be used.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that
+ the controller will spend on draining a controlplane node The
+ default value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different from
+ `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of time
+ that the controller will spend on waiting for all volumes to
+ be detached. The default value is 0, meaning that the volumes
+ can be detached without any time limitations.
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ replicas:
+ description: Number of desired machines. Defaults to 1. When stacked
+ etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: RolloutAfter is a field to indicate a rollout should
+ be performed after the specified time even if no changes have been
+ made to the KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutBefore:
+ description: RolloutBefore is a field to indicate a rollout should
+ be performed if the specified criteria is met.
+ properties:
+ certificatesExpiryDays:
+ description: CertificatesExpiryDays indicates a rollout needs
+ to be performed if the certificates of the machine will expire
+ within the specified days.
+ format: int32
+ type: integer
+ type: object
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: The RolloutStrategy to use to replace control plane machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if RolloutStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of control planes that can
+ be scheduled above or under the desired number of control
+ planes. Value can be an absolute number 1 or 0. Defaults
+ to 1. Example: when this is set to 1, the control plane
+ can be scaled up immediately when the rolling update starts.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of rollout. Currently the only supported strategy
+ is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: Version defines the desired Kubernetes version.
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ status:
+ description: KubeadmControlPlaneStatus defines the observed state of KubeadmControlPlane.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the KubeadmControlPlane.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: ErrorMessage indicates that there is a terminal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a terminal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ initialized:
+ description: Initialized denotes whether or not the control plane
+ has the uploaded kubeadm-config configmap.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ ready:
+ description: Ready denotes that the KubeadmControlPlane API Server
+ is ready to receive requests.
+ type: boolean
+ readyReplicas:
+ description: Total number of fully running and ready control plane
+ machines.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the label selector in string format to avoid
+ introspection by clients, and is used to provide the CRD-based integration
+ for the scale subresource and additional integrations for things
+ like kubectl describe.. The string will be in the same format as
+ the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ control plane. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet ready or machines
+ that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ control plane that have the desired template spec.
+ format: int32
+ type: integer
+ version:
+ description: Version represents the minimum Kubernetes version for
+ the control plane machines in the cluster.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1alpha4: v1alpha4
+ cluster.x-k8s.io/v1beta1: v1beta1
+ clusterctl.cluster.x-k8s.io: ""
+ name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: controlplane.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: KubeadmControlPlaneTemplate
+ listKind: KubeadmControlPlaneTemplateList
+ plural: kubeadmcontrolplanetemplates
+ singular: kubeadmcontrolplanetemplate
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlaneTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneTemplateSpec defines the desired state
+ of KubeadmControlPlaneTemplate.
+ properties:
+ template:
+ description: KubeadmControlPlaneTemplateResource describes the data
+ needed to create a KubeadmControlPlane from a template.
+ properties:
+ spec:
+ description: KubeadmControlPlaneSpec defines the desired state
+ of KubeadmControlPlane.
+ properties:
+ kubeadmConfigSpec:
+ description: KubeadmConfigSpec is a KubeadmConfigSpec to use
+ for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for
+ the API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the
+ timeout that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store
+ or look for all required certificates. NB: if not
+ provided, this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP
+ address or DNS name for the control plane; it can
+ be a valid IP address or a RFC-1123 DNS subdomain,
+ both with optional TCP port. In case the ControlPlaneEndpoint
+ is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified
+ but without a TCP port, the BindPort is used. Possible
+ usages are: e.g. In a cluster with more than one
+ control plane instances, this field should be assigned
+ the address of the external load balancer in front
+ of the control plane instances. e.g. in environments
+ with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the
+ control plane. NB: This value defaults to the first
+ value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set, the
+ ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag
+ for the image. In case this value is set, kubeadm
+ does not change automatically the version of
+ the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB:
+ This value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect
+ to an external etcd cluster Local and External
+ are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate
+ Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification
+ file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used
+ to secure etcd communication. Required if
+ using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs
+ for configuring the local etcd instance Local
+ and External are mutually exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd
+ will place its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments
+ provided to the etcd binary when run inside
+ a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set,
+ the ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a
+ tag for the image. In case this value is
+ set, kubeadm does not change automatically
+ the version of the above components during
+ upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject
+ Alternative Names for the etcd peer signing
+ cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. If empty, `registry.k8s.io`
+ will be used by default; in case of kubernetes version
+ is a CI build (kubernetes version starts with `ci/`
+ or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will
+ be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will
+ be used for all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version
+ of the control plane. NB: This value defaults to
+ the Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the
+ networking topology of the cluster. NB: This value
+ defaults to the Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used
+ by k8s services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR
+ ranges for every node. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used
+ by k8s services. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+ or to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for
+ the scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file
+ systems to setup.
+ items:
+ description: Filesystem defines the file systems
+ to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options
+ to add to the command for creating the file
+ system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: Label specifies the file system
+ label to be used. If set to None, no label
+ is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not
+ to overwrite any existing filesystem. If true,
+ any pre-existing file system will be destroyed.
+ Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition
+ to use. The valid options are: "auto|any",
+ "auto", "any", "none", and <NUM>, where NUM
+ is the actual partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive,
+ used for Microsoft Azure that instructs cloud-init
+ to replace a file system of <FS_TYPE>. NOTE:
+ unless you define a label, this requires the
+ use of the ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the
+ partitions to setup.
+ items:
+ description: Partition defines how to create and
+ layout a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout.
+ If it is true, a single partition will be
+ created for the entire device. When layout
+ is false, it means don't partition or ignore
+ existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to
+ skip checks and create the partition if a
+ partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of
+ partition table. The following are supported:
+ ''mbr'': default and setups a MS-DOS partition
+ table ''gpt'': setups a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed
+ to user_data upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ content:
+ description: Content is the actual content of the
+ file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source
+ of content to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that
+ should populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of
+ the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the
+ file, e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk
+ where to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions
+ to assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the
+ bootstrap data
+ enum:
+ - cloud-config
+ type: string
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm
+ init` time and describes a set of Bootstrap Tokens
+ to create. This information IS NOT uploaded to the
+ kubeadm cluster configmap, partly because of its
+ sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly
+ message why this token exists and what it's
+ used for, so other administrators can know
+ its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp
+ when this token expires. Defaults to being
+ set dynamically at runtime based on the TTL.
+ Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups
+ that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing
+ bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for
+ this token. Defaults to 24h. Expires and TTL
+ are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which
+ this token can be used. Can by default be
+ used for establishing bidirectional trust,
+ but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance that's deployed on this
+ control plane node In HA setups, this differs from
+ ClusterConfiguration.ControlPlaneEndpoint in the
+ sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests
+ to each individual API server. This configuration
+ object lets you customize what IP/DNS name and port
+ the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the
+ IP of the default interface and use that, but in
+ case that process fails you may set the desired
+ value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for
+ the API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the
+ cluster. When used in the context of control plane
+ nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here
+ are passed to the kubelet command line via the
+ environment file kubeadm writes at runtime for
+ the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing.
+ These values are local and specific to the node
+ kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field
+ of the Node API object that will be created
+ in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field
+ of the kubelet's client certificate to the API
+ server. Defaults to the hostname of the node
+ if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the
+ Node API object should be registered with. If
+ this field is unset, i.e. nil, in the `kubeadm
+ init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane
+ node, set this field to an empty slice, i.e.
+ `taints: {}` in the YAML file. This field is
+ solely used for Node registration.'
+ items:
+ description: The node this Taint is attached
+ to has the "effect" on any pod that does not
+ tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the
+ taint on pods that do not tolerate the
+ taint. Valid effects are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time
+ at which the taint was added. It is only
+ written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node
+ and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control
+ plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will
+ be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on
+ this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP
+ address for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port
+ for the API Server to bind to. Defaults
+ to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for
+ the kubelet to use during the TLS Bootstrap process
+ TODO: revisit when there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the
+ options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or
+ domain name to the API server from which
+ info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set
+ of public key pins to verify when token-based
+ discovery is used. The root CA found during
+ discovery must match one of these values.
+ Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash
+ is specified as "<type>:<value>", where
+ the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the
+ Subject Public Key Info (SPKI) object in
+ DER-encoded ASN.1. These hashes can be calculated
+ using, for example, OpenSSL: openssl x509
+ -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256
+ -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate
+ cluster information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows
+ token-based discovery without CA verification
+ via CACertHashes. This can weaken the security
+ of kubeadm since other nodes can impersonate
+ the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or
+ URL to a kubeconfig file from which to load
+ cluster information BootstrapToken and File
+ are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used
+ for TLS bootstrapping. If .BootstrapToken is
+ set, this field is defaulted to .BootstrapToken.Token,
+ but can be overridden. If .File is set, this
+ field **must be set** in case the KubeConfigFile
+ does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the
+ cluster. When used in the context of control plane
+ nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here
+ are passed to the kubelet command line via the
+ environment file kubeadm writes at runtime for
+ the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing.
+ These values are local and specific to the node
+ kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field
+ of the Node API object that will be created
+ in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field
+ of the kubelet's client certificate to the API
+ server. Defaults to the hostname of the node
+ if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the
+ Node API object should be registered with. If
+ this field is unset, i.e. nil, in the `kubeadm
+ init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane
+ node, set this field to an empty slice, i.e.
+ `taints: {}` in the YAML file. This field is
+ solely used for Node registration.'
+ items:
+ description: The node this Taint is attached
+ to has the "effect" on any pod that does not
+ tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the
+ taint on pods that do not tolerate the
+ taint. Valid effects are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time
+ at which the taint was added. It is only
+ written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to
+ be setup.
+ items:
+ description: MountPoints defines input for generated
+ mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands
+ to run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic
+ kubeadm command with a shell script with retries for
+ joins. \n This is meant to be an experimental temporary
+ workaround on some environments where joins fail due
+ to timing (and other issues). The long term goal is
+ to add retries to kubeadm proper and use that functionality.
+ \n This will add about 40KB to userdata \n For more
+ information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055."
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated
+ user in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for
+ the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory
+ to use for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark
+ the user as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password
+ login should be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password
+ for the user
+ type: string
+ primaryGroup:
+ description: PrimaryGroup specifies the primary
+ group for the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list
+ of ssh authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the
+ user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log
+ level verbosity. It overrides the `--v` flag in kubeadm
+ commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: MachineTemplate contains information about how
+ machines should be shaped when creating or updating a control
+ plane.
+ properties:
+ infrastructureRef:
+ description: InfrastructureRef is a required reference
+ to a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ metadata:
+ description: 'Standard object''s metadata. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata.
+ They are not queryable and should be preserved when
+ modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can
+ be used to organize and categorize (scope and select)
+ objects. May match selectors of replication controllers
+ and services. More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of
+ time that the controller will spend on draining a controlplane
+ node The default value is 0, meaning that the node can
+ be drained without any time limitations. NOTE: NodeDrainTimeout
+ is different from `kubectl drain --timeout`'
+ type: string
+ required:
+ - infrastructureRef
+ type: object
+ replicas:
+ description: Number of desired machines. Defaults to 1. When
+ stacked etcd is used only odd numbers are permitted, as
+ per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
+ This is a pointer to distinguish between explicit zero and
+ not specified.
+ format: int32
+ type: integer
+ rolloutAfter:
+ description: RolloutAfter is a field to indicate a rollout
+ should be performed after the specified time even if no
+ changes have been made to the KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: The RolloutStrategy to use to replace control
+ plane machines with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only
+ if RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of control planes
+ that can be scheduled above or under the desired
+ number of control planes. Value can be an absolute
+ number 1 or 0. Defaults to 1. Example: when this
+ is set to 1, the control plane can be scaled up
+ immediately when the rolling update starts.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of rollout. Currently the only supported
+ strategy is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ version:
+ description: Version defines the desired Kubernetes version.
+ type: string
+ required:
+ - kubeadmConfigSpec
+ - machineTemplate
+ - version
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of KubeadmControlPlaneTemplate
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KubeadmControlPlaneTemplateSpec defines the desired state
+ of KubeadmControlPlaneTemplate.
+ properties:
+ template:
+ description: KubeadmControlPlaneTemplateResource describes the data
+ needed to create a KubeadmControlPlane from a template.
+ properties:
+ spec:
+ description: 'KubeadmControlPlaneTemplateResourceSpec defines
+ the desired state of KubeadmControlPlane. NOTE: KubeadmControlPlaneTemplateResourceSpec
+ is similar to KubeadmControlPlaneSpec but omits Replicas and
+ Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate,
+ because they are calculated by the Cluster topology reconciler
+ during reconciliation and thus cannot be configured on the KubeadmControlPlaneTemplate.'
+ properties:
+ kubeadmConfigSpec:
+ description: KubeadmConfigSpec is a KubeadmConfigSpec to use
+ for initializing and joining machines to the control plane.
+ properties:
+ clusterConfiguration:
+ description: ClusterConfiguration along with InitConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiServer:
+ description: APIServer contains extra settings for
+ the API server control plane component
+ properties:
+ certSANs:
+ description: CertSANs sets extra Subject Alternative
+ Names for the API Server signing cert.
+ items:
+ type: string
+ type: array
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ timeoutForControlPlane:
+ description: TimeoutForControlPlane controls the
+ timeout that we use for API server to appear
+ type: string
+ type: object
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ certificatesDir:
+ description: 'CertificatesDir specifies where to store
+ or look for all required certificates. NB: if not
+ provided, this will default to `/etc/kubernetes/pki`'
+ type: string
+ clusterName:
+ description: The cluster name
+ type: string
+ controlPlaneEndpoint:
+ description: 'ControlPlaneEndpoint sets a stable IP
+ address or DNS name for the control plane; it can
+ be a valid IP address or a RFC-1123 DNS subdomain,
+ both with optional TCP port. In case the ControlPlaneEndpoint
+ is not specified, the AdvertiseAddress + BindPort
+ are used; in case the ControlPlaneEndpoint is specified
+ but without a TCP port, the BindPort is used. Possible
+ usages are: e.g. In a cluster with more than one
+ control plane instances, this field should be assigned
+ the address of the external load balancer in front
+ of the control plane instances. e.g. in environments
+ with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the
+ control plane. NB: This value defaults to the first
+ value in the Cluster object status.apiEndpoints
+ array.'
+ type: string
+ controllerManager:
+ description: ControllerManager contains extra settings
+ for the controller manager control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ dns:
+ description: DNS defines the options for the DNS add-on
+ installed in the cluster.
+ properties:
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set, the
+ ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a tag
+ for the image. In case this value is set, kubeadm
+ does not change automatically the version of
+ the above components during upgrades.
+ type: string
+ type: object
+ etcd:
+ description: 'Etcd holds configuration for etcd. NB:
+ This value defaults to a Local (stacked) etcd'
+ properties:
+ external:
+ description: External describes how to connect
+ to an external etcd cluster Local and External
+ are mutually exclusive
+ properties:
+ caFile:
+ description: CAFile is an SSL Certificate
+ Authority file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ certFile:
+ description: CertFile is an SSL certification
+ file used to secure etcd communication.
+ Required if using a TLS connection.
+ type: string
+ endpoints:
+ description: Endpoints of etcd members. Required
+ for ExternalEtcd.
+ items:
+ type: string
+ type: array
+ keyFile:
+ description: KeyFile is an SSL key file used
+ to secure etcd communication. Required if
+ using a TLS connection.
+ type: string
+ required:
+ - caFile
+ - certFile
+ - endpoints
+ - keyFile
+ type: object
+ local:
+ description: Local provides configuration knobs
+ for configuring the local etcd instance Local
+ and External are mutually exclusive
+ properties:
+ dataDir:
+ description: DataDir is the directory etcd
+ will place its data. Defaults to "/var/lib/etcd".
+ type: string
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: ExtraArgs are extra arguments
+ provided to the etcd binary when run inside
+ a static pod.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container
+ registry to pull images from. if not set,
+ the ImageRepository defined in ClusterConfiguration
+ will be used instead.
+ type: string
+ imageTag:
+ description: ImageTag allows to specify a
+ tag for the image. In case this value is
+ set, kubeadm does not change automatically
+ the version of the above components during
+ upgrades.
+ type: string
+ peerCertSANs:
+ description: PeerCertSANs sets extra Subject
+ Alternative Names for the etcd peer signing
+ cert.
+ items:
+ type: string
+ type: array
+ serverCertSANs:
+ description: ServerCertSANs sets extra Subject
+ Alternative Names for the etcd server signing
+ cert.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: FeatureGates enabled by the user.
+ type: object
+ imageRepository:
+ description: ImageRepository sets the container registry
+ to pull images from. If empty, `registry.k8s.io`
+ will be used by default; in case of kubernetes version
+ is a CI build (kubernetes version starts with `ci/`
+ or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will
+ be used as a default for control plane components
+ and for kube-proxy, while `registry.k8s.io` will
+ be used for all the other images.
+ type: string
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ kubernetesVersion:
+ description: 'KubernetesVersion is the target version
+ of the control plane. NB: This value defaults to
+ the Machine object spec.version'
+ type: string
+ networking:
+ description: 'Networking holds configuration for the
+ networking topology of the cluster. NB: This value
+ defaults to the Cluster object spec.clusterNetwork.'
+ properties:
+ dnsDomain:
+ description: DNSDomain is the dns domain used
+ by k8s services. Defaults to "cluster.local".
+ type: string
+ podSubnet:
+ description: PodSubnet is the subnet used by pods.
+ If unset, the API server will not allocate CIDR
+ ranges for every node. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.services.cidrBlocks
+ if that is set
+ type: string
+ serviceSubnet:
+ description: ServiceSubnet is the subnet used
+ by k8s services. Defaults to a comma-delimited
+ string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks,
+ or to "10.96.0.0/12" if that's unset.
+ type: string
+ type: object
+ scheduler:
+ description: Scheduler contains extra settings for
+ the scheduler control plane component
+ properties:
+ extraArgs:
+ additionalProperties:
+ type: string
+ description: 'ExtraArgs is an extra set of flags
+ to pass to the control plane component. TODO:
+ This is temporary and ideally we would like
+ to switch all components to use ComponentConfig
+ + ConfigMaps.'
+ type: object
+ extraVolumes:
+ description: ExtraVolumes is an extra set of host
+ volumes, mounted to the control plane component.
+ items:
+ description: HostPathMount contains elements
+ describing volumes that are mounted from the
+ host.
+ properties:
+ hostPath:
+ description: HostPath is the path in the
+ host that will be mounted inside the pod.
+ type: string
+ mountPath:
+ description: MountPath is the path inside
+ the pod where hostPath will be mounted.
+ type: string
+ name:
+ description: Name of the volume inside the
+ pod template.
+ type: string
+ pathType:
+ description: PathType is the type of the
+ HostPath.
+ type: string
+ readOnly:
+ description: ReadOnly controls write access
+ to the volume
+ type: boolean
+ required:
+ - hostPath
+ - mountPath
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ diskSetup:
+ description: DiskSetup specifies options for the creation
+ of partition tables and file systems on devices.
+ properties:
+ filesystems:
+ description: Filesystems specifies the list of file
+ systems to setup.
+ items:
+ description: Filesystem defines the file systems
+ to be created.
+ properties:
+ device:
+ description: Device specifies the device name
+ type: string
+ extraOpts:
+ description: ExtraOpts defined extra options
+ to add to the command for creating the file
+ system.
+ items:
+ type: string
+ type: array
+ filesystem:
+ description: Filesystem specifies the file system
+ type.
+ type: string
+ label:
+ description: Label specifies the file system
+ label to be used. If set to None, no label
+ is used.
+ type: string
+ overwrite:
+ description: Overwrite defines whether or not
+ to overwrite any existing filesystem. If true,
+ any pre-existing file system will be destroyed.
+ Use with Caution.
+ type: boolean
+ partition:
+ description: 'Partition specifies the partition
+ to use. The valid options are: "auto|any",
+ "auto", "any", "none", and <NUM>, where NUM
+ is the actual partition number.'
+ type: string
+ replaceFS:
+ description: 'ReplaceFS is a special directive,
+ used for Microsoft Azure that instructs cloud-init
+ to replace a file system of <FS_TYPE>. NOTE:
+ unless you define a label, this requires the
+ use of the ''any'' partition directive.'
+ type: string
+ required:
+ - device
+ - filesystem
+ - label
+ type: object
+ type: array
+ partitions:
+ description: Partitions specifies the list of the
+ partitions to setup.
+ items:
+ description: Partition defines how to create and
+ layout a partition.
+ properties:
+ device:
+ description: Device is the name of the device.
+ type: string
+ layout:
+ description: Layout specifies the device layout.
+ If it is true, a single partition will be
+ created for the entire device. When layout
+ is false, it means don't partition or ignore
+ existing partitioning.
+ type: boolean
+ overwrite:
+ description: Overwrite describes whether to
+ skip checks and create the partition if a
+ partition or filesystem is found on the device.
+ Use with caution. Default is 'false'.
+ type: boolean
+ tableType:
+ description: 'TableType specifies the tupe of
+ partition table. The following are supported:
+ ''mbr'': default and setups a MS-DOS partition
+ table ''gpt'': setups a GPT partition table'
+ type: string
+ required:
+ - device
+ - layout
+ type: object
+ type: array
+ type: object
+ files:
+ description: Files specifies extra files to be passed
+ to user_data upon creation.
+ items:
+ description: File defines the input for generating write_files
+ in cloud-init.
+ properties:
+ append:
+ description: Append specifies whether to append
+ Content to existing file if Path exists.
+ type: boolean
+ content:
+ description: Content is the actual content of the
+ file.
+ type: string
+ contentFrom:
+ description: ContentFrom is a referenced source
+ of content to populate the file.
+ properties:
+ secret:
+ description: Secret represents a secret that
+ should populate this file.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ encoding:
+ description: Encoding specifies the encoding of
+ the file contents.
+ enum:
+ - base64
+ - gzip
+ - gzip+base64
+ type: string
+ owner:
+ description: Owner specifies the ownership of the
+ file, e.g. "root:root".
+ type: string
+ path:
+ description: Path specifies the full path on disk
+ where to store the file.
+ type: string
+ permissions:
+ description: Permissions specifies the permissions
+ to assign to the file, e.g. "0640".
+ type: string
+ required:
+ - path
+ type: object
+ type: array
+ format:
+ description: Format specifies the output format of the
+ bootstrap data
+ enum:
+ - cloud-config
+ - ignition
+ type: string
+ ignition:
+ description: Ignition contains Ignition specific configuration.
+ properties:
+ containerLinuxConfig:
+ description: ContainerLinuxConfig contains CLC specific
+ configuration.
+ properties:
+ additionalConfig:
+ description: "AdditionalConfig contains additional
+ configuration to be merged with the Ignition
+ configuration generated by the bootstrapper
+ controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging
+ \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/"
+ type: string
+ strict:
+ description: Strict controls if AdditionalConfig
+ should be strictly parsed. If so, warnings are
+ treated as errors.
+ type: boolean
+ type: object
+ type: object
+ initConfiguration:
+ description: InitConfiguration along with ClusterConfiguration
+ are the configurations necessary for the init command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ bootstrapTokens:
+ description: BootstrapTokens is respected at `kubeadm
+ init` time and describes a set of Bootstrap Tokens
+ to create. This information IS NOT uploaded to the
+ kubeadm cluster configmap, partly because of its
+ sensitive nature
+ items:
+ description: BootstrapToken describes one bootstrap
+ token, stored as a Secret in the cluster.
+ properties:
+ description:
+ description: Description sets a human-friendly
+ message why this token exists and what it's
+ used for, so other administrators can know
+ its purpose.
+ type: string
+ expires:
+ description: Expires specifies the timestamp
+ when this token expires. Defaults to being
+ set dynamically at runtime based on the TTL.
+ Expires and TTL are mutually exclusive.
+ format: date-time
+ type: string
+ groups:
+ description: Groups specifies the extra groups
+ that this token will authenticate as when/if
+ used for authentication
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is used for establishing
+ bidirectional trust between nodes and control-planes.
+ Used for joining nodes in the cluster.
+ type: string
+ ttl:
+ description: TTL defines the time to live for
+ this token. Defaults to 24h. Expires and TTL
+ are mutually exclusive.
+ type: string
+ usages:
+ description: Usages describes the ways in which
+ this token can be used. Can by default be
+ used for establishing bidirectional trust,
+ but that can be changed here.
+ items:
+ type: string
+ type: array
+ required:
+ - token
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance that's deployed on this
+ control plane node In HA setups, this differs from
+ ClusterConfiguration.ControlPlaneEndpoint in the
+ sense that ControlPlaneEndpoint is the global endpoint
+ for the cluster, which then loadbalances the requests
+ to each individual API server. This configuration
+ object lets you customize what IP/DNS name and port
+ the local API server advertises it's accessible
+ on. By default, kubeadm tries to auto-detect the
+ IP of the default interface and use that, but in
+ case that process fails you may set the desired
+ value here.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP address
+ for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port for
+ the API Server to bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ type: object
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the
+ cluster. When used in the context of control plane
+ nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here
+ are passed to the kubelet command line via the
+ environment file kubeadm writes at runtime for
+ the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing.
+ These values are local and specific to the node
+ kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field
+ of the Node API object that will be created
+ in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field
+ of the kubelet's client certificate to the API
+ server. Defaults to the hostname of the node
+ if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the
+ Node API object should be registered with. If
+ this field is unset, i.e. nil, in the `kubeadm
+ init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane
+ node, set this field to an empty slice, i.e.
+ `taints: []` in the YAML file. This field is
+ solely used for Node registration.'
+ items:
+ description: The node this Taint is attached
+ to has the "effect" on any pod that does not
+ tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the
+ taint on pods that do not tolerate the
+ taint. Valid effects are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time
+ at which the taint was added. It is only
+ written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during
+ "kubeadm init". The minimum kubernetes version needed
+ to support Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory
+ that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or
+ just "etcd.json". "target" can be one of "kube-apiserver",
+ "kube-controller-manager", "kube-scheduler",
+ "etcd". "patchtype" can be one of "strategic"
+ "merge" or "json" and they match the patch formats
+ supported by kubectl. The default "patchtype"
+ is "strategic". "extension" must be either "json"
+ or "yaml". "suffix" is an optional string that
+ can be used to determine which patches are applied
+ first alpha-numerically. These files can be
+ written into the target directory via KubeadmConfig.Files
+ which specifies additional files to be created
+ on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip
+ during command execution. The list of phases can
+ be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ joinConfiguration:
+ description: JoinConfiguration is the kubeadm configuration
+ for the join command
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema
+ of this representation of an object. Servers should
+ convert recognized schemas to the latest internal
+ value, and may reject unrecognized values. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ caCertPath:
+ description: 'CACertPath is the path to the SSL certificate
+ authority used to secure comunications between node
+ and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt".
+ TODO: revisit when there is defaulting from k/k'
+ type: string
+ controlPlane:
+ description: ControlPlane defines the additional control
+ plane instance to be deployed on the joining node.
+ If nil, no additional control plane instance will
+ be deployed.
+ properties:
+ localAPIEndpoint:
+ description: LocalAPIEndpoint represents the endpoint
+ of the API server instance to be deployed on
+ this node.
+ properties:
+ advertiseAddress:
+ description: AdvertiseAddress sets the IP
+ address for the API server to advertise.
+ type: string
+ bindPort:
+ description: BindPort sets the secure port
+ for the API Server to bind to. Defaults
+ to 6443.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ discovery:
+ description: 'Discovery specifies the options for
+ the kubelet to use during the TLS Bootstrap process
+ TODO: revisit when there is defaulting from k/k'
+ properties:
+ bootstrapToken:
+ description: BootstrapToken is used to set the
+ options for bootstrap token based discovery
+ BootstrapToken and File are mutually exclusive
+ properties:
+ apiServerEndpoint:
+ description: APIServerEndpoint is an IP or
+ domain name to the API server from which
+ info will be fetched.
+ type: string
+ caCertHashes:
+ description: 'CACertHashes specifies a set
+ of public key pins to verify when token-based
+ discovery is used. The root CA found during
+ discovery must match one of these values.
+ Specifying an empty set disables root CA
+ pinning, which can be unsafe. Each hash
+ is specified as "<type>:<value>", where
+ the only currently supported type is "sha256".
+ This is a hex-encoded SHA-256 hash of the
+ Subject Public Key Info (SPKI) object in
+ DER-encoded ASN.1. These hashes can be calculated
+ using, for example, OpenSSL: openssl x509
+ -pubkey -in ca.crt openssl rsa -pubin -outform
+ der 2>&/dev/null | openssl dgst -sha256
+ -hex'
+ items:
+ type: string
+ type: array
+ token:
+ description: Token is a token used to validate
+ cluster information fetched from the control-plane.
+ type: string
+ unsafeSkipCAVerification:
+ description: UnsafeSkipCAVerification allows
+ token-based discovery without CA verification
+ via CACertHashes. This can weaken the security
+ of kubeadm since other nodes can impersonate
+ the control-plane.
+ type: boolean
+ required:
+ - token
+ type: object
+ file:
+ description: File is used to specify a file or
+ URL to a kubeconfig file from which to load
+ cluster information BootstrapToken and File
+ are mutually exclusive
+ properties:
+ kubeConfigPath:
+ description: KubeConfigPath is used to specify
+ the actual file path or URL to the kubeconfig
+ file from which to load cluster information
+ type: string
+ required:
+ - kubeConfigPath
+ type: object
+ timeout:
+ description: Timeout modifies the discovery timeout
+ type: string
+ tlsBootstrapToken:
+ description: TLSBootstrapToken is a token used
+ for TLS bootstrapping. If .BootstrapToken is
+ set, this field is defaulted to .BootstrapToken.Token,
+ but can be overridden. If .File is set, this
+ field **must be set** in case the KubeConfigFile
+ does not contain any other authentication information
+ type: string
+ type: object
+ kind:
+ description: 'Kind is a string value representing
+ the REST resource this object represents. Servers
+ may infer this from the endpoint the client submits
+ requests to. Cannot be updated. In CamelCase. More
+ info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ nodeRegistration:
+ description: NodeRegistration holds fields that relate
+ to registering the new control-plane node to the
+ cluster. When used in the context of control plane
+ nodes, NodeRegistration should remain consistent
+ across both InitConfiguration and JoinConfiguration
+ properties:
+ criSocket:
+ description: CRISocket is used to retrieve container
+ runtime info. This information will be annotated
+ to the Node API object, for later re-use
+ type: string
+ ignorePreflightErrors:
+ description: IgnorePreflightErrors provides a
+ slice of pre-flight errors to be ignored when
+ the current node is registered.
+ items:
+ type: string
+ type: array
+ kubeletExtraArgs:
+ additionalProperties:
+ type: string
+ description: KubeletExtraArgs passes through extra
+ arguments to the kubelet. The arguments here
+ are passed to the kubelet command line via the
+ environment file kubeadm writes at runtime for
+ the kubelet to source. This overrides the generic
+ base-level configuration in the kubelet-config-1.X
+ ConfigMap Flags have higher priority when parsing.
+ These values are local and specific to the node
+ kubeadm is executing on.
+ type: object
+ name:
+ description: Name is the `.Metadata.Name` field
+ of the Node API object that will be created
+ in this `kubeadm init` or `kubeadm join` operation.
+ This field is also used in the CommonName field
+ of the kubelet's client certificate to the API
+ server. Defaults to the hostname of the node
+ if not provided.
+ type: string
+ taints:
+ description: 'Taints specifies the taints the
+ Node API object should be registered with. If
+ this field is unset, i.e. nil, in the `kubeadm
+ init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}.
+ If you don''t want to taint your control-plane
+ node, set this field to an empty slice, i.e.
+ `taints: []` in the YAML file. This field is
+ solely used for Node registration.'
+ items:
+ description: The node this Taint is attached
+ to has the "effect" on any pod that does not
+ tolerate the Taint.
+ properties:
+ effect:
+ description: Required. The effect of the
+ taint on pods that do not tolerate the
+ taint. Valid effects are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to
+ be applied to a node.
+ type: string
+ timeAdded:
+ description: TimeAdded represents the time
+ at which the taint was added. It is only
+ written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding
+ to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ type: array
+ type: object
+ patches:
+ description: Patches contains options related to applying
+ patches to components deployed by kubeadm during
+ "kubeadm join". The minimum kubernetes version needed
+ to support Patches is v1.22
+ properties:
+ directory:
+ description: Directory is a path to a directory
+ that contains files named "target[suffix][+patchtype].extension".
+ For example, "kube-apiserver0+merge.yaml" or
+ just "etcd.json". "target" can be one of "kube-apiserver",
+ "kube-controller-manager", "kube-scheduler",
+ "etcd". "patchtype" can be one of "strategic"
+ "merge" or "json" and they match the patch formats
+ supported by kubectl. The default "patchtype"
+ is "strategic". "extension" must be either "json"
+ or "yaml". "suffix" is an optional string that
+ can be used to determine which patches are applied
+ first alpha-numerically. These files can be
+ written into the target directory via KubeadmConfig.Files
+ which specifies additional files to be created
+ on the machine, either with content inline or
+ by referencing a secret.
+ type: string
+ type: object
+ skipPhases:
+ description: SkipPhases is a list of phases to skip
+ during command execution. The list of phases can
+ be obtained with the "kubeadm init --help" command.
+ This option takes effect only on Kubernetes >=1.22.0.
+ items:
+ type: string
+ type: array
+ type: object
+ mounts:
+ description: Mounts specifies a list of mount points to
+ be setup.
+ items:
+ description: MountPoints defines input for generated
+ mounts in cloud-init.
+ items:
+ type: string
+ type: array
+ type: array
+ ntp:
+ description: NTP specifies NTP configuration
+ properties:
+ enabled:
+ description: Enabled specifies whether NTP should
+ be enabled
+ type: boolean
+ servers:
+ description: Servers specifies which NTP servers to
+ use
+ items:
+ type: string
+ type: array
+ type: object
+ postKubeadmCommands:
+ description: PostKubeadmCommands specifies extra commands
+ to run after kubeadm runs
+ items:
+ type: string
+ type: array
+ preKubeadmCommands:
+ description: PreKubeadmCommands specifies extra commands
+ to run before kubeadm runs
+ items:
+ type: string
+ type: array
+ useExperimentalRetryJoin:
+ description: "UseExperimentalRetryJoin replaces a basic
+ kubeadm command with a shell script with retries for
+ joins. \n This is meant to be an experimental temporary
+ workaround on some environments where joins fail due
+ to timing (and other issues). The long term goal is
+ to add retries to kubeadm proper and use that functionality.
+ \n This will add about 40KB to userdata \n For more
+ information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055.
+ \n Deprecated: This experimental fix is no longer needed
+ and this field will be removed in a future release.
+ When removing also remove from staticcheck exclude-rules
+ for SA1019 in golangci.yml"
+ type: boolean
+ users:
+ description: Users specifies extra users to add
+ items:
+ description: User defines the input for a generated
+ user in cloud-init.
+ properties:
+ gecos:
+ description: Gecos specifies the gecos to use for
+ the user
+ type: string
+ groups:
+ description: Groups specifies the additional groups
+ for the user
+ type: string
+ homeDir:
+ description: HomeDir specifies the home directory
+ to use for the user
+ type: string
+ inactive:
+ description: Inactive specifies whether to mark
+ the user as inactive
+ type: boolean
+ lockPassword:
+ description: LockPassword specifies if password
+ login should be disabled
+ type: boolean
+ name:
+ description: Name specifies the user name
+ type: string
+ passwd:
+ description: Passwd specifies a hashed password
+ for the user
+ type: string
+ passwdFrom:
+ description: PasswdFrom is a referenced source of
+ passwd to populate the passwd.
+ properties:
+ secret:
+ description: Secret represents a secret that
+ should populate this password.
+ properties:
+ key:
+ description: Key is the key in the secret's
+ data map for this value.
+ type: string
+ name:
+ description: Name of the secret in the KubeadmBootstrapConfig's
+ namespace to use.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ required:
+ - secret
+ type: object
+ primaryGroup:
+ description: PrimaryGroup specifies the primary
+ group for the user
+ type: string
+ shell:
+ description: Shell specifies the user's shell
+ type: string
+ sshAuthorizedKeys:
+ description: SSHAuthorizedKeys specifies a list
+ of ssh authorized keys for the user
+ items:
+ type: string
+ type: array
+ sudo:
+ description: Sudo specifies a sudo role for the
+ user
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ verbosity:
+ description: Verbosity is the number for the kubeadm log
+ level verbosity. It overrides the `--v` flag in kubeadm
+ commands.
+ format: int32
+ type: integer
+ type: object
+ machineTemplate:
+ description: MachineTemplate contains information about how
+ machines should be shaped when creating or updating a control
+ plane.
+ properties:
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the
+ machine controller will attempt to delete the Node that
+ the Machine hosts after the Machine is marked for deletion.
+ A duration of 0 will retry deletion indefinitely. If
+ no value is provided, the default value for this property
+ of the Machine resource will be used.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of
+ time that the controller will spend on draining a controlplane
+ node The default value is 0, meaning that the node can
+ be drained without any time limitations. NOTE: NodeDrainTimeout
+ is different from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount
+ of time that the controller will spend on waiting for
+ all volumes to be detached. The default value is 0,
+ meaning that the volumes can be detached without any
+ time limitations.
+ type: string
+ type: object
+ rolloutAfter:
+ description: RolloutAfter is a field to indicate a rollout
+ should be performed after the specified time even if no
+ changes have been made to the KubeadmControlPlane.
+ format: date-time
+ type: string
+ rolloutBefore:
+ description: RolloutBefore is a field to indicate a rollout
+ should be performed if the specified criteria is met.
+ properties:
+ certificatesExpiryDays:
+ description: CertificatesExpiryDays indicates a rollout
+ needs to be performed if the certificates of the machine
+ will expire within the specified days.
+ format: int32
+ type: integer
+ type: object
+ rolloutStrategy:
+ default:
+ rollingUpdate:
+ maxSurge: 1
+ type: RollingUpdate
+ description: The RolloutStrategy to use to replace control
+ plane machines with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only
+ if RolloutStrategyType = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of control planes
+ that can be scheduled above or under the desired
+ number of control planes. Value can be an absolute
+ number 1 or 0. Defaults to 1. Example: when this
+ is set to 1, the control plane can be scaled up
+ immediately when the rolling update starts.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of rollout. Currently the only supported
+ strategy is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ required:
+ - kubeadmConfigSpec
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-leader-election-role
+ namespace: capi-kubeadm-control-plane-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ kubeadm.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true"
+ name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-manager-role
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ - controlplane.cluster.x-k8s.io
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-leader-election-rolebinding
+ namespace: capi-kubeadm-control-plane-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-kubeadm-control-plane-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-kubeadm-control-plane-system-capi-kubeadm-control-plane-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-kubeadm-control-plane-manager
+ namespace: capi-kubeadm-control-plane-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-kubeadm-control-plane-controller-manager
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --metrics-bind-addr=localhost:8080
+ - --feature-gates=ClusterTopology=true,KubeadmBootstrapFormatIgnition=false
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: "{{ atmosphere_images['cluster_api_kubeadm_control_plane_controller'] | vexxhost.atmosphere.docker_image('ref') }}"
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ serviceAccountName: capi-kubeadm-control-plane-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-kubeadm-control-plane-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-serving-cert
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ dnsNames:
+ - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc
+ - capi-kubeadm-control-plane-webhook-service.capi-kubeadm-control-plane-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-kubeadm-control-plane-selfsigned-issuer
+ secretName: capi-kubeadm-control-plane-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-selfsigned-issuer
+ namespace: capi-kubeadm-control-plane-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+ failurePolicy: Fail
+ name: default.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanetemplates
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-kubeadm-control-plane-system/capi-kubeadm-control-plane-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: control-plane-kubeadm
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-kubeadm-control-plane-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplanetemplate
+ failurePolicy: Fail
+ name: validation.kubeadmcontrolplanetemplate.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanetemplates
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-kubeadm-control-plane-webhook-service
+ namespace: capi-kubeadm-control-plane-system
+ path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - controlplane.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - UPDATE
+ resources:
+ - kubeadmcontrolplanes/scale
+ sideEffects: None
diff --git a/roles/cluster_api/templates/capi-core.yml b/roles/cluster_api/templates/capi-core.yml
new file mode 100644
index 0000000..ba2ab4d
--- /dev/null
+++ b/roles/cluster_api/templates/capi-core.yml
@@ -0,0 +1,11515 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterclasses.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterClass
+ listKind: ClusterClassList
+ plural: clusterclasses
+ shortNames:
+ - cc
+ singular: clusterclass
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterClass
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: ClusterClass is a template which can be used to create managed
+ topologies.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterClassSpec describes the desired state of the ClusterClass.
+ properties:
+ controlPlane:
+ description: ControlPlane is a reference to a local struct that holds
+ the details for provisioning the Control Plane for the Cluster.
+ properties:
+ machineInfrastructure:
+ description: "MachineTemplate defines the metadata and infrastructure
+ information for control plane machines. \n This field is supported
+ if and only if the control plane provider template referenced
+ above is Machine based and supports setting replicas."
+ properties:
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: "Metadata is the metadata applied to the machines
+ of the ControlPlane. At runtime this metadata is merged with
+ the corresponding metadata from the topology. \n This field
+ is supported if and only if the control plane provider template
+ referenced is Machine based."
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: Infrastructure is a reference to a provider-specific
+ template that holds the details for provisioning infrastructure
+ specific cluster for the underlying provider. The underlying provider
+ is responsible for the implementation of the template to an infrastructure
+ cluster.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ workers:
+ description: Workers describes the worker nodes for the cluster. It
+ is a collection of node types which can be used to create the worker
+ nodes of the cluster.
+ properties:
+ machineDeployments:
+ description: MachineDeployments is a list of machine deployment
+ classes that can be used to create a set of worker nodes.
+ items:
+ description: MachineDeploymentClass serves as a template to
+ define a set of worker nodes of the cluster provisioned using
+ the `ClusterClass`.
+ properties:
+ class:
+ description: Class denotes a type of worker node present
+ in the cluster, this name MUST be unique within a ClusterClass
+ and can be referenced in the Cluster to create a managed
+ MachineDeployment.
+ type: string
+ template:
+ description: Template is a local struct containing a collection
+ of templates for creation of MachineDeployment objects
+ representing a set of worker nodes.
+ properties:
+ bootstrap:
+ description: Bootstrap contains the bootstrap template
+ reference to be used for the creation of worker Machines.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom
+ resource offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an
+ object instead of an entire object, this string
+ should contain a valid JSON/Go field access
+ statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to
+ a container within a pod, this would take
+ on a value like: "spec.containers{name}" (where
+ "name" refers to the name of the container
+ that triggered the event) or if no container
+ name is specified "spec.containers[2]" (container
+ with index 2 in this pod). This syntax is
+ chosen only to have some well-defined way
+ of referencing a part of an object. TODO:
+ this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: Infrastructure contains the infrastructure
+ template reference to be used for the creation of
+ worker Machines.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom
+ resource offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an
+ object instead of an entire object, this string
+ should contain a valid JSON/Go field access
+ statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to
+ a container within a pod, this would take
+ on a value like: "spec.containers{name}" (where
+ "name" refers to the name of the container
+ that triggered the event) or if no container
+ name is specified "spec.containers[2]" (container
+ with index 2 in this pod). This syntax is
+ chosen only to have some well-defined way
+ of referencing a part of an object. TODO:
+ this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: Metadata is the metadata applied to the
+ machines of the MachineDeployment. At runtime this
+ metadata is merged with the corresponding metadata
+ from the topology.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key
+ value map stored with a resource that may be set
+ by external tools to store and retrieve arbitrary
+ metadata. They are not queryable and should be
+ preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that
+ can be used to organize and categorize (scope
+ and select) objects. May match selectors of replication
+ controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ required:
+ - bootstrap
+ - infrastructure
+ type: object
+ required:
+ - class
+ - template
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterClass
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterClass is a template which can be used to create managed
+ topologies.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterClassSpec describes the desired state of the ClusterClass.
+ properties:
+ controlPlane:
+ description: ControlPlane is a reference to a local struct that holds
+ the details for provisioning the Control Plane for the Cluster.
+ properties:
+ machineHealthCheck:
+ description: MachineHealthCheck defines a MachineHealthCheck for
+ this ControlPlaneClass. This field is supported if and only
+ if the ControlPlane provider template referenced above is Machine
+ based and supports setting replicas.
+ properties:
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed if at
+ most "MaxUnhealthy" machines selected by "selector" are
+ not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without a node
+ will be considered to have failed and will be remediated.
+ If you wish to disable this feature, set the value explicitly
+ to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to a remediation
+ template provided by an infrastructure provider. \n This
+ field is completely optional, when filled, the MachineHealthCheck
+ controller creates a new object from the template referenced
+ and hands off remediation of the machine to a controller
+ that lives outside of Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of the conditions
+ that determine whether a node is considered unhealthy. The
+ conditions are combined in a logical OR, i.e. if any of
+ the conditions is met, the node is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node condition
+ type and value with a timeout specified as a duration. When
+ the named condition has been in the given status for at
+ least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed if the
+ number of machines selected by "selector" as not healthy
+ is within the range of "UnhealthyRange". Takes precedence
+ over MaxUnhealthy. Eg. "[3-5]" - This means that remediation
+ will be allowed only when: (a) there are at least 3 unhealthy
+ machines (and) (b) there are at most 5 unhealthy machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ machineInfrastructure:
+ description: "MachineInfrastructure defines the metadata and infrastructure
+ information for control plane machines. \n This field is supported
+ if and only if the control plane provider template referenced
+ above is Machine based and supports setting replicas."
+ properties:
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: "Metadata is the metadata applied to the machines
+ of the ControlPlane. At runtime this metadata is merged with
+ the corresponding metadata from the topology. \n This field
+ is supported if and only if the control plane provider template
+ referenced is Machine based."
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: 'NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts after
+ the Machine is marked for deletion. A duration of 0 will retry
+ deletion indefinitely. Defaults to 10 seconds. NOTE: This value
+ can be overridden while defining a Cluster.Topology.'
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that
+ the controller will spend on draining a node. The default value
+ is 0, meaning that the node can be drained without any time
+ limitations. NOTE: NodeDrainTimeout is different from `kubectl
+ drain --timeout` NOTE: This value can be overridden while defining
+ a Cluster.Topology.'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: 'NodeVolumeDetachTimeout is the total amount of time
+ that the controller will spend on waiting for all volumes to
+ be detached. The default value is 0, meaning that the volumes
+ can be detached without any time limitations. NOTE: This value
+ can be overridden while defining a Cluster.Topology.'
+ type: string
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: Infrastructure is a reference to a provider-specific
+ template that holds the details for provisioning infrastructure
+ specific cluster for the underlying provider. The underlying provider
+ is responsible for the implementation of the template to an infrastructure
+ cluster.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom resource
+ offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ patches:
+ description: 'Patches defines the patches which are applied to customize
+ referenced templates of a ClusterClass. Note: Patches will be applied
+ in the order of the array.'
+ items:
+ description: ClusterClassPatch defines a patch which is applied
+ to customize the referenced templates.
+ properties:
+ definitions:
+ description: 'Definitions define inline patches. Note: Patches
+ will be applied in the order of the array. Note: Exactly one
+ of Definitions or External must be set.'
+ items:
+ description: PatchDefinition defines a patch which is applied
+ to customize the referenced templates.
+ properties:
+ jsonPatches:
+ description: 'JSONPatches defines the patches which should
+ be applied on the templates matching the selector. Note:
+ Patches will be applied in the order of the array.'
+ items:
+ description: JSONPatch defines a JSON patch.
+ properties:
+ op:
+ description: 'Op defines the operation of the patch.
+ Note: Only `add`, `replace` and `remove` are supported.'
+ type: string
+ path:
+ description: 'Path defines the path of the patch.
+ Note: Only the spec of a template can be patched,
+ thus the path has to start with /spec/. Note:
+ For now the only allowed array modifications are
+ `append` and `prepend`, i.e.: * for op: `add`:
+ only index 0 (prepend) and - (append) are allowed
+ * for op: `replace` or `remove`: no indexes are
+ allowed'
+ type: string
+ value:
+ description: 'Value defines the value of the patch.
+ Note: Either Value or ValueFrom is required for
+ add and replace operations. Only one of them is
+ allowed to be set at the same time. Note: We have
+ to use apiextensionsv1.JSON instead of our JSON
+ type, because controller-tools has a hard-coded
+ schema for apiextensionsv1.JSON which cannot be
+ produced by another type (unset type field). Ref:
+ https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+ x-kubernetes-preserve-unknown-fields: true
+ valueFrom:
+ description: 'ValueFrom defines the value of the
+ patch. Note: Either Value or ValueFrom is required
+ for add and replace operations. Only one of them
+ is allowed to be set at the same time.'
+ properties:
+ template:
+ description: 'Template is the Go template to
+ be used to calculate the value. A template
+ can reference variables defined in .spec.variables
+ and builtin variables. Note: The template
+ must evaluate to a valid YAML or JSON value.'
+ type: string
+ variable:
+ description: Variable is the variable to be
+ used as value. Variable can be one of the
+ variables defined in .spec.variables or a
+ builtin variable.
+ type: string
+ type: object
+ required:
+ - op
+ - path
+ type: object
+ type: array
+ selector:
+ description: Selector defines on which templates the patch
+ should be applied.
+ properties:
+ apiVersion:
+ description: APIVersion filters templates by apiVersion.
+ type: string
+ kind:
+ description: Kind filters templates by kind.
+ type: string
+ matchResources:
+ description: MatchResources selects templates based
+ on where they are referenced.
+ properties:
+ controlPlane:
+ description: 'ControlPlane selects templates referenced
+ in .spec.ControlPlane. Note: this will match
+ the controlPlane and also the controlPlane machineInfrastructure
+ (depending on the kind and apiVersion).'
+ type: boolean
+ infrastructureCluster:
+ description: InfrastructureCluster selects templates
+ referenced in .spec.infrastructure.
+ type: boolean
+ machineDeploymentClass:
+ description: MachineDeploymentClass selects templates
+ referenced in specific MachineDeploymentClasses
+ in .spec.workers.machineDeployments.
+ properties:
+ names:
+ description: Names selects templates by class
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - apiVersion
+ - kind
+ - matchResources
+ type: object
+ required:
+ - jsonPatches
+ - selector
+ type: object
+ type: array
+ description:
+ description: Description is a human-readable description of
+ this patch.
+ type: string
+ enabledIf:
+ description: EnabledIf is a Go template to be used to calculate
+ if a patch should be enabled. It can reference variables defined
+ in .spec.variables and builtin variables. The patch will be
+ enabled if the template evaluates to `true`, otherwise it
+ will be disabled. If EnabledIf is not set, the patch will
+ be enabled per default.
+ type: string
+ external:
+ description: 'External defines an external patch. Note: Exactly
+ one of Definitions or External must be set.'
+ properties:
+ generateExtension:
+ description: GenerateExtension references an extension which
+ is called to generate patches.
+ type: string
+ validateExtension:
+ description: ValidateExtension references an extension which
+ is called to validate the topology.
+ type: string
+ type: object
+ name:
+ description: Name of the patch.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ variables:
+ description: Variables defines the variables which can be configured
+ in the Cluster topology and are then used in patches.
+ items:
+ description: ClusterClassVariable defines a variable which can be
+ configured in the Cluster topology and used in patches.
+ properties:
+ name:
+ description: Name of the variable.
+ type: string
+ required:
+ description: 'Required specifies if the variable is required.
+ Note: this applies to the variable as a whole and thus the
+ top-level object defined in the schema. If nested fields are
+ required, this will be specified inside the schema.'
+ type: boolean
+ schema:
+ description: Schema defines the schema of the variable.
+ properties:
+ openAPIV3Schema:
+ description: OpenAPIV3Schema defines the schema of a variable
+ via OpenAPI v3 schema. The schema is a subset of the schema
+ used in Kubernetes CRDs.
+ properties:
+ additionalProperties:
+ description: 'AdditionalProperties specifies the schema
+ of values in a map (keys are always strings). NOTE:
+ Can only be set if type is object. NOTE: AdditionalProperties
+ is mutually exclusive with Properties. NOTE: This
+ field uses PreserveUnknownFields and Schemaless, because
+ recursive validation is not possible.'
+ x-kubernetes-preserve-unknown-fields: true
+ default:
+ description: 'Default is the default value of the variable.
+ NOTE: Can be set for all types.'
+ x-kubernetes-preserve-unknown-fields: true
+ description:
+ description: Description is a human-readable description
+ of this variable.
+ type: string
+ enum:
+ description: 'Enum is the list of valid values of the
+ variable. NOTE: Can be set for all types.'
+ items:
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ example:
+ description: Example is an example for this variable.
+ x-kubernetes-preserve-unknown-fields: true
+ exclusiveMaximum:
+ description: 'ExclusiveMaximum specifies if the Maximum
+ is exclusive. NOTE: Can only be set if type is integer
+ or number.'
+ type: boolean
+ exclusiveMinimum:
+ description: 'ExclusiveMinimum specifies if the Minimum
+ is exclusive. NOTE: Can only be set if type is integer
+ or number.'
+ type: boolean
+ format:
+ description: 'Format is an OpenAPI v3 format string.
+ Unknown formats are ignored. For a list of supported
+ formats please see: (of the k8s.io/apiextensions-apiserver
+ version we''re currently using) https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go
+ NOTE: Can only be set if type is string.'
+ type: string
+ items:
+ description: 'Items specifies fields of an array. NOTE:
+ Can only be set if type is array. NOTE: This field
+ uses PreserveUnknownFields and Schemaless, because
+ recursive validation is not possible.'
+ x-kubernetes-preserve-unknown-fields: true
+ maxItems:
+ description: 'MaxItems is the max length of an array
+ variable. NOTE: Can only be set if type is array.'
+ format: int64
+ type: integer
+ maxLength:
+ description: 'MaxLength is the max length of a string
+ variable. NOTE: Can only be set if type is string.'
+ format: int64
+ type: integer
+ maximum:
+ description: 'Maximum is the maximum of an integer or
+ number variable. If ExclusiveMaximum is false, the
+ variable is valid if it is lower than, or equal to,
+ the value of Maximum. If ExclusiveMaximum is true,
+ the variable is valid if it is strictly lower than
+ the value of Maximum. NOTE: Can only be set if type
+ is integer or number.'
+ format: int64
+ type: integer
+ minItems:
+ description: 'MinItems is the min length of an array
+ variable. NOTE: Can only be set if type is array.'
+ format: int64
+ type: integer
+ minLength:
+ description: 'MinLength is the min length of a string
+ variable. NOTE: Can only be set if type is string.'
+ format: int64
+ type: integer
+ minimum:
+ description: 'Minimum is the minimum of an integer or
+ number variable. If ExclusiveMinimum is false, the
+ variable is valid if it is greater than, or equal
+ to, the value of Minimum. If ExclusiveMinimum is true,
+ the variable is valid if it is strictly greater than
+ the value of Minimum. NOTE: Can only be set if type
+ is integer or number.'
+ format: int64
+ type: integer
+ pattern:
+ description: 'Pattern is the regex which a string variable
+ must match. NOTE: Can only be set if type is string.'
+ type: string
+ properties:
+ description: 'Properties specifies fields of an object.
+ NOTE: Can only be set if type is object. NOTE: Properties
+ is mutually exclusive with AdditionalProperties. NOTE:
+ This field uses PreserveUnknownFields and Schemaless,
+ because recursive validation is not possible.'
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ description: 'Required specifies which fields of an
+ object are required. NOTE: Can only be set if type
+ is object.'
+ items:
+ type: string
+ type: array
+ type:
+ description: 'Type is the type of the variable. Valid
+ values are: object, array, string, integer, number
+ or boolean.'
+ type: string
+ uniqueItems:
+ description: 'UniqueItems specifies if items in an array
+ must be unique. NOTE: Can only be set if type is array.'
+ type: boolean
+ x-kubernetes-preserve-unknown-fields:
+ description: XPreserveUnknownFields allows setting fields
+ in a variable object which are not defined in the
+ variable schema. This affects fields recursively,
+ except if nested properties or additionalProperties
+ are specified in the schema.
+ type: boolean
+ required:
+ - type
+ type: object
+ required:
+ - openAPIV3Schema
+ type: object
+ required:
+ - name
+ - required
+ - schema
+ type: object
+ type: array
+ workers:
+ description: Workers describes the worker nodes for the cluster. It
+ is a collection of node types which can be used to create the worker
+ nodes of the cluster.
+ properties:
+ machineDeployments:
+ description: MachineDeployments is a list of machine deployment
+ classes that can be used to create a set of worker nodes.
+ items:
+ description: MachineDeploymentClass serves as a template to
+ define a set of worker nodes of the cluster provisioned using
+ the `ClusterClass`.
+ properties:
+ class:
+ description: Class denotes a type of worker node present
+ in the cluster, this name MUST be unique within a ClusterClass
+ and can be referenced in the Cluster to create a managed
+ MachineDeployment.
+ type: string
+ failureDomain:
+ description: 'FailureDomain is the failure domain the machines
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object. NOTE: This value can
+ be overridden while defining a Cluster.Topology using
+ this MachineDeploymentClass.'
+ type: string
+ machineHealthCheck:
+ description: MachineHealthCheck defines a MachineHealthCheck
+ for this MachineDeploymentClass.
+ properties:
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed
+ if at most "MaxUnhealthy" machines selected by "selector"
+ are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without
+ a node will be considered to have failed and will
+ be remediated. If you wish to disable this feature,
+ set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to
+ a remediation template provided by an infrastructure
+ provider. \n This field is completely optional, when
+ filled, the MachineHealthCheck controller creates
+ a new object from the template referenced and hands
+ off remediation of the machine to a controller that
+ lives outside of Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like:
+ "spec.containers{name}" (where "name" refers to
+ the name of the container that triggered the event)
+ or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax
+ is chosen only to have some well-defined way of
+ referencing a part of an object. TODO: this design
+ is not final and this field is subject to change
+ in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of
+ the conditions that determine whether a node is considered
+ unhealthy. The conditions are combined in a logical
+ OR, i.e. if any of the conditions is met, the node
+ is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node
+ condition type and value with a timeout specified
+ as a duration. When the named condition has been
+ in the given status for at least the timeout value,
+ a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed
+ if the number of machines selected by "selector" as
+ not healthy is within the range of "UnhealthyRange".
+ Takes precedence over MaxUnhealthy. Eg. "[3-5]" -
+ This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and)
+ (b) there are at most 5 unhealthy machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ minReadySeconds:
+ description: 'Minimum number of seconds for which a newly
+ created machine should be ready. Defaults to 0 (machine
+ will be considered available as soon as it is ready) NOTE:
+ This value can be overridden while defining a Cluster.Topology
+ using this MachineDeploymentClass.'
+ format: int32
+ type: integer
+ nodeDeletionTimeout:
+ description: 'NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts
+ after the Machine is marked for deletion. A duration of
+ 0 will retry deletion indefinitely. Defaults to 10 seconds.
+ NOTE: This value can be overridden while defining a Cluster.Topology
+ using this MachineDeploymentClass.'
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The
+ default value is 0, meaning that the node can be drained
+ without any time limitations. NOTE: NodeDrainTimeout is
+ different from `kubectl drain --timeout` NOTE: This value
+ can be overridden while defining a Cluster.Topology using
+ this MachineDeploymentClass.'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: 'NodeVolumeDetachTimeout is the total amount
+ of time that the controller will spend on waiting for
+ all volumes to be detached. The default value is 0, meaning
+ that the volumes can be detached without any time limitations.
+ NOTE: This value can be overridden while defining a Cluster.Topology
+ using this MachineDeploymentClass.'
+ type: string
+ strategy:
+ description: 'The deployment strategy to use to replace
+ existing machines with new ones. NOTE: This value can
+ be overridden while defining a Cluster.Topology using
+ this MachineDeploymentClass.'
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only
+ if MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: DeletePolicy defines the policy used
+ by the MachineDeployment to identify nodes to
+ delete when downscaling. Valid values are "Random,
+ "Newest", "Oldest" When no value is supplied,
+ the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that
+ can be scheduled above the desired number of machines.
+ Value can be an absolute number (ex: 5) or a percentage
+ of desired machines (ex: 10%). This can not be
+ 0 if MaxUnavailable is 0. Absolute number is calculated
+ from percentage by rounding up. Defaults to 1.
+ Example: when this is set to 30%, the new MachineSet
+ can be scaled up immediately when the rolling
+ update starts, such that the total number of old
+ and new machines do not exceed 130% of desired
+ machines. Once old machines have been killed,
+ new MachineSet can be scaled up further, ensuring
+ that total number of machines running at any time
+ during the update is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that
+ can be unavailable during the update. Value can
+ be an absolute number (ex: 5) or a percentage
+ of desired machines (ex: 10%). Absolute number
+ is calculated from percentage by rounding down.
+ This can not be 0 if MaxSurge is 0. Defaults to
+ 0. Example: when this is set to 30%, the old MachineSet
+ can be scaled down to 70% of desired machines
+ immediately when the rolling update starts. Once
+ new machines are ready, old MachineSet can be
+ scaled down further, followed by scaling up the
+ new MachineSet, ensuring that the total number
+ of machines available at all times during the
+ update is at least 70% of desired machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: Template is a local struct containing a collection
+ of templates for creation of MachineDeployment objects
+ representing a set of worker nodes.
+ properties:
+ bootstrap:
+ description: Bootstrap contains the bootstrap template
+ reference to be used for the creation of worker Machines.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom
+ resource offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an
+ object instead of an entire object, this string
+ should contain a valid JSON/Go field access
+ statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to
+ a container within a pod, this would take
+ on a value like: "spec.containers{name}" (where
+ "name" refers to the name of the container
+ that triggered the event) or if no container
+ name is specified "spec.containers[2]" (container
+ with index 2 in this pod). This syntax is
+ chosen only to have some well-defined way
+ of referencing a part of an object. TODO:
+ this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ infrastructure:
+ description: Infrastructure contains the infrastructure
+ template reference to be used for the creation of
+ worker Machines.
+ properties:
+ ref:
+ description: Ref is a required reference to a custom
+ resource offered by a provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an
+ object instead of an entire object, this string
+ should contain a valid JSON/Go field access
+ statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to
+ a container within a pod, this would take
+ on a value like: "spec.containers{name}" (where
+ "name" refers to the name of the container
+ that triggered the event) or if no container
+ name is specified "spec.containers[2]" (container
+ with index 2 in this pod). This syntax is
+ chosen only to have some well-defined way
+ of referencing a part of an object. TODO:
+ this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - ref
+ type: object
+ metadata:
+ description: Metadata is the metadata applied to the
+ machines of the MachineDeployment. At runtime this
+ metadata is merged with the corresponding metadata
+ from the topology.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key
+ value map stored with a resource that may be set
+ by external tools to store and retrieve arbitrary
+ metadata. They are not queryable and should be
+ preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that
+ can be used to organize and categorize (scope
+ and select) objects. May match selectors of replication
+ controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ required:
+ - bootstrap
+ - infrastructure
+ type: object
+ required:
+ - class
+ - template
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: ClusterClassStatus defines the observed state of the ClusterClass.
+ properties:
+ conditions:
+ description: Conditions defines current observed state of the ClusterClass.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterresourcesetbindings.addons.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: addons.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterResourceSetBinding
+ listKind: ClusterResourceSetBindingList
+ plural: clusterresourcesetbindings
+ singular: clusterresourcesetbinding
+ scope: Namespaced
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+ with the cluster it belongs to.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: Bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: ClusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: Resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: Applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: Hash is the hash of a resource's data. This
+ can be used to decide if a resource is changed. For
+ "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+ no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'Kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: LastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: Name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSetBinding
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+ with the cluster it belongs to.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: Bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: ClusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: Resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: Applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: Hash is the hash of a resource's data. This
+ can be used to decide if a resource is changed. For
+ "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+ no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'Kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: LastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: Name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSetBinding
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSetBinding lists all matching ClusterResourceSets
+ with the cluster it belongs to.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetBindingSpec defines the desired state of
+ ClusterResourceSetBinding.
+ properties:
+ bindings:
+ description: Bindings is a list of ClusterResourceSets and their resources.
+ items:
+ description: ResourceSetBinding keeps info on all of the resources
+ in a ClusterResourceSet.
+ properties:
+ clusterResourceSetName:
+ description: ClusterResourceSetName is the name of the ClusterResourceSet
+ that is applied to the owner cluster of the binding.
+ type: string
+ resources:
+ description: Resources is a list of resources that the ClusterResourceSet
+ has.
+ items:
+ description: ResourceBinding shows the status of a resource
+ that belongs to a ClusterResourceSet matched by the owner
+ cluster of the ClusterResourceSetBinding object.
+ properties:
+ applied:
+ description: Applied is to track if a resource is applied
+ to the cluster or not.
+ type: boolean
+ hash:
+ description: Hash is the hash of a resource's data. This
+ can be used to decide if a resource is changed. For
+ "ApplyOnce" ClusterResourceSet.spec.strategy, this is
+ no-op as that strategy does not act on change.
+ type: string
+ kind:
+ description: 'Kind of the resource. Supported kinds are:
+ Secrets and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ lastAppliedTime:
+ description: LastAppliedTime identifies when this resource
+ was last applied to the cluster.
+ format: date-time
+ type: string
+ name:
+ description: Name of the resource that is in the same
+ namespace with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - applied
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - clusterResourceSetName
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusterresourcesets.addons.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: addons.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ClusterResourceSet
+ listKind: ClusterResourceSetList
+ plural: clusterresourcesets
+ singular: clusterresourceset
+ scope: Namespaced
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSet is the Schema for the clusterresourcesets
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: Label selector for Clusters. The Clusters that are selected
+ by this will be the ones affected by this ClusterResourceSet. It
+ must match the Cluster labels. This field is immutable.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'Kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: Strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: Conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSet is the Schema for the clusterresourcesets
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: Label selector for Clusters. The Clusters that are selected
+ by this will be the ones affected by this ClusterResourceSet. It
+ must match the Cluster labels. This field is immutable. Label selector
+ cannot be empty.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'Kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: Strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: Conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ClusterResourceSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterResourceSet is the Schema for the clusterresourcesets
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet.
+ properties:
+ clusterSelector:
+ description: Label selector for Clusters. The Clusters that are selected
+ by this will be the ones affected by this ClusterResourceSet. It
+ must match the Cluster labels. This field is immutable. Label selector
+ cannot be empty.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ resources:
+ description: Resources is a list of Secrets/ConfigMaps where each
+ contains 1 or more resources to be applied to remote clusters.
+ items:
+ description: ResourceRef specifies a resource.
+ properties:
+ kind:
+ description: 'Kind of the resource. Supported kinds are: Secrets
+ and ConfigMaps.'
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ name:
+ description: Name of the resource that is in the same namespace
+ with ClusterResourceSet object.
+ minLength: 1
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ strategy:
+ description: Strategy is the strategy to be used during applying resources.
+ Defaults to ApplyOnce. This field is immutable.
+ enum:
+ - ApplyOnce
+ type: string
+ required:
+ - clusterSelector
+ type: object
+ status:
+ description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet.
+ properties:
+ conditions:
+ description: Conditions defines current state of the ClusterResourceSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed ClusterResourceSet.
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: clusters.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Cluster
+ listKind: ClusterList
+ plural: clusters
+ shortNames:
+ - cl
+ singular: cluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: Cluster is the Schema for the clusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: APIServerPort specifies the port the API Server should
+ bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: ControlPlaneRef is an optional reference to a provider-specific
+ resource that holds the details for provisioning the Control Plane
+ for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: InfrastructureRef is a reference to a provider-specific
+ resource that holds the details for provisioning infrastructure
+ for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: Paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneInitialized:
+ description: ControlPlaneInitialized defines if the control plane
+ has been initialized.
+ type: boolean
+ controlPlaneReady:
+ description: ControlPlaneReady defines if the control plane is ready.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: FailureMessage indicates that there is a fatal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a fatal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of Cluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: Cluster is the Schema for the clusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: APIServerPort specifies the port the API Server should
+ bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: ControlPlaneRef is an optional reference to a provider-specific
+ resource that holds the details for provisioning the Control Plane
+ for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: InfrastructureRef is a reference to a provider-specific
+ resource that holds the details for provisioning infrastructure
+ for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: Paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ topology:
+ description: 'This encapsulates the topology for the cluster. NOTE:
+ It is required to enable the ClusterTopology feature gate flag to
+ activate managed topologies support; this feature is highly experimental,
+ and parts of it might still be not implemented.'
+ properties:
+ class:
+ description: The name of the ClusterClass object to create the
+ topology.
+ type: string
+ controlPlane:
+ description: ControlPlane describes the cluster control plane.
+ properties:
+ metadata:
+ description: "Metadata is the metadata applied to the machines
+ of the ControlPlane. At runtime this metadata is merged
+ with the corresponding metadata from the ClusterClass. \n
+ This field is supported if and only if the control plane
+ provider template referenced in the ClusterClass is Machine
+ based."
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ replicas:
+ description: Replicas is the number of control plane nodes.
+ If the value is nil, the ControlPlane object is created
+ without the number of Replicas and it's assumed that the
+ control plane controller does not implement support for
+ this field. When specified against a control plane provider
+ that lacks support for this field, this value will be ignored.
+ format: int32
+ type: integer
+ type: object
+ rolloutAfter:
+ description: RolloutAfter performs a rollout of the entire cluster
+ one component at a time, control plane first and then machine
+ deployments.
+ format: date-time
+ type: string
+ version:
+ description: The Kubernetes version of the cluster.
+ type: string
+ workers:
+ description: Workers encapsulates the different constructs that
+ form the worker nodes for the cluster.
+ properties:
+ machineDeployments:
+ description: MachineDeployments is a list of machine deployments
+ in the cluster.
+ items:
+ description: MachineDeploymentTopology specifies the different
+ parameters for a set of worker nodes in the topology.
+ This set of nodes is managed by a MachineDeployment object
+ whose lifecycle is managed by the Cluster controller.
+ properties:
+ class:
+ description: Class is the name of the MachineDeploymentClass
+ used to create the set of worker nodes. This should
+ match one of the deployment classes defined in the
+ ClusterClass object mentioned in the `Cluster.Spec.Class`
+ field.
+ type: string
+ metadata:
+ description: Metadata is the metadata applied to the
+ machines of the MachineDeployment. At runtime this
+ metadata is merged with the corresponding metadata
+ from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key
+ value map stored with a resource that may be set
+ by external tools to store and retrieve arbitrary
+ metadata. They are not queryable and should be
+ preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that
+ can be used to organize and categorize (scope
+ and select) objects. May match selectors of replication
+ controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ name:
+ description: Name is the unique identifier for this
+ MachineDeploymentTopology. The value is used with
+ other unique identifiers to create a MachineDeployment's
+ Name (e.g. cluster's name, etc). In case the name
+ is greater than the allowed maximum length, the values
+ are hashed together.
+ type: string
+ replicas:
+ description: Replicas is the number of worker nodes
+ belonging to this set. If the value is nil, the MachineDeployment
+ is created without the number of Replicas (defaulting
+ to zero) and it's assumed that an external entity
+ (like cluster autoscaler) is responsible for the management
+ of this value.
+ format: int32
+ type: integer
+ required:
+ - class
+ - name
+ type: object
+ type: array
+ type: object
+ required:
+ - class
+ - version
+ type: object
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneReady:
+ description: ControlPlaneReady defines if the control plane is ready.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: FailureMessage indicates that there is a fatal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a fatal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of Cluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this Cluster
+ jsonPath: .spec.topology.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Cluster is the Schema for the clusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterSpec defines the desired state of Cluster.
+ properties:
+ clusterNetwork:
+ description: Cluster network configuration.
+ properties:
+ apiServerPort:
+ description: APIServerPort specifies the port the API Server should
+ bind to. Defaults to 6443.
+ format: int32
+ type: integer
+ pods:
+ description: The network ranges from which Pod networks are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ serviceDomain:
+ description: Domain name for services.
+ type: string
+ services:
+ description: The network ranges from which service VIPs are allocated.
+ properties:
+ cidrBlocks:
+ items:
+ type: string
+ type: array
+ required:
+ - cidrBlocks
+ type: object
+ type: object
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneRef:
+ description: ControlPlaneRef is an optional reference to a provider-specific
+ resource that holds the details for provisioning the Control Plane
+ for a Cluster.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ infrastructureRef:
+ description: InfrastructureRef is a reference to a provider-specific
+ resource that holds the details for provisioning infrastructure
+ for a cluster in said provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ paused:
+ description: Paused can be used to prevent controllers from processing
+ the Cluster and all its associated objects.
+ type: boolean
+ topology:
+ description: 'This encapsulates the topology for the cluster. NOTE:
+ It is required to enable the ClusterTopology feature gate flag to
+ activate managed topologies support; this feature is highly experimental,
+ and parts of it might still be not implemented.'
+ properties:
+ class:
+ description: The name of the ClusterClass object to create the
+ topology.
+ type: string
+ controlPlane:
+ description: ControlPlane describes the cluster control plane.
+ properties:
+ machineHealthCheck:
+ description: MachineHealthCheck allows to enable, disable
+ and override the MachineHealthCheck configuration in the
+ ClusterClass for this control plane.
+ properties:
+ enable:
+ description: "Enable controls if a MachineHealthCheck
+ should be created for the target machines. \n If false:
+ No MachineHealthCheck will be created. \n If not set(default):
+ A MachineHealthCheck will be created if it is defined
+ here or in the associated ClusterClass. If no MachineHealthCheck
+ is defined then none will be created. \n If true: A
+ MachineHealthCheck is guaranteed to be created. Cluster
+ validation will block if `enable` is true and no MachineHealthCheck
+ definition is available."
+ type: boolean
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed if
+ at most "MaxUnhealthy" machines selected by "selector"
+ are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without
+ a node will be considered to have failed and will be
+ remediated. If you wish to disable this feature, set
+ the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to a
+ remediation template provided by an infrastructure provider.
+ \n This field is completely optional, when filled, the
+ MachineHealthCheck controller creates a new object from
+ the template referenced and hands off remediation of
+ the machine to a controller that lives outside of Cluster
+ API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of the
+ conditions that determine whether a node is considered
+ unhealthy. The conditions are combined in a logical
+ OR, i.e. if any of the conditions is met, the node is
+ unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node condition
+ type and value with a timeout specified as a duration. When
+ the named condition has been in the given status for
+ at least the timeout value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed
+ if the number of machines selected by "selector" as
+ not healthy is within the range of "UnhealthyRange".
+ Takes precedence over MaxUnhealthy. Eg. "[3-5]" - This
+ means that remediation will be allowed only when: (a)
+ there are at least 3 unhealthy machines (and) (b) there
+ are at most 5 unhealthy machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ metadata:
+ description: "Metadata is the metadata applied to the machines
+ of the ControlPlane. At runtime this metadata is merged
+ with the corresponding metadata from the ClusterClass. \n
+ This field is supported if and only if the control plane
+ provider template referenced in the ClusterClass is Machine
+ based."
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value
+ map stored with a resource that may be set by external
+ tools to store and retrieve arbitrary metadata. They
+ are not queryable and should be preserved when modifying
+ objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be
+ used to organize and categorize (scope and select) objects.
+ May match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts after
+ the Machine is marked for deletion. A duration of 0 will
+ retry deletion indefinitely. Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of
+ time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the
+ volumes can be detached without any time limitations.
+ type: string
+ replicas:
+ description: Replicas is the number of control plane nodes.
+ If the value is nil, the ControlPlane object is created
+ without the number of Replicas and it's assumed that the
+ control plane controller does not implement support for
+ this field. When specified against a control plane provider
+ that lacks support for this field, this value will be ignored.
+ format: int32
+ type: integer
+ type: object
+ rolloutAfter:
+ description: RolloutAfter performs a rollout of the entire cluster
+ one component at a time, control plane first and then machine
+ deployments.
+ format: date-time
+ type: string
+ variables:
+ description: Variables can be used to customize the Cluster through
+ patches. They must comply to the corresponding VariableClasses
+ defined in the ClusterClass.
+ items:
+ description: ClusterVariable can be used to customize the Cluster
+ through patches. It must comply to the corresponding ClusterClassVariable
+ defined in the ClusterClass.
+ properties:
+ name:
+ description: Name of the variable.
+ type: string
+ value:
+ description: 'Value of the variable. Note: the value will
+ be validated against the schema of the corresponding ClusterClassVariable
+ from the ClusterClass. Note: We have to use apiextensionsv1.JSON
+ instead of a custom JSON type, because controller-tools
+ has a hard-coded schema for apiextensionsv1.JSON which
+ cannot be produced by another type via controller-tools,
+ i.e. it is not possible to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ version:
+ description: The Kubernetes version of the cluster.
+ type: string
+ workers:
+ description: Workers encapsulates the different constructs that
+ form the worker nodes for the cluster.
+ properties:
+ machineDeployments:
+ description: MachineDeployments is a list of machine deployments
+ in the cluster.
+ items:
+ description: MachineDeploymentTopology specifies the different
+ parameters for a set of worker nodes in the topology.
+ This set of nodes is managed by a MachineDeployment object
+ whose lifecycle is managed by the Cluster controller.
+ properties:
+ class:
+ description: Class is the name of the MachineDeploymentClass
+ used to create the set of worker nodes. This should
+ match one of the deployment classes defined in the
+ ClusterClass object mentioned in the `Cluster.Spec.Class`
+ field.
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the
+ machines will be created in. Must match a key in the
+ FailureDomains map stored on the cluster object.
+ type: string
+ machineHealthCheck:
+ description: MachineHealthCheck allows to enable, disable
+ and override the MachineHealthCheck configuration
+ in the ClusterClass for this MachineDeployment.
+ properties:
+ enable:
+ description: "Enable controls if a MachineHealthCheck
+ should be created for the target machines. \n
+ If false: No MachineHealthCheck will be created.
+ \n If not set(default): A MachineHealthCheck will
+ be created if it is defined here or in the associated
+ ClusterClass. If no MachineHealthCheck is defined
+ then none will be created. \n If true: A MachineHealthCheck
+ is guaranteed to be created. Cluster validation
+ will block if `enable` is true and no MachineHealthCheck
+ definition is available."
+ type: boolean
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed
+ if at most "MaxUnhealthy" machines selected by
+ "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without
+ a node will be considered to have failed and will
+ be remediated. If you wish to disable this feature,
+ set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference
+ to a remediation template provided by an infrastructure
+ provider. \n This field is completely optional,
+ when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced
+ and hands off remediation of the machine to a
+ controller that lives outside of Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an
+ object instead of an entire object, this string
+ should contain a valid JSON/Go field access
+ statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to
+ a container within a pod, this would take
+ on a value like: "spec.containers{name}" (where
+ "name" refers to the name of the container
+ that triggered the event) or if no container
+ name is specified "spec.containers[2]" (container
+ with index 2 in this pod). This syntax is
+ chosen only to have some well-defined way
+ of referencing a part of an object. TODO:
+ this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which
+ this reference is made, if any. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list
+ of the conditions that determine whether a node
+ is considered unhealthy. The conditions are combined
+ in a logical OR, i.e. if any of the conditions
+ is met, the node is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node
+ condition type and value with a timeout specified
+ as a duration. When the named condition has
+ been in the given status for at least the timeout
+ value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed
+ if the number of machines selected by "selector"
+ as not healthy is within the range of "UnhealthyRange".
+ Takes precedence over MaxUnhealthy. Eg. "[3-5]"
+ - This means that remediation will be allowed
+ only when: (a) there are at least 3 unhealthy
+ machines (and) (b) there are at most 5 unhealthy
+ machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ type: object
+ metadata:
+ description: Metadata is the metadata applied to the
+ machines of the MachineDeployment. At runtime this
+ metadata is merged with the corresponding metadata
+ from the ClusterClass.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key
+ value map stored with a resource that may be set
+ by external tools to store and retrieve arbitrary
+ metadata. They are not queryable and should be
+ preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that
+ can be used to organize and categorize (scope
+ and select) objects. May match selectors of replication
+ controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly
+ created machine should be ready. Defaults to 0 (machine
+ will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ name:
+ description: Name is the unique identifier for this
+ MachineDeploymentTopology. The value is used with
+ other unique identifiers to create a MachineDeployment's
+ Name (e.g. cluster's name, etc). In case the name
+ is greater than the allowed maximum length, the values
+ are hashed together.
+ type: string
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the
+ controller will attempt to delete the Node that the
+ Machine hosts after the Machine is marked for deletion.
+ A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of
+ time that the controller will spend on draining a
+ node. The default value is 0, meaning that the node
+ can be drained without any time limitations. NOTE:
+ NodeDrainTimeout is different from `kubectl drain
+ --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount
+ of time that the controller will spend on waiting
+ for all volumes to be detached. The default value
+ is 0, meaning that the volumes can be detached without
+ any time limitations.
+ type: string
+ replicas:
+ description: Replicas is the number of worker nodes
+ belonging to this set. If the value is nil, the MachineDeployment
+ is created without the number of Replicas (defaulting
+ to zero) and it's assumed that an external entity
+ (like cluster autoscaler) is responsible for the management
+ of this value.
+ format: int32
+ type: integer
+ strategy:
+ description: The deployment strategy to use to replace
+ existing machines with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present
+ only if MachineDeploymentStrategyType = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: DeletePolicy defines the policy
+ used by the MachineDeployment to identify
+ nodes to delete when downscaling. Valid values
+ are "Random, "Newest", "Oldest" When no value
+ is supplied, the default DeletePolicy of MachineSet
+ is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines
+ that can be scheduled above the desired number
+ of machines. Value can be an absolute number
+ (ex: 5) or a percentage of desired machines
+ (ex: 10%). This can not be 0 if MaxUnavailable
+ is 0. Absolute number is calculated from percentage
+ by rounding up. Defaults to 1. Example: when
+ this is set to 30%, the new MachineSet can
+ be scaled up immediately when the rolling
+ update starts, such that the total number
+ of old and new machines do not exceed 130%
+ of desired machines. Once old machines have
+ been killed, new MachineSet can be scaled
+ up further, ensuring that total number of
+ machines running at any time during the update
+ is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines
+ that can be unavailable during the update.
+ Value can be an absolute number (ex: 5) or
+ a percentage of desired machines (ex: 10%).
+ Absolute number is calculated from percentage
+ by rounding down. This can not be 0 if MaxSurge
+ is 0. Defaults to 0. Example: when this is
+ set to 30%, the old MachineSet can be scaled
+ down to 70% of desired machines immediately
+ when the rolling update starts. Once new machines
+ are ready, old MachineSet can be scaled down
+ further, followed by scaling up the new MachineSet,
+ ensuring that the total number of machines
+ available at all times during the update is
+ at least 70% of desired machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ variables:
+ description: Variables can be used to customize the
+ MachineDeployment through patches.
+ properties:
+ overrides:
+ description: Overrides can be used to override Cluster
+ level variables.
+ items:
+ description: ClusterVariable can be used to customize
+ the Cluster through patches. It must comply
+ to the corresponding ClusterClassVariable defined
+ in the ClusterClass.
+ properties:
+ name:
+ description: Name of the variable.
+ type: string
+ value:
+ description: 'Value of the variable. Note:
+ the value will be validated against the
+ schema of the corresponding ClusterClassVariable
+ from the ClusterClass. Note: We have to
+ use apiextensionsv1.JSON instead of a custom
+ JSON type, because controller-tools has
+ a hard-coded schema for apiextensionsv1.JSON
+ which cannot be produced by another type
+ via controller-tools, i.e. it is not possible
+ to have no type field. Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111'
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ type: object
+ required:
+ - class
+ - name
+ type: object
+ type: array
+ type: object
+ required:
+ - class
+ - version
+ type: object
+ type: object
+ status:
+ description: ClusterStatus defines the observed state of Cluster.
+ properties:
+ conditions:
+ description: Conditions defines current service state of the cluster.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ controlPlaneReady:
+ description: ControlPlaneReady defines if the control plane is ready.
+ type: boolean
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains is a slice of failure domain objects synced
+ from the infrastructure provider.
+ type: object
+ failureMessage:
+ description: FailureMessage indicates that there is a fatal problem
+ reconciling the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a fatal problem
+ reconciling the state, and will be set to a token value suitable
+ for programmatic interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: extensionconfigs.runtime.cluster.x-k8s.io
+spec:
+ group: runtime.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: ExtensionConfig
+ listKind: ExtensionConfigList
+ plural: extensionconfigs
+ shortNames:
+ - ext
+ singular: extensionconfig
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Time duration since creation of ExtensionConfig
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ExtensionConfig is the Schema for the ExtensionConfig API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ExtensionConfigSpec is the desired state of the ExtensionConfig
+ properties:
+ clientConfig:
+ description: ClientConfig defines how to communicate with the Extension
+ server.
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded CA bundle which will be
+ used to validate the Extension server's server certificate.
+ format: byte
+ type: string
+ service:
+ description: "Service is a reference to the Kubernetes service
+ for the Extension server. Note: Exactly one of `url` or `service`
+ must be specified. \n If the Extension server is running within
+ a cluster, then you should use `service`."
+ properties:
+ name:
+ description: Name is the name of the service.
+ type: string
+ namespace:
+ description: Namespace is the namespace of the service.
+ type: string
+ path:
+ description: Path is an optional URL path and if present may
+ be any string permissible in a URL. If a path is set it
+ will be used as prefix to the hook-specific path.
+ type: string
+ port:
+ description: Port is the port on the service that's hosting
+ the Extension server. Defaults to 443. Port should be a
+ valid port number (1-65535, inclusive).
+ format: int32
+ type: integer
+ required:
+ - name
+ - namespace
+ type: object
+ url:
+ description: "URL gives the location of the Extension server,
+ in standard URL form (`scheme://host:port/path`). Note: Exactly
+ one of `url` or `service` must be specified. \n The scheme must
+ be \"https\". \n The `host` should not refer to a service running
+ in the cluster; use the `service` field instead. \n A path is
+ optional, and if present may be any string permissible in a
+ URL. If a path is set it will be used as prefix to the hook-specific
+ path. \n Attempting to use a user or basic auth e.g. \"user:password@\"
+ is not allowed. Fragments (\"#...\") and query parameters (\"?...\")
+ are not allowed either."
+ type: string
+ type: object
+ namespaceSelector:
+ description: NamespaceSelector decides whether to call the hook for
+ an object based on whether the namespace for that object matches
+ the selector. Defaults to the empty LabelSelector, which matches
+ all objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ required:
+ - clientConfig
+ type: object
+ status:
+ description: ExtensionConfigStatus is the current state of the ExtensionConfig
+ properties:
+ conditions:
+ description: Conditions define the current service state of the ExtensionConfig.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ handlers:
+ description: Handlers defines the current ExtensionHandlers supported
+ by an Extension.
+ items:
+ description: ExtensionHandler specifies the details of a handler
+ for a particular runtime hook registered by an Extension server.
+ properties:
+ failurePolicy:
+ description: FailurePolicy defines how failures in calls to
+ the ExtensionHandler should be handled by a client. Defaults
+ to Fail if not set.
+ type: string
+ name:
+ description: Name is the unique name of the ExtensionHandler.
+ type: string
+ requestHook:
+ description: RequestHook defines the versioned runtime hook
+ which this ExtensionHandler serves.
+ properties:
+ apiVersion:
+ description: APIVersion is the group and version of the
+ Hook.
+ type: string
+ hook:
+ description: Hook is the name of the hook.
+ type: string
+ required:
+ - apiVersion
+ - hook
+ type: object
+ timeoutSeconds:
+ description: TimeoutSeconds defines the timeout duration for
+ client calls to the ExtensionHandler. Defaults to 10 is not
+ set.
+ format: int32
+ type: integer
+ required:
+ - name
+ - requestHook
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: ipaddressclaims.ipam.cluster.x-k8s.io
+spec:
+ group: ipam.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPAddressClaim
+ listKind: IPAddressClaimList
+ plural: ipaddressclaims
+ singular: ipaddressclaim
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Name of the pool to allocate an address from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool to allocate an address from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPAddressClaim is the Schema for the ipaddressclaim API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressClaimSpec is the desired state of an IPAddressClaim.
+ properties:
+ poolRef:
+ description: PoolRef is a reference to the pool from which an IP address
+ should be created.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in
+ the core API group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ required:
+ - poolRef
+ type: object
+ status:
+ description: IPAddressClaimStatus is the observed status of a IPAddressClaim.
+ properties:
+ addressRef:
+ description: AddressRef is a reference to the address that was created
+ for this claim.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ conditions:
+ description: Conditions summarises the current state of the IPAddressClaim
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ required:
+ - addressRef
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: ipaddresses.ipam.cluster.x-k8s.io
+spec:
+ group: ipam.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: IPAddress
+ listKind: IPAddressList
+ plural: ipaddresses
+ singular: ipaddress
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Address
+ jsonPath: .spec.address
+ name: Address
+ type: string
+ - description: Name of the pool the address is from
+ jsonPath: .spec.poolRef.name
+ name: Pool Name
+ type: string
+ - description: Kind of the pool the address is from
+ jsonPath: .spec.poolRef.kind
+ name: Pool Kind
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IPAddress is the Schema for the ipaddress API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressSpec is the desired state of an IPAddress.
+ properties:
+ address:
+ description: Address is the IP address.
+ type: string
+ claimRef:
+ description: ClaimRef is a reference to the claim this IPAddress was
+ created for.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ gateway:
+ description: Gateway is the network gateway of the network the address
+ is from.
+ type: string
+ poolRef:
+ description: PoolRef is a reference to the pool that this IPAddress
+ was created from.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in
+ the core API group. For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ prefix:
+ description: Prefix is the prefix of the address.
+ type: integer
+ required:
+ - address
+ - claimRef
+ - gateway
+ - poolRef
+ - prefix
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinedeployments.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineDeployment
+ listKind: MachineDeploymentList
+ plural: machinedeployments
+ shortNames:
+ - md
+ singular: machinedeployment
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: MachineDeployment is the Schema for the machinedeployments API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ should be ready. Defaults to 0 (machine will be considered available
+ as soon as it is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: The maximum time in seconds for a deployment to make
+ progress before it is considered to be failed. The deployment controller
+ will continue to process failed deployments and a condition with
+ a ProgressDeadlineExceeded reason will be surfaced in the deployment
+ status. Note that progress will not be estimated during the time
+ a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: Label selector for machines. Existing MachineSets whose
+ machines are selected by this will be the ones affected by this
+ deployment. It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: The deployment strategy to use to replace existing machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if MachineDeploymentStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be scheduled
+ above the desired number of machines. Value can be an absolute
+ number (ex: 5) or a percentage of desired machines (ex:
+ 10%). This can not be 0 if MaxUnavailable is 0. Absolute
+ number is calculated from percentage by rounding up. Defaults
+ to 1. Example: when this is set to 30%, the new MachineSet
+ can be scaled up immediately when the rolling update starts,
+ such that the total number of old and new machines do not
+ exceed 130% of desired machines. Once old machines have
+ been killed, new MachineSet can be scaled up further, ensuring
+ that total number of machines running at any time during
+ the update is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired machines (ex: 10%). Absolute
+ number is calculated from percentage by rounding down. This
+ can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+ this is set to 30%, the old MachineSet can be scaled down
+ to 70% of desired machines immediately when the rolling
+ update starts. Once new machines are ready, old MachineSet
+ can be scaled down further, followed by scaling up the new
+ MachineSet, ensuring that the total number of machines available
+ at all times during the update is at least 70% of desired
+ machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Currently the only supported
+ strategy is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ generateName:
+ description: "GenerateName is an optional prefix, used by
+ the server, to generate a unique name ONLY IF the Name field
+ has not been provided. If this field is used, the name returned
+ to the client will be different than the name passed. This
+ value will also be combined with a unique suffix. The provided
+ value has the same validation rules as the Name field, and
+ may be truncated by the length of the suffix required to
+ make the value unique on the server. \n If this field is
+ specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created
+ or 500 with Reason ServerTimeout indicating a unique name
+ could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the
+ Retry-After header). \n Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: "Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow
+ a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence
+ and configuration definition. Cannot be updated. More info:
+ http://kubernetes.io/docs/user-guide/identifiers#names \n
+ Deprecated: This field has no function and is going to be
+ removed in a next release."
+ type: string
+ namespace:
+ description: "Namespace defines the space within each name
+ must be unique. An empty namespace is equivalent to the
+ \"default\" namespace, but \"default\" is the canonical
+ representation. Not all objects are required to be scoped
+ to a namespace - the value of this field for those objects
+ will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ ownerReferences:
+ description: "List of objects depended by this object. If
+ ALL objects in the list have been deleted, this object will
+ be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller,
+ with the controller field set to true. There cannot be more
+ than one managing controller. \n Deprecated: This field
+ has no function and is going to be removed in a next release."
+ items:
+ description: OwnerReference contains enough information
+ to let you identify an owning object. An owning object
+ must be in the same namespace as the dependent, or be
+ cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the
+ key-value store until this reference is removed. See
+ https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this
+ field and enforces the foreground deletion. Defaults
+ to false. To set this field, a user needs "delete"
+ permission of the owner, otherwise 422 (Unprocessable
+ Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.Data
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: "Data contains the bootstrap data, such as
+ cloud-init details scripts. If nil, the Machine should
+ remain in the Pending state. \n Deprecated: Switch to
+ DataSecretName."
+ type: string
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: Total number of available machines (ready for at least
+ minReadySeconds) targeted by this deployment.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ deployment. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet available or
+ machines that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineDeployment
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: MachineDeployment is the Schema for the machinedeployments API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ should be ready. Defaults to 0 (machine will be considered available
+ as soon as it is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: The maximum time in seconds for a deployment to make
+ progress before it is considered to be failed. The deployment controller
+ will continue to process failed deployments and a condition with
+ a ProgressDeadlineExceeded reason will be surfaced in the deployment
+ status. Note that progress will not be estimated during the time
+ a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: Label selector for machines. Existing MachineSets whose
+ machines are selected by this will be the ones affected by this
+ deployment. It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: The deployment strategy to use to replace existing machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if MachineDeploymentStrategyType
+ = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: DeletePolicy defines the policy used by the MachineDeployment
+ to identify nodes to delete when downscaling. Valid values
+ are "Random, "Newest", "Oldest" When no value is supplied,
+ the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be scheduled
+ above the desired number of machines. Value can be an absolute
+ number (ex: 5) or a percentage of desired machines (ex:
+ 10%). This can not be 0 if MaxUnavailable is 0. Absolute
+ number is calculated from percentage by rounding up. Defaults
+ to 1. Example: when this is set to 30%, the new MachineSet
+ can be scaled up immediately when the rolling update starts,
+ such that the total number of old and new machines do not
+ exceed 130% of desired machines. Once old machines have
+ been killed, new MachineSet can be scaled up further, ensuring
+ that total number of machines running at any time during
+ the update is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired machines (ex: 10%). Absolute
+ number is calculated from percentage by rounding down. This
+ can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+ this is set to 30%, the old MachineSet can be scaled down
+ to 70% of desired machines immediately when the rolling
+ update starts. Once new machines are ready, old MachineSet
+ can be scaled down further, followed by scaling up the new
+ MachineSet, ensuring that the total number of machines available
+ at all times during the update is at least 70% of desired
+ machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: Total number of available machines (ready for at least
+ minReadySeconds) targeted by this deployment.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions defines current service state of the MachineDeployment.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ deployment. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet available or
+ machines that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this MachineDeployment
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this MachineDeployment
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this MachineDeployment
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of non-terminated machines targeted by this deployment
+ that have the desired template spec
+ jsonPath: .status.updatedReplicas
+ name: Updated
+ type: integer
+ - description: Total number of unavailable machines targeted by this MachineDeployment
+ jsonPath: .status.unavailableReplicas
+ name: Unavailable
+ type: integer
+ - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of MachineDeployment
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachineDeployment
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineDeployment is the Schema for the machinedeployments API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineDeploymentSpec defines the desired state of MachineDeployment.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ should be ready. Defaults to 0 (machine will be considered available
+ as soon as it is ready)
+ format: int32
+ type: integer
+ paused:
+ description: Indicates that the deployment is paused.
+ type: boolean
+ progressDeadlineSeconds:
+ description: The maximum time in seconds for a deployment to make
+ progress before it is considered to be failed. The deployment controller
+ will continue to process failed deployments and a condition with
+ a ProgressDeadlineExceeded reason will be surfaced in the deployment
+ status. Note that progress will not be estimated during the time
+ a deployment is paused. Defaults to 600s.
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ revisionHistoryLimit:
+ description: The number of old MachineSets to retain to allow rollback.
+ This is a pointer to distinguish between explicit zero and not specified.
+ Defaults to 1.
+ format: int32
+ type: integer
+ selector:
+ description: Label selector for machines. Existing MachineSets whose
+ machines are selected by this will be the ones affected by this
+ deployment. It must match the machine template's labels.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ strategy:
+ description: The deployment strategy to use to replace existing machines
+ with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if MachineDeploymentStrategyType
+ = RollingUpdate.
+ properties:
+ deletePolicy:
+ description: DeletePolicy defines the policy used by the MachineDeployment
+ to identify nodes to delete when downscaling. Valid values
+ are "Random, "Newest", "Oldest" When no value is supplied,
+ the default DeletePolicy of MachineSet is used
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be scheduled
+ above the desired number of machines. Value can be an absolute
+ number (ex: 5) or a percentage of desired machines (ex:
+ 10%). This can not be 0 if MaxUnavailable is 0. Absolute
+ number is calculated from percentage by rounding up. Defaults
+ to 1. Example: when this is set to 30%, the new MachineSet
+ can be scaled up immediately when the rolling update starts,
+ such that the total number of old and new machines do not
+ exceed 130% of desired machines. Once old machines have
+ been killed, new MachineSet can be scaled up further, ensuring
+ that total number of machines running at any time during
+ the update is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired machines (ex: 10%). Absolute
+ number is calculated from percentage by rounding down. This
+ can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+ this is set to 30%, the old MachineSet can be scaled down
+ to 70% of desired machines immediately when the rolling
+ update starts. Once new machines are ready, old MachineSet
+ can be scaled down further, followed by scaling up the new
+ MachineSet, ensuring that the total number of machines available
+ at all times during the update is at least 70% of desired
+ machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Default is RollingUpdate.
+ enum:
+ - RollingUpdate
+ - OnDelete
+ type: string
+ type: object
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts after
+ the Machine is marked for deletion. A duration of 0 will
+ retry deletion indefinitely. Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of
+ time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the
+ volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ - template
+ type: object
+ status:
+ description: MachineDeploymentStatus defines the observed state of MachineDeployment.
+ properties:
+ availableReplicas:
+ description: Total number of available machines (ready for at least
+ minReadySeconds) targeted by this deployment.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions defines current service state of the MachineDeployment.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: The generation observed by the deployment controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of a MachineDeployment
+ (ScalingUp, ScalingDown, Running, Failed, or Unknown).
+ type: string
+ readyReplicas:
+ description: Total number of ready machines targeted by this deployment.
+ format: int32
+ type: integer
+ replicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment (their labels match the selector).
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ unavailableReplicas:
+ description: Total number of unavailable machines targeted by this
+ deployment. This is the total number of machines that are still
+ required for the deployment to have 100% available capacity. They
+ may either be machines that are running but not yet available or
+ machines that still have not been created.
+ format: int32
+ type: integer
+ updatedReplicas:
+ description: Total number of non-terminated machines targeted by this
+ deployment that have the desired template spec.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinehealthchecks.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineHealthCheck
+ listKind: MachineHealthCheckList
+ plural: machinehealthchecks
+ shortNames:
+ - mhc
+ - mhcs
+ singular: machinehealthcheck
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: MachineHealthCheck is the Schema for the machinehealthchecks
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed if at most "MaxUnhealthy"
+ machines selected by "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without a node will
+ be considered to have failed and will be remediated.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to a remediation
+ template provided by an infrastructure provider. \n This field is
+ completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off
+ remediation of the machine to a controller that lives outside of
+ Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of the conditions
+ that determine whether a node is considered unhealthy. The conditions
+ are combined in a logical OR, i.e. if any of the conditions is met,
+ the node is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node condition type
+ and value with a timeout specified as a duration. When the named
+ condition has been in the given status for at least the timeout
+ value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ minItems: 1
+ type: array
+ required:
+ - clusterName
+ - selector
+ - unhealthyConditions
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: Conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: RemediationsAllowed is the number of further remediations
+ allowed by this machine health check before maxUnhealthy short circuiting
+ will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: Targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineHealthCheck
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: MachineHealthCheck is the Schema for the machinehealthchecks
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed if at most "MaxUnhealthy"
+ machines selected by "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without a node will
+ be considered to have failed and will be remediated. If not set,
+ this value is defaulted to 10 minutes. If you wish to disable this
+ feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to a remediation
+ template provided by an infrastructure provider. \n This field is
+ completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off
+ remediation of the machine to a controller that lives outside of
+ Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of the conditions
+ that determine whether a node is considered unhealthy. The conditions
+ are combined in a logical OR, i.e. if any of the conditions is met,
+ the node is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node condition type
+ and value with a timeout specified as a duration. When the named
+ condition has been in the given status for at least the timeout
+ value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ minItems: 1
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed if the number
+ of machines selected by "selector" as not healthy is within the
+ range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg.
+ "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and) (b) there are
+ at most 5 unhealthy machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ required:
+ - clusterName
+ - selector
+ - unhealthyConditions
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: Conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: RemediationsAllowed is the number of further remediations
+ allowed by this machine health check before maxUnhealthy short circuiting
+ will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: Targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Number of machines currently monitored
+ jsonPath: .status.expectedMachines
+ name: ExpectedMachines
+ type: integer
+ - description: Maximum number of unhealthy machines allowed
+ jsonPath: .spec.maxUnhealthy
+ name: MaxUnhealthy
+ type: string
+ - description: Current observed healthy machines
+ jsonPath: .status.currentHealthy
+ name: CurrentHealthy
+ type: integer
+ - description: Time duration since creation of MachineHealthCheck
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineHealthCheck is the Schema for the machinehealthchecks
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Specification of machine health check policy
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ maxUnhealthy:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Any further remediation is only allowed if at most "MaxUnhealthy"
+ machines selected by "selector" are not healthy.
+ x-kubernetes-int-or-string: true
+ nodeStartupTimeout:
+ description: Machines older than this duration without a node will
+ be considered to have failed and will be remediated. If not set,
+ this value is defaulted to 10 minutes. If you wish to disable this
+ feature, set the value explicitly to 0.
+ type: string
+ remediationTemplate:
+ description: "RemediationTemplate is a reference to a remediation
+ template provided by an infrastructure provider. \n This field is
+ completely optional, when filled, the MachineHealthCheck controller
+ creates a new object from the template referenced and hands off
+ remediation of the machine to a controller that lives outside of
+ Cluster API."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ selector:
+ description: Label selector to match machines whose health will be
+ exercised
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ unhealthyConditions:
+ description: UnhealthyConditions contains a list of the conditions
+ that determine whether a node is considered unhealthy. The conditions
+ are combined in a logical OR, i.e. if any of the conditions is met,
+ the node is unhealthy.
+ items:
+ description: UnhealthyCondition represents a Node condition type
+ and value with a timeout specified as a duration. When the named
+ condition has been in the given status for at least the timeout
+ value, a node is considered unhealthy.
+ properties:
+ status:
+ minLength: 1
+ type: string
+ timeout:
+ type: string
+ type:
+ minLength: 1
+ type: string
+ required:
+ - status
+ - timeout
+ - type
+ type: object
+ minItems: 1
+ type: array
+ unhealthyRange:
+ description: 'Any further remediation is only allowed if the number
+ of machines selected by "selector" as not healthy is within the
+ range of "UnhealthyRange". Takes precedence over MaxUnhealthy. Eg.
+ "[3-5]" - This means that remediation will be allowed only when:
+ (a) there are at least 3 unhealthy machines (and) (b) there are
+ at most 5 unhealthy machines'
+ pattern: ^\[[0-9]+-[0-9]+\]$
+ type: string
+ required:
+ - clusterName
+ - selector
+ - unhealthyConditions
+ type: object
+ status:
+ description: Most recently observed status of MachineHealthCheck resource
+ properties:
+ conditions:
+ description: Conditions defines current service state of the MachineHealthCheck.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ currentHealthy:
+ description: total number of healthy machines counted by this machine
+ health check
+ format: int32
+ minimum: 0
+ type: integer
+ expectedMachines:
+ description: total number of machines counted by this machine health
+ check
+ format: int32
+ minimum: 0
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ remediationsAllowed:
+ description: RemediationsAllowed is the number of further remediations
+ allowed by this machine health check before maxUnhealthy short circuiting
+ will be applied
+ format: int32
+ minimum: 0
+ type: integer
+ targets:
+ description: Targets shows the current list of machines the machine
+ health check is watching
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinepools.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachinePool
+ listKind: MachinePoolList
+ plural: machinepools
+ shortNames:
+ - mp
+ singular: machinepool
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: MachinePool is the Schema for the machinepools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: FailureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ instances should be ready. Defaults to 0 (machine instance will
+ be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: ProviderIDList are the identification IDs of machine
+ instances provided by the provider. This field must match the provider
+ IDs as seen on the node objects corresponding to a machine pool's
+ machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ strategy:
+ description: The deployment strategy to use to replace existing machine
+ instances with new ones.
+ properties:
+ rollingUpdate:
+ description: Rolling update config params. Present only if MachineDeploymentStrategyType
+ = RollingUpdate.
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be scheduled
+ above the desired number of machines. Value can be an absolute
+ number (ex: 5) or a percentage of desired machines (ex:
+ 10%). This can not be 0 if MaxUnavailable is 0. Absolute
+ number is calculated from percentage by rounding up. Defaults
+ to 1. Example: when this is set to 30%, the new MachineSet
+ can be scaled up immediately when the rolling update starts,
+ such that the total number of old and new machines do not
+ exceed 130% of desired machines. Once old machines have
+ been killed, new MachineSet can be scaled up further, ensuring
+ that total number of machines running at any time during
+ the update is at most 130% of desired machines.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of machines that can be unavailable
+ during the update. Value can be an absolute number (ex:
+ 5) or a percentage of desired machines (ex: 10%). Absolute
+ number is calculated from percentage by rounding down. This
+ can not be 0 if MaxSurge is 0. Defaults to 0. Example: when
+ this is set to 30%, the old MachineSet can be scaled down
+ to 70% of desired machines immediately when the rolling
+ update starts. Once new machines are ready, old MachineSet
+ can be scaled down further, followed by scaling up the new
+ MachineSet, ensuring that the total number of machines available
+ at all times during the update is at least 70% of desired
+ machines.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Currently the only supported
+ strategy is "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ generateName:
+ description: "GenerateName is an optional prefix, used by
+ the server, to generate a unique name ONLY IF the Name field
+ has not been provided. If this field is used, the name returned
+ to the client will be different than the name passed. This
+ value will also be combined with a unique suffix. The provided
+ value has the same validation rules as the Name field, and
+ may be truncated by the length of the suffix required to
+ make the value unique on the server. \n If this field is
+ specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created
+ or 500 with Reason ServerTimeout indicating a unique name
+ could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the
+ Retry-After header). \n Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: "Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow
+ a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence
+ and configuration definition. Cannot be updated. More info:
+ http://kubernetes.io/docs/user-guide/identifiers#names \n
+ Deprecated: This field has no function and is going to be
+ removed in a next release."
+ type: string
+ namespace:
+ description: "Namespace defines the space within each name
+ must be unique. An empty namespace is equivalent to the
+ \"default\" namespace, but \"default\" is the canonical
+ representation. Not all objects are required to be scoped
+ to a namespace - the value of this field for those objects
+ will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ ownerReferences:
+ description: "List of objects depended by this object. If
+ ALL objects in the list have been deleted, this object will
+ be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller,
+ with the controller field set to true. There cannot be more
+ than one managing controller. \n Deprecated: This field
+ has no function and is going to be removed in a next release."
+ items:
+ description: OwnerReference contains enough information
+ to let you identify an owning object. An owning object
+ must be in the same namespace as the dependent, or be
+ cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the
+ key-value store until this reference is removed. See
+ https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this
+ field and enforces the foreground deletion. Defaults
+ to false. To set this field, a user needs "delete"
+ permission of the owner, otherwise 422 (Unprocessable
+ Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.Data
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: "Data contains the bootstrap data, such as
+ cloud-init details scripts. If nil, the Machine should
+ remain in the Pending state. \n Deprecated: Switch to
+ DataSecretName."
+ type: string
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: Conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: FailureMessage indicates that there is a problem reconciling
+ the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a problem reconciling
+ the state, and will be set to a token value suitable for programmatic
+ interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: NodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: "ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2. Invalid
+ usage help. It is impossible to add specific help for individual
+ usage. In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not honored\"
+ or \"name must be restricted\". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual struct
+ is irrelevant. 5. We cannot easily change it. Because this type
+ is embedded in many locations, updates to this type will affect
+ numerous schemas. Don't make new APIs embed an underspecified
+ API type they do not control. \n Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable machine instances targeted
+ by this machine pool. This is the total number of machine instances
+ that are still required for the machine pool to have 100% available
+ capacity. They may either be machine instances that are running
+ but not yet available or machine instances that still have not been
+ created.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Time duration since creation of MachinePool
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: MachinePool is the Schema for the machinepools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: FailureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ instances should be ready. Defaults to 0 (machine instance will
+ be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: ProviderIDList are the identification IDs of machine
+ instances provided by the provider. This field must match the provider
+ IDs as seen on the node objects corresponding to a machine pool's
+ machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: Conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: FailureMessage indicates that there is a problem reconciling
+ the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a problem reconciling
+ the state, and will be set to a token value suitable for programmatic
+ interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: NodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: "ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2. Invalid
+ usage help. It is impossible to add specific help for individual
+ usage. In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not honored\"
+ or \"name must be restricted\". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual struct
+ is irrelevant. 5. We cannot easily change it. Because this type
+ is embedded in many locations, updates to this type will affect
+ numerous schemas. Don't make new APIs embed an underspecified
+ API type they do not control. \n Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable machine instances targeted
+ by this machine pool. This is the total number of machine instances
+ that are still required for the machine pool to have 100% available
+ capacity. They may either be machine instances that are running
+ but not yet available or machine instances that still have not been
+ created.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this MachinePool
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: MachinePool replicas count
+ jsonPath: .status.replicas
+ name: Replicas
+ type: string
+ - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed
+ etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of MachinePool
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachinePool
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachinePool is the Schema for the machinepools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachinePoolSpec defines the desired state of MachinePool.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomains:
+ description: FailureDomains is the list of failure domains this MachinePool
+ should be attached to.
+ items:
+ type: string
+ type: array
+ minReadySeconds:
+ description: Minimum number of seconds for which a newly created machine
+ instances should be ready. Defaults to 0 (machine instance will
+ be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ providerIDList:
+ description: ProviderIDList are the identification IDs of machine
+ instances provided by the provider. This field must match the provider
+ IDs as seen on the node objects corresponding to a machine pool's
+ machine instances.
+ items:
+ type: string
+ type: array
+ replicas:
+ description: Number of desired machines. Defaults to 1. This is a
+ pointer to distinguish between explicit zero and not specified.
+ format: int32
+ type: integer
+ template:
+ description: Template describes the machines that will be created.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts after
+ the Machine is marked for deletion. A duration of 0 will
+ retry deletion indefinitely. Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of
+ time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the
+ volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - template
+ type: object
+ status:
+ description: MachinePoolStatus defines the observed state of MachinePool.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachinePool.
+ format: int32
+ type: integer
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: Conditions define the current service state of the MachinePool.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: FailureMessage indicates that there is a problem reconciling
+ the state, and will be set to a descriptive error message.
+ type: string
+ failureReason:
+ description: FailureReason indicates that there is a problem reconciling
+ the state, and will be set to a token value suitable for programmatic
+ interpretation.
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ nodeRefs:
+ description: NodeRefs will point to the corresponding Nodes if it
+ they exist.
+ items:
+ description: "ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2. Invalid
+ usage help. It is impossible to add specific help for individual
+ usage. In most embedded usages, there are particular restrictions
+ like, \"must refer only to types A and B\" or \"UID not honored\"
+ or \"name must be restricted\". Those cannot be well described
+ when embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual struct
+ is irrelevant. 5. We cannot easily change it. Because this type
+ is embedded in many locations, updates to this type will affect
+ numerous schemas. Don't make new APIs embed an underspecified
+ API type they do not control. \n Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ ."
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of cluster actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ readyReplicas:
+ description: The number of ready replicas for this MachinePool. A
+ machine is considered ready when the node has been created and is
+ "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ unavailableReplicas:
+ description: Total number of unavailable machine instances targeted
+ by this machine pool. This is the total number of machine instances
+ that are still required for the machine pool to have 100% available
+ capacity. They may either be machine instances that are running
+ but not yet available or machine instances that still have not been
+ created.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machines.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: Machine
+ listKind: MachineList
+ plural: machines
+ shortNames:
+ - ma
+ singular: machine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ priority: 1
+ type: string
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: Machine is the Schema for the machines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference is
+ optional to allow users/operators to specify Bootstrap.Data
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: "Data contains the bootstrap data, such as cloud-init
+ details scripts. If nil, the Machine should remain in the Pending
+ state. \n Deprecated: Switch to DataSecretName."
+ type: string
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script. If nil, the Machine should remain
+ in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine will
+ be created in. Must match a key in the FailureDomains map stored
+ on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that the
+ controller will spend on draining a node. The default value is 0,
+ meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine provided
+ by the provider. This field must match the provider ID as seen on
+ the node object corresponding to this machine. This field is required
+ by higher level consumers of cluster-api. Example use case is cluster
+ autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+ compares machines to nodes to find out machines at provider which
+ could not get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field is required
+ by autoscaler to be able to have a provider view of the list of
+ machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines
+ and are marked for delete. This field will be set by the actuators
+ and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version. This
+ field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: Addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: Conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a succinct
+ value suitable for machine interpretation. \n This field should
+ not be set for transitive errors that a controller faces that are
+ expected to be fixed automatically over time (like service outages),
+ but instead indicate that something is fundamentally wrong with
+ the Machine's spec or the configuration of the controller, and that
+ manual intervention is required. Examples of terminal errors would
+ be invalid combinations of settings in the spec, values that are
+ unsupported by the controller, or the responsible controller itself
+ being critically misconfigured. \n Any transient errors that occur
+ during the reconciliation of Machines can be added as events to
+ the Machine object and/or logged in the controller's output."
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: LastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeRef:
+ description: NodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ version:
+ description: Version specifies the current version of Kubernetes running
+ on the corresponding Node. This is meant to be a means of bubbling
+ up status from the Node to the Machine. It is entirely optional,
+ but useful for end-user UX if it’s present.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of Machine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ priority: 1
+ type: string
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: Machine is the Schema for the machines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference is
+ optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script. If nil, the Machine should remain
+ in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine will
+ be created in. Must match a key in the FailureDomains map stored
+ on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that the
+ controller will spend on draining a node. The default value is 0,
+ meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine provided
+ by the provider. This field must match the provider ID as seen on
+ the node object corresponding to this machine. This field is required
+ by higher level consumers of cluster-api. Example use case is cluster
+ autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+ compares machines to nodes to find out machines at provider which
+ could not get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field is required
+ by autoscaler to be able to have a provider view of the list of
+ machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines
+ and are marked for delete. This field will be set by the actuators
+ and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version. This
+ field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: Addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ conditions:
+ description: Conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a succinct
+ value suitable for machine interpretation. \n This field should
+ not be set for transitive errors that a controller faces that are
+ expected to be fixed automatically over time (like service outages),
+ but instead indicate that something is fundamentally wrong with
+ the Machine's spec or the configuration of the controller, and that
+ manual intervention is required. Examples of terminal errors would
+ be invalid combinations of settings in the spec, values that are
+ unsupported by the controller, or the responsible controller itself
+ being critically misconfigured. \n Any transient errors that occur
+ during the reconciliation of Machines can be added as events to
+ the Machine object and/or logged in the controller's output."
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: LastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeInfo:
+ description: 'NodeInfo is a set of ids/uuids to uniquely identify
+ the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info'
+ properties:
+ architecture:
+ description: The Architecture reported by the node
+ type: string
+ bootID:
+ description: Boot ID reported by the node.
+ type: string
+ containerRuntimeVersion:
+ description: ContainerRuntime Version reported by the node through
+ runtime remote API (e.g. containerd://1.4.2).
+ type: string
+ kernelVersion:
+ description: Kernel Version reported by the node from 'uname -r'
+ (e.g. 3.16.0-0.bpo.4-amd64).
+ type: string
+ kubeProxyVersion:
+ description: KubeProxy Version reported by the node.
+ type: string
+ kubeletVersion:
+ description: Kubelet Version reported by the node.
+ type: string
+ machineID:
+ description: 'MachineID reported by the node. For unique machine
+ identification in the cluster this field is preferred. Learn
+ more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html'
+ type: string
+ operatingSystem:
+ description: The Operating System reported by the node
+ type: string
+ osImage:
+ description: OS Image reported by the node from /etc/os-release
+ (e.g. Debian GNU/Linux 7 (wheezy)).
+ type: string
+ systemUUID:
+ description: SystemUUID reported by the node. For unique machine
+ identification MachineID is preferred. This field is specific
+ to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+ type: string
+ required:
+ - architecture
+ - bootID
+ - containerRuntimeVersion
+ - kernelVersion
+ - kubeProxyVersion
+ - kubeletVersion
+ - machineID
+ - operatingSystem
+ - osImage
+ - systemUUID
+ type: object
+ nodeRef:
+ description: NodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ version:
+ description: Version specifies the current version of Kubernetes running
+ on the corresponding Node. This is meant to be a means of bubbling
+ up status from the Node to the Machine. It is entirely optional,
+ but useful for end-user UX if it’s present.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Node name associated with this machine
+ jsonPath: .status.nodeRef.name
+ name: NodeName
+ type: string
+ - description: Provider ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine status such as Terminating/Pending/Running/Failed etc
+ jsonPath: .status.phase
+ name: Phase
+ type: string
+ - description: Time duration since creation of Machine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this Machine
+ jsonPath: .spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Machine is the Schema for the machines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSpec defines the desired state of Machine.
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which encapsulates
+ fields to configure the Machine’s bootstrapping mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference is
+ optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and this field
+ is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret that stores
+ the bootstrap data script. If nil, the Machine should remain
+ in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine will
+ be created in. Must match a key in the FailureDomains map stored
+ on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to a custom
+ resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the controller will
+ attempt to delete the Node that the Machine hosts after the Machine
+ is marked for deletion. A duration of 0 will retry deletion indefinitely.
+ Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time that the
+ controller will spend on draining a node. The default value is 0,
+ meaning that the node can be drained without any time limitations.
+ NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of time that
+ the controller will spend on waiting for all volumes to be detached.
+ The default value is 0, meaning that the volumes can be detached
+ without any time limitations.
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine provided
+ by the provider. This field must match the provider ID as seen on
+ the node object corresponding to this machine. This field is required
+ by higher level consumers of cluster-api. Example use case is cluster
+ autoscaler with cluster-api as provider. Clean-up logic in the autoscaler
+ compares machines to nodes to find out machines at provider which
+ could not get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field is required
+ by autoscaler to be able to have a provider view of the list of
+ machines. Another list of nodes is queried from the k8s apiserver
+ and then a comparison is done to find out unregistered machines
+ and are marked for delete. This field will be set by the actuators
+ and consumed by higher level entities like autoscaler that will
+ be interfacing with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version. This
+ field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ status:
+ description: MachineStatus defines the observed state of Machine.
+ properties:
+ addresses:
+ description: Addresses is a list of addresses assigned to the machine.
+ This field is copied from the infrastructure provider reference.
+ items:
+ description: MachineAddress contains information for the node's
+ address.
+ properties:
+ address:
+ description: The machine address.
+ type: string
+ type:
+ description: Machine address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ bootstrapReady:
+ description: BootstrapReady is the state of the bootstrap provider.
+ type: boolean
+ certificatesExpiryDate:
+ description: CertificatesExpiryDate is the expiry date of the machine
+ certificates. This value is only set for control plane machines.
+ format: date-time
+ type: string
+ conditions:
+ description: Conditions defines current service state of the Machine.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a succinct
+ value suitable for machine interpretation. \n This field should
+ not be set for transitive errors that a controller faces that are
+ expected to be fixed automatically over time (like service outages),
+ but instead indicate that something is fundamentally wrong with
+ the Machine's spec or the configuration of the controller, and that
+ manual intervention is required. Examples of terminal errors would
+ be invalid combinations of settings in the spec, values that are
+ unsupported by the controller, or the responsible controller itself
+ being critically misconfigured. \n Any transient errors that occur
+ during the reconciliation of Machines can be added as events to
+ the Machine object and/or logged in the controller's output."
+ type: string
+ infrastructureReady:
+ description: InfrastructureReady is the state of the infrastructure
+ provider.
+ type: boolean
+ lastUpdated:
+ description: LastUpdated identifies when the phase of the Machine
+ last transitioned.
+ format: date-time
+ type: string
+ nodeInfo:
+ description: 'NodeInfo is a set of ids/uuids to uniquely identify
+ the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info'
+ properties:
+ architecture:
+ description: The Architecture reported by the node
+ type: string
+ bootID:
+ description: Boot ID reported by the node.
+ type: string
+ containerRuntimeVersion:
+ description: ContainerRuntime Version reported by the node through
+ runtime remote API (e.g. containerd://1.4.2).
+ type: string
+ kernelVersion:
+ description: Kernel Version reported by the node from 'uname -r'
+ (e.g. 3.16.0-0.bpo.4-amd64).
+ type: string
+ kubeProxyVersion:
+ description: KubeProxy Version reported by the node.
+ type: string
+ kubeletVersion:
+ description: Kubelet Version reported by the node.
+ type: string
+ machineID:
+ description: 'MachineID reported by the node. For unique machine
+ identification in the cluster this field is preferred. Learn
+ more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html'
+ type: string
+ operatingSystem:
+ description: The Operating System reported by the node
+ type: string
+ osImage:
+ description: OS Image reported by the node from /etc/os-release
+ (e.g. Debian GNU/Linux 7 (wheezy)).
+ type: string
+ systemUUID:
+ description: SystemUUID reported by the node. For unique machine
+ identification MachineID is preferred. This field is specific
+ to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+ type: string
+ required:
+ - architecture
+ - bootID
+ - containerRuntimeVersion
+ - kernelVersion
+ - kubeProxyVersion
+ - kubeletVersion
+ - machineID
+ - operatingSystem
+ - osImage
+ - systemUUID
+ type: object
+ nodeRef:
+ description: NodeRef will point to the corresponding Node if it exists.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ description: Phase represents the current phase of machine actuation.
+ E.g. Pending, Running, Terminating, Failed etc.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: machinesets.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: MachineSet
+ listKind: MachineSetList
+ plural: machinesets
+ shortNames:
+ - ms
+ singular: machineset
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: MachineSet is the Schema for the machinesets API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: DeletePolicy defines the policy used to identify nodes
+ to delete when downscaling. Defaults to "Random". Valid values
+ are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: MinReadySeconds is the minimum number of seconds for
+ which a newly created machine should be ready. Defaults to 0 (machine
+ will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the number of desired replicas. This is a
+ pointer to distinguish between explicit zero and unspecified. Defaults
+ to 1.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is a label query over machines that should
+ match the replica count. Label keys and values that must match in
+ order to be controlled by this MachineSet. It must match the machine
+ template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: Template is the object that describes the machine that
+ will be created if insufficient replicas are detected. Object references
+ to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ generateName:
+ description: "GenerateName is an optional prefix, used by
+ the server, to generate a unique name ONLY IF the Name field
+ has not been provided. If this field is used, the name returned
+ to the client will be different than the name passed. This
+ value will also be combined with a unique suffix. The provided
+ value has the same validation rules as the Name field, and
+ may be truncated by the length of the suffix required to
+ make the value unique on the server. \n If this field is
+ specified and the generated name exists, the server will
+ NOT return a 409 - instead, it will either return 201 Created
+ or 500 with Reason ServerTimeout indicating a unique name
+ could not be found in the time allotted, and the client
+ should retry (optionally after the time indicated in the
+ Retry-After header). \n Applied only if Name is not specified.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ name:
+ description: "Name must be unique within a namespace. Is required
+ when creating resources, although some resources may allow
+ a client to request the generation of an appropriate name
+ automatically. Name is primarily intended for creation idempotence
+ and configuration definition. Cannot be updated. More info:
+ http://kubernetes.io/docs/user-guide/identifiers#names \n
+ Deprecated: This field has no function and is going to be
+ removed in a next release."
+ type: string
+ namespace:
+ description: "Namespace defines the space within each name
+ must be unique. An empty namespace is equivalent to the
+ \"default\" namespace, but \"default\" is the canonical
+ representation. Not all objects are required to be scoped
+ to a namespace - the value of this field for those objects
+ will be empty. \n Must be a DNS_LABEL. Cannot be updated.
+ More info: http://kubernetes.io/docs/user-guide/namespaces
+ \n Deprecated: This field has no function and is going to
+ be removed in a next release."
+ type: string
+ ownerReferences:
+ description: "List of objects depended by this object. If
+ ALL objects in the list have been deleted, this object will
+ be garbage collected. If this object is managed by a controller,
+ then an entry in this list will point to this controller,
+ with the controller field set to true. There cannot be more
+ than one managing controller. \n Deprecated: This field
+ has no function and is going to be removed in a next release."
+ items:
+ description: OwnerReference contains enough information
+ to let you identify an owning object. An owning object
+ must be in the same namespace as the dependent, or be
+ cluster-scoped, so there is no namespace field.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ blockOwnerDeletion:
+ description: If true, AND if the owner has the "foregroundDeletion"
+ finalizer, then the owner cannot be deleted from the
+ key-value store until this reference is removed. See
+ https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+ for how the garbage collector interacts with this
+ field and enforces the foreground deletion. Defaults
+ to false. To set this field, a user needs "delete"
+ permission of the owner, otherwise 422 (Unprocessable
+ Entity) will be returned.
+ type: boolean
+ controller:
+ description: If true, this reference points to the managing
+ controller.
+ type: boolean
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+ type: string
+ required:
+ - apiVersion
+ - kind
+ - name
+ - uid
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.Data
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ data:
+ description: "Data contains the bootstrap data, such as
+ cloud-init details scripts. If nil, the Machine should
+ remain in the Pending state. \n Deprecated: Switch to
+ DataSecretName."
+ type: string
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ failureMessage:
+ type: string
+ failureReason:
+ description: "In the event that there is a terminal problem reconciling
+ the replicas, both FailureReason and FailureMessage will be set.
+ FailureReason will be populated with a succinct value suitable for
+ machine interpretation, while FailureMessage will contain a more
+ verbose string suitable for logging and human consumption. \n These
+ fields should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the MachineTemplate's spec or the configuration of the
+ machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in
+ the spec, values that are unsupported by the machine controller,
+ or the responsible machine controller itself being critically misconfigured.
+ \n Any transient errors that occur during the reconciliation of
+ Machines can be added as events to the MachineSet object and/or
+ logged in the controller's output."
+ type: string
+ fullyLabeledReplicas:
+ description: The number of replicas that have labels matching the
+ labels of the machine template of the MachineSet.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Time duration since creation of MachineSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: MachineSet is the Schema for the machinesets API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: DeletePolicy defines the policy used to identify nodes
+ to delete when downscaling. Defaults to "Random". Valid values
+ are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: MinReadySeconds is the minimum number of seconds for
+ which a newly created machine should be ready. Defaults to 0 (machine
+ will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: Replicas is the number of desired replicas. This is a
+ pointer to distinguish between explicit zero and unspecified. Defaults
+ to 1.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is a label query over machines that should
+ match the replica count. Label keys and values that must match in
+ order to be controlled by this MachineSet. It must match the machine
+ template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: Template is the object that describes the machine that
+ will be created if insufficient replicas are detected. Object references
+ to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions defines current service state of the MachineSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ type: string
+ failureReason:
+ description: "In the event that there is a terminal problem reconciling
+ the replicas, both FailureReason and FailureMessage will be set.
+ FailureReason will be populated with a succinct value suitable for
+ machine interpretation, while FailureMessage will contain a more
+ verbose string suitable for logging and human consumption. \n These
+ fields should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the MachineTemplate's spec or the configuration of the
+ machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in
+ the spec, values that are unsupported by the machine controller,
+ or the responsible machine controller itself being critically misconfigured.
+ \n Any transient errors that occur during the reconciliation of
+ Machines can be added as events to the MachineSet object and/or
+ logged in the controller's output."
+ type: string
+ fullyLabeledReplicas:
+ description: The number of replicas that have labels matching the
+ labels of the machine template of the MachineSet.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster
+ jsonPath: .spec.clusterName
+ name: Cluster
+ type: string
+ - description: Total number of machines desired by this machineset
+ jsonPath: .spec.replicas
+ name: Desired
+ priority: 10
+ type: integer
+ - description: Total number of non-terminated machines targeted by this machineset
+ jsonPath: .status.replicas
+ name: Replicas
+ type: integer
+ - description: Total number of ready machines targeted by this machineset.
+ jsonPath: .status.readyReplicas
+ name: Ready
+ type: integer
+ - description: Total number of available machines (ready for at least minReadySeconds)
+ jsonPath: .status.availableReplicas
+ name: Available
+ type: integer
+ - description: Time duration since creation of MachineSet
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Kubernetes version associated with this MachineSet
+ jsonPath: .spec.template.spec.version
+ name: Version
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MachineSet is the Schema for the machinesets API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MachineSetSpec defines the desired state of MachineSet.
+ properties:
+ clusterName:
+ description: ClusterName is the name of the Cluster this object belongs
+ to.
+ minLength: 1
+ type: string
+ deletePolicy:
+ description: DeletePolicy defines the policy used to identify nodes
+ to delete when downscaling. Defaults to "Random". Valid values
+ are "Random, "Newest", "Oldest"
+ enum:
+ - Random
+ - Newest
+ - Oldest
+ type: string
+ minReadySeconds:
+ description: MinReadySeconds is the minimum number of seconds for
+ which a newly created machine should be ready. Defaults to 0 (machine
+ will be considered available as soon as it is ready)
+ format: int32
+ type: integer
+ replicas:
+ default: 1
+ description: Replicas is the number of desired replicas. This is a
+ pointer to distinguish between explicit zero and unspecified. Defaults
+ to 1.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is a label query over machines that should
+ match the replica count. Label keys and values that must match in
+ order to be controlled by this MachineSet. It must match the machine
+ template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the key
+ and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to
+ a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ template:
+ description: Template is the object that describes the machine that
+ will be created if insufficient replicas are detected. Object references
+ to custom resources are treated as templates.
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: 'Annotations is an unstructured key value map
+ stored with a resource that may be set by external tools
+ to store and retrieve arbitrary metadata. They are not queryable
+ and should be preserved when modifying objects. More info:
+ http://kubernetes.io/docs/user-guide/annotations'
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ description: 'Map of string keys and values that can be used
+ to organize and categorize (scope and select) objects. May
+ match selectors of replication controllers and services.
+ More info: http://kubernetes.io/docs/user-guide/labels'
+ type: object
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the machine.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ bootstrap:
+ description: Bootstrap is a reference to a local struct which
+ encapsulates fields to configure the Machine’s bootstrapping
+ mechanism.
+ properties:
+ configRef:
+ description: ConfigRef is a reference to a bootstrap provider-specific
+ resource that holds configuration details. The reference
+ is optional to allow users/operators to specify Bootstrap.DataSecretName
+ without the need of a controller.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object
+ instead of an entire object, this string should
+ contain a valid JSON/Go field access statement,
+ such as desiredState.manifest.containers[2]. For
+ example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container
+ that triggered the event) or if no container name
+ is specified "spec.containers[2]" (container with
+ index 2 in this pod). This syntax is chosen only
+ to have some well-defined way of referencing a part
+ of an object. TODO: this design is not final and
+ this field is subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this
+ reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSecretName:
+ description: DataSecretName is the name of the secret
+ that stores the bootstrap data script. If nil, the Machine
+ should remain in the Pending state.
+ type: string
+ type: object
+ clusterName:
+ description: ClusterName is the name of the Cluster this object
+ belongs to.
+ minLength: 1
+ type: string
+ failureDomain:
+ description: FailureDomain is the failure domain the machine
+ will be created in. Must match a key in the FailureDomains
+ map stored on the cluster object.
+ type: string
+ infrastructureRef:
+ description: InfrastructureRef is a required reference to
+ a custom resource offered by an infrastructure provider.
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this
+ pod). This syntax is chosen only to have some well-defined
+ way of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in
+ the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeDeletionTimeout:
+ description: NodeDeletionTimeout defines how long the controller
+ will attempt to delete the Node that the Machine hosts after
+ the Machine is marked for deletion. A duration of 0 will
+ retry deletion indefinitely. Defaults to 10 seconds.
+ type: string
+ nodeDrainTimeout:
+ description: 'NodeDrainTimeout is the total amount of time
+ that the controller will spend on draining a node. The default
+ value is 0, meaning that the node can be drained without
+ any time limitations. NOTE: NodeDrainTimeout is different
+ from `kubectl drain --timeout`'
+ type: string
+ nodeVolumeDetachTimeout:
+ description: NodeVolumeDetachTimeout is the total amount of
+ time that the controller will spend on waiting for all volumes
+ to be detached. The default value is 0, meaning that the
+ volumes can be detached without any time limitations.
+ type: string
+ providerID:
+ description: ProviderID is the identification ID of the machine
+ provided by the provider. This field must match the provider
+ ID as seen on the node object corresponding to this machine.
+ This field is required by higher level consumers of cluster-api.
+ Example use case is cluster autoscaler with cluster-api
+ as provider. Clean-up logic in the autoscaler compares machines
+ to nodes to find out machines at provider which could not
+ get registered as Kubernetes nodes. With cluster-api as
+ a generic out-of-tree provider for autoscaler, this field
+ is required by autoscaler to be able to have a provider
+ view of the list of machines. Another list of nodes is queried
+ from the k8s apiserver and then a comparison is done to
+ find out unregistered machines and are marked for delete.
+ This field will be set by the actuators and consumed by
+ higher level entities like autoscaler that will be interfacing
+ with cluster-api as generic provider.
+ type: string
+ version:
+ description: Version defines the desired Kubernetes version.
+ This field is meant to be optionally used by bootstrap providers.
+ type: string
+ required:
+ - bootstrap
+ - clusterName
+ - infrastructureRef
+ type: object
+ type: object
+ required:
+ - clusterName
+ - selector
+ type: object
+ status:
+ description: MachineSetStatus defines the observed state of MachineSet.
+ properties:
+ availableReplicas:
+ description: The number of available replicas (ready for at least
+ minReadySeconds) for this MachineSet.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions defines current service state of the MachineSet.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ type: string
+ failureReason:
+ description: "In the event that there is a terminal problem reconciling
+ the replicas, both FailureReason and FailureMessage will be set.
+ FailureReason will be populated with a succinct value suitable for
+ machine interpretation, while FailureMessage will contain a more
+ verbose string suitable for logging and human consumption. \n These
+ fields should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the MachineTemplate's spec or the configuration of the
+ machine controller, and that manual intervention is required. Examples
+ of terminal errors would be invalid combinations of settings in
+ the spec, values that are unsupported by the machine controller,
+ or the responsible machine controller itself being critically misconfigured.
+ \n Any transient errors that occur during the reconciliation of
+ Machines can be added as events to the MachineSet object and/or
+ logged in the controller's output."
+ type: string
+ fullyLabeledReplicas:
+ description: The number of replicas that have labels matching the
+ labels of the machine template of the MachineSet.
+ format: int32
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration reflects the generation of the most
+ recently observed MachineSet.
+ format: int64
+ type: integer
+ readyReplicas:
+ description: The number of ready replicas for this MachineSet. A machine
+ is considered ready when the node has been created and is "Ready".
+ format: int32
+ type: integer
+ replicas:
+ description: Replicas is the most recently observed number of replicas.
+ format: int32
+ type: integer
+ selector:
+ description: 'Selector is the same as the label selector but in the
+ string format to avoid introspection by clients. The string will
+ be in the same format as the query-param syntax. More info about
+ label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.replicas
+ statusReplicasPath: .status.replicas
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-leader-election-role
+ namespace: capi-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-system-capi-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-system-capi-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - addons.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - addons.cluster.x-k8s.io
+ resources:
+ - clusterresourcesets/finalizers
+ - clusterresourcesets/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ - controlplane.cluster.x-k8s.io
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusterclasses
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusterclasses
+ - clusterclasses/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/finalizers
+ - clusters/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedeployments
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedeployments
+ - machinedeployments/finalizers
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinedeployments
+ - machinedeployments/finalizers
+ - machinedeployments/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinehealthchecks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinehealthchecks
+ - machinehealthchecks/finalizers
+ - machinehealthchecks/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinepools
+ - machinepools/finalizers
+ - machinepools/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/finalizers
+ - machines/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/status
+ verbs:
+ - delete
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinesets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinesets
+ - machinesets/finalizers
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machinesets
+ - machinesets/finalizers
+ - machinesets/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - ipam.cluster.x-k8s.io
+ resources:
+ - ipaddressclaims
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - runtime.cluster.x-k8s.io
+ resources:
+ - extensionconfigs
+ - extensionconfigs/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-leader-election-rolebinding
+ namespace: capi-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capi-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-system-capi-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capi-system-capi-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capi-manager
+ namespace: capi-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-webhook-service
+ namespace: capi-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: cluster-api
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ control-plane: controller-manager
+ name: capi-controller-manager
+ namespace: capi-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: cluster-api
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --metrics-bind-addr=localhost:8080
+ - --feature-gates=MachinePool=false,ClusterResourceSet=true,ClusterTopology=true,RuntimeSDK=false
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ image: "{{ atmosphere_images['cluster_api_controller'] | vexxhost.atmosphere.docker_image('ref') }}"
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ resources: {}
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ serviceAccountName: capi-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ secretName: capi-webhook-service-cert
+status: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-serving-cert
+ namespace: capi-system
+spec:
+ dnsNames:
+ - capi-webhook-service.capi-system.svc
+ - capi-webhook-service.capi-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capi-selfsigned-issuer
+ secretName: capi-webhook-service-cert
+ subject:
+ organizations:
+ - k8s-sig-cluster-lifecycle
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-selfsigned-issuer
+ namespace: capi-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machine.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinedeployment
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinedeployment.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinedeployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinehealthcheck.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinehealthchecks
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machineset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machineset.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.cluster.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-clusterclass
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.clusterclass.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterclasses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.extensionconfig.runtime.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - runtime.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - extensionconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-cluster-x-k8s-io-v1beta1-machinepool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.machinepool.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinepools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /mutate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.clusterresourceset.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - addons.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterresourcesets
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capi-system/capi-serving-cert
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: cluster-api
+ clusterctl.cluster.x-k8s.io: ""
+ name: capi-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machine.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinedeployment
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinedeployment.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinedeployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinehealthcheck
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinehealthcheck.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinehealthchecks
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machineset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machineset.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-cluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.cluster.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - clusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-clusterclass
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.clusterclass.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - clusterclasses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-runtime-cluster-x-k8s-io-v1alpha1-extensionconfig
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.extensionconfig.runtime.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - runtime.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - extensionconfigs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-cluster-x-k8s-io-v1beta1-machinepool
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.machinepool.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - machinepools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourceset
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.clusterresourceset.addons.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - addons.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterresourcesets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddress
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipaddress.ipam.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - ipaddresses
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: capi-webhook-service
+ namespace: capi-system
+ path: /validate-ipam-cluster-x-k8s-io-v1alpha1-ipaddressclaim
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.ipaddressclaim.ipam.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - ipam.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ - DELETE
+ resources:
+ - ipaddressclaims
+ sideEffects: None
diff --git a/roles/cluster_api/templates/capi-provider.yml b/roles/cluster_api/templates/capi-provider.yml
new file mode 100644
index 0000000..f7aabd8
--- /dev/null
+++ b/roles/cluster_api/templates/capi-provider.yml
@@ -0,0 +1,12126 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.9.2
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+ name: openstackclusters.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackCluster
+ listKind: OpenStackClusterList
+ plural: openstackclusters
+ shortNames:
+ - osc
+ singular: openstackcluster
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: Subnet the cluster is using
+ jsonPath: .status.network.subnet.id
+ name: Subnet
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion floating IP
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: OpenStackCluster is the Schema for the openstackclusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will be associated
+ to the APIServer. The floatingIP will be created if it not already
+ exists.
+ type: string
+ apiServerLoadBalancerAdditionalPorts:
+ description: APIServerLoadBalancerAdditionalPorts adds additional
+ ports to the APIServerLoadBalancer
+ items:
+ type: integer
+ type: array
+ apiServerPort:
+ description: APIServerPort is the port on which the listener on the
+ APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the nodes
+ \n As a rolling update is not ideal during a bastion host session,
+ we prevent changes to a running bastion configuration. Set `enabled:
+ false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ cloudsSecret:
+ description: The name of the secret containing the openstack
+ credentials
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify the networks parameter, the server attaches
+ to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIp:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: The UUID of the network. Required
+ if you omit the port attribute.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: The UUID of the network. Required if you
+ omit the port attribute.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ userDataSecret:
+ description: The name of the secret containing the user data
+ (startup script in most cases)
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ cloudsSecret:
+ description: The name of the secret containing the openstack credentials
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy control
+ plane to
+ items:
+ type: string
+ type: array
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security of the
+ network created for the Kubernetes cluster, which also disables
+ SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for OpenStack
+ Subnet being created. Set this value when you need create a new
+ network/subnet while the access through DNS is required.
+ items:
+ type: string
+ type: array
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs on the respective
+ subnets. This is necessary if the router needs a fixed ip in a specific
+ subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: The UUID of the network. Required if you omit
+ the port attribute.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ managedAPIServerLoadBalancer:
+ description: 'ManagedAPIServerLoadBalancer defines whether a LoadBalancer
+ for the APIServer should be created. If set to true the following
+ properties are mandatory: APIServerFloatingIP, APIServerPort'
+ type: boolean
+ managedSecurityGroups:
+ description: 'ManagedSecurityGroups defines that kubernetes manages
+ the OpenStack security groups for now, that means that we''ll create
+ security group allows traffic to/from machines belonging to that
+ group based on Calico CNI plugin default network requirements: BGP
+ and IP-in-IP for master node(s) and worker node(s) respectively.
+ In the future, we could make this more flexible.'
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing network.
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+ actuator will create a network, a subnet with NodeCIDR, and a router
+ connected to this subnet. If you leave this empty, no network will
+ be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ useOctavia:
+ description: UseOctavia is weather LoadBalancer Service is Octavia
+ or not
+ type: boolean
+ type: object
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ bastion:
+ properties:
+ configDrive:
+ type: boolean
+ failureDomain:
+ type: string
+ flavor:
+ type: string
+ floatingIP:
+ type: string
+ id:
+ type: string
+ image:
+ type: string
+ ip:
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ networks:
+ items:
+ description: Network represents basic information about the
+ associated OpenStach Neutron Network.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer,
+ because this field is optional and therefore not set in
+ all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ router:
+ description: Router represents basic information about the
+ associated OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the
+ associated OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ type: array
+ rootVolume:
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securigyGroups:
+ items:
+ type: string
+ type: array
+ serverGroupID:
+ type: string
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ subnet:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ trunk:
+ type: boolean
+ userData:
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: SecurityGroup represents the basic information of the
+ associated OpenStack Neutron Security Group.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ controlPlaneSecurityGroup:
+ description: 'ControlPlaneSecurityGroups contains all the information
+ about the OpenStack Security Group that needs to be applied to control
+ plane nodes. TODO: Maybe instead of two properties, we add a property
+ to the group?'
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ externalNetwork:
+ description: External Network contains information about the created
+ OpenStack external network.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ network:
+ description: Network contains all information about the created OpenStack
+ Network. It includes Subnets and Router.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ type: boolean
+ workerSecurityGroup:
+ description: WorkerSecurityGroup contains all the information about
+ the OpenStack Security Group that needs to be applied to worker
+ nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: Subnet the cluster is using
+ jsonPath: .status.network.subnet.id
+ name: Subnet
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion address for breakglass access
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion IP
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: OpenStackCluster is the Schema for the openstackclusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed security
+ groups are in use. If set to true, the rules for the managed security
+ groups are configured so that all ingress and egress between cluster
+ nodes is permitted, allowing CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be associated
+ with the API server. In the case where the API server has a floating
+ IP but not a managed load balancer, this field is not used. If a
+ managed load balancer is used and this field is not specified, a
+ fixed IP will be dynamically allocated for the load balancer. If
+ a managed load balancer is not used AND the API server floating
+ IP is disabled, this field MUST be specified and should correspond
+ to a pre-allocated port that holds the fixed IP to be used as a
+ VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will be associated
+ with the API server. The floatingIP will be created if it does not
+ already exist. If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancerAdditionalPorts:
+ description: APIServerLoadBalancerAdditionalPorts adds additional
+ ports to the APIServerLoadBalancer
+ items:
+ type: integer
+ type: array
+ apiServerPort:
+ description: APIServerPort is the port on which the listener on the
+ APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the nodes
+ \n As a rolling update is not ideal during a bastion host session,
+ we prevent changes to a running bastion configuration. Set `enabled:
+ false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to
+ create the port. If unspecified, create the port on
+ the default cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy control
+ plane to
+ items:
+ type: string
+ type: array
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether or not
+ to attempt to attach a floating IP to the API server. This allows
+ for the creation of clusters when attaching a floating IP to the
+ API server (and hence, in many cases, exposing the API server to
+ the internet) is not possible or desirable, e.g. if using a shared
+ VLAN for communication between management and workload clusters
+ or when the management cluster is inside the project network. This
+ option requires that the API server use a VIP on the cluster network
+ so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will
+ fail without additional configuration to manage the VIP on the control
+ plane machines, which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security of the
+ network created for the Kubernetes cluster, which also disables
+ SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for OpenStack
+ Subnet being created. Set this value when you need create a new
+ network/subnet while the access through DNS is required.
+ items:
+ type: string
+ type: array
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs on the respective
+ subnets. This is necessary if the router needs a fixed ip in a specific
+ subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified this
+ will not be validated prior to server creation. If specified,
+ the enclosing `NetworkParam` must also be specified by
+ UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedAPIServerLoadBalancer:
+ description: ManagedAPIServerLoadBalancer defines whether a LoadBalancer
+ for the APIServer should be created.
+ type: boolean
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack security
+ groups for the cluster will be managed by the OpenStack provider
+ or whether pre-existing security groups will be specified as part
+ of the configuration. By default, the managed security groups have
+ rules that allow the Kubelet, etcd, the Kubernetes API server and
+ the Calico CNI plugin to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing network.
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+ actuator will create a network, a subnet with NodeCIDR, and a router
+ connected to this subnet. If you leave this empty, no network will
+ be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ bastion:
+ properties:
+ configDrive:
+ type: boolean
+ failureDomain:
+ type: string
+ flavor:
+ type: string
+ floatingIP:
+ type: string
+ id:
+ type: string
+ image:
+ type: string
+ ip:
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ networks:
+ items:
+ description: Network represents basic information about an OpenStack
+ Neutron Network associated with an instance's port.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer,
+ because this field is optional and therefore not set in
+ all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to
+ create the port. If unspecified, create the port on
+ the default cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the
+ associated OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the
+ associated OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ type: array
+ rootVolume:
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securigyGroups:
+ items:
+ type: string
+ type: array
+ serverGroupID:
+ type: string
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ subnet:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ trunk:
+ type: boolean
+ userData:
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: SecurityGroup represents the basic information of the
+ associated OpenStack Neutron Security Group.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ controlPlaneSecurityGroup:
+ description: 'ControlPlaneSecurityGroups contains all the information
+ about the OpenStack Security Group that needs to be applied to control
+ plane nodes. TODO: Maybe instead of two properties, we add a property
+ to the group?'
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ externalNetwork:
+ description: External Network contains information about the created
+ OpenStack external network.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to create
+ the port. If unspecified, create the port on the default
+ cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a more verbose string suitable for logging and human consumption.
+ \n This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the OpenStackCluster's spec or the configuration of the
+ controller, and that manual intervention is required. Examples of
+ terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the responsible
+ controller itself being critically misconfigured. \n Any transient
+ errors that occur during the reconciliation of OpenStackClusters
+ can be added as events to the OpenStackCluster object and/or logged
+ in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a succinct value suitable for machine interpretation. \n This field
+ should not be set for transitive errors that a controller faces
+ that are expected to be fixed automatically over time (like service
+ outages), but instead indicate that something is fundamentally wrong
+ with the OpenStackCluster's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of OpenStackClusters can be added
+ as events to the OpenStackCluster object and/or logged in the controller's
+ output."
+ type: string
+ network:
+ description: Network contains all information about the created OpenStack
+ Network. It includes Subnets and Router.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to create
+ the port. If unspecified, create the port on the default
+ cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ type: boolean
+ workerSecurityGroup:
+ description: WorkerSecurityGroup contains all the information about
+ the OpenStack Security Group that needs to be applied to worker
+ nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: Subnet the cluster is using
+ jsonPath: .status.network.subnet.id
+ name: Subnet
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion address for breakglass access
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion IP
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha5
+ schema:
+ openAPIV3Schema:
+ description: OpenStackCluster is the Schema for the openstackclusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed security
+ groups are in use. If set to true, the rules for the managed security
+ groups are configured so that all ingress and egress between cluster
+ nodes is permitted, allowing CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be associated
+ with the API server. In the case where the API server has a floating
+ IP but not a managed load balancer, this field is not used. If a
+ managed load balancer is used and this field is not specified, a
+ fixed IP will be dynamically allocated for the load balancer. If
+ a managed load balancer is not used AND the API server floating
+ IP is disabled, this field MUST be specified and should correspond
+ to a pre-allocated port that holds the fixed IP to be used as a
+ VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will be associated
+ with the API server. The floatingIP will be created if it does not
+ already exist. If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: 'APIServerLoadBalancer configures the optional LoadBalancer
+ for the APIServer. It must be activated by setting `enabled: true`.'
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports to the
+ load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server listeners
+ to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should be
+ created.
+ type: boolean
+ type: object
+ apiServerPort:
+ description: APIServerPort is the port on which the listener on the
+ APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the nodes
+ \n As a rolling update is not ideal during a bastion host session,
+ we prevent changes to a running bastion configuration. Set `enabled:
+ false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server
+ instance. if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy control
+ plane to
+ items:
+ type: string
+ type: array
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether or not
+ to attempt to attach a floating IP to the API server. This allows
+ for the creation of clusters when attaching a floating IP to the
+ API server (and hence, in many cases, exposing the API server to
+ the internet) is not possible or desirable, e.g. if using a shared
+ VLAN for communication between management and workload clusters
+ or when the management cluster is inside the project network. This
+ option requires that the API server use a VIP on the cluster network
+ so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will
+ fail without additional configuration to manage the VIP on the control
+ plane machines, which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security of the
+ network created for the Kubernetes cluster, which also disables
+ SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for OpenStack
+ Subnet being created. Set this value when you need create a new
+ network/subnet while the access through DNS is required.
+ items:
+ type: string
+ type: array
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs on the respective
+ subnets. This is necessary if the router needs a fixed ip in a specific
+ subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified this
+ will not be validated prior to server creation. If specified,
+ the enclosing `NetworkParam` must also be specified by
+ UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack security
+ groups for the cluster will be managed by the OpenStack provider
+ or whether pre-existing security groups will be specified as part
+ of the configuration. By default, the managed security groups have
+ rules that allow the Kubelet, etcd, the Kubernetes API server and
+ the Calico CNI plugin to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+ actuator will create a network, a subnet with NodeCIDR, and a router
+ connected to this subnet. If you leave this empty, no network will
+ be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ bastion:
+ properties:
+ configDrive:
+ type: boolean
+ failureDomain:
+ type: string
+ flavor:
+ type: string
+ floatingIP:
+ type: string
+ id:
+ type: string
+ image:
+ type: string
+ imageUUID:
+ type: string
+ ip:
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ networks:
+ items:
+ description: Network represents basic information about an OpenStack
+ Neutron Network associated with an instance's port.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer,
+ because this field is optional and therefore not set in
+ all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the
+ associated OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the
+ associated OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ type: array
+ rootVolume:
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securigyGroups:
+ items:
+ type: string
+ type: array
+ serverGroupID:
+ type: string
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ subnet:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ trunk:
+ type: boolean
+ userData:
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: SecurityGroup represents the basic information of the
+ associated OpenStack Neutron Security Group.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ controlPlaneSecurityGroup:
+ description: 'ControlPlaneSecurityGroups contains all the information
+ about the OpenStack Security Group that needs to be applied to control
+ plane nodes. TODO: Maybe instead of two properties, we add a property
+ to the group?'
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ externalNetwork:
+ description: External Network contains information about the created
+ OpenStack external network.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed
+ IP of a port in. This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to
+ the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a more verbose string suitable for logging and human consumption.
+ \n This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the OpenStackCluster's spec or the configuration of the
+ controller, and that manual intervention is required. Examples of
+ terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the responsible
+ controller itself being critically misconfigured. \n Any transient
+ errors that occur during the reconciliation of OpenStackClusters
+ can be added as events to the OpenStackCluster object and/or logged
+ in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a succinct value suitable for machine interpretation. \n This field
+ should not be set for transitive errors that a controller faces
+ that are expected to be fixed automatically over time (like service
+ outages), but instead indicate that something is fundamentally wrong
+ with the OpenStackCluster's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of OpenStackClusters can be added
+ as events to the OpenStackCluster object and/or logged in the controller's
+ output."
+ type: string
+ network:
+ description: Network contains all information about the created OpenStack
+ Network. It includes Subnets and Router.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed
+ IP of a port in. This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to
+ the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ type: boolean
+ workerSecurityGroup:
+ description: WorkerSecurityGroup contains all the information about
+ the OpenStack Security Group that needs to be applied to worker
+ nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackCluster belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: Cluster infrastructure is ready for OpenStack instances
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: Network the cluster is using
+ jsonPath: .status.network.id
+ name: Network
+ type: string
+ - description: Subnet the cluster is using
+ jsonPath: .status.network.subnet.id
+ name: Subnet
+ type: string
+ - description: API Endpoint
+ jsonPath: .spec.controlPlaneEndpoint.host
+ name: Endpoint
+ priority: 1
+ type: string
+ - description: Bastion address for breakglass access
+ jsonPath: .status.bastion.floatingIP
+ name: Bastion IP
+ type: string
+ - description: Time duration since creation of OpenStackCluster
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha6
+ schema:
+ openAPIV3Schema:
+ description: OpenStackCluster is the Schema for the openstackclusters API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterSpec defines the desired state of OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed security
+ groups are in use. If set to true, the rules for the managed security
+ groups are configured so that all ingress and egress between cluster
+ nodes is permitted, allowing CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be associated
+ with the API server. In the case where the API server has a floating
+ IP but not a managed load balancer, this field is not used. If a
+ managed load balancer is used and this field is not specified, a
+ fixed IP will be dynamically allocated for the load balancer. If
+ a managed load balancer is not used AND the API server floating
+ IP is disabled, this field MUST be specified and should correspond
+ to a pre-allocated port that holds the fixed IP to be used as a
+ VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will be associated
+ with the API server. The floatingIP will be created if it does not
+ already exist. If not specified, a new floatingIP is allocated.
+ This field is not used if DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: 'APIServerLoadBalancer configures the optional LoadBalancer
+ for the APIServer. It must be activated by setting `enabled: true`.'
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports to the
+ load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server listeners
+ to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should be
+ created.
+ type: boolean
+ type: object
+ apiServerPort:
+ description: APIServerPort is the port on which the listener on the
+ APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the nodes
+ \n As a rolling update is not ideal during a bastion host session,
+ we prevent changes to a running bastion configuration. Set `enabled:
+ false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server
+ instance. if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy control
+ plane to
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint used to
+ communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: Indicates whether to omit the az for control plane nodes,
+ allowing the Nova scheduler to make a decision on which az to use
+ based on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether or not
+ to attempt to attach a floating IP to the API server. This allows
+ for the creation of clusters when attaching a floating IP to the
+ API server (and hence, in many cases, exposing the API server to
+ the internet) is not possible or desirable, e.g. if using a shared
+ VLAN for communication between management and workload clusters
+ or when the management cluster is inside the project network. This
+ option requires that the API server use a VIP on the cluster network
+ so that the underlying machines can change without changing ControlPlaneEndpoint.Host.
+ When using a managed load balancer, this VIP will be managed automatically.
+ If not using a managed load balancer, cluster configuration will
+ fail without additional configuration to manage the VIP on the control
+ plane machines, which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security of the
+ network created for the Kubernetes cluster, which also disables
+ SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for OpenStack
+ Subnet being created. Set this value when you need create a new
+ network/subnet while the access through DNS is required.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs on the respective
+ subnets. This is necessary if the router needs a fixed ip in a specific
+ subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used for the
+ Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified this
+ will not be validated prior to server creation. If specified,
+ the enclosing `NetworkParam` must also be specified by
+ UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack security
+ groups for the cluster will be managed by the OpenStack provider
+ or whether pre-existing security groups will be specified as part
+ of the configuration. By default, the managed security groups have
+ rules that allow the Kubelet, etcd, the Kubernetes API server and
+ the Calico CNI plugin to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created. Cluster
+ actuator will create a network, a subnet with NodeCIDR, and a router
+ connected to this subnet. If you leave this empty, no network will
+ be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to detect
+ an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ status:
+ description: OpenStackClusterStatus defines the observed state of OpenStackCluster.
+ properties:
+ bastion:
+ properties:
+ configDrive:
+ type: boolean
+ failureDomain:
+ type: string
+ flavor:
+ type: string
+ floatingIP:
+ type: string
+ id:
+ type: string
+ image:
+ type: string
+ imageUUID:
+ type: string
+ ip:
+ type: string
+ metadata:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ networks:
+ items:
+ description: Network represents basic information about an OpenStack
+ Neutron Network associated with an instance's port.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer,
+ because this field is optional and therefore not set in
+ all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the
+ associated OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the
+ associated OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ type: array
+ rootVolume:
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securigyGroups:
+ items:
+ type: string
+ type: array
+ serverGroupID:
+ type: string
+ sshKeyName:
+ type: string
+ state:
+ description: InstanceState describes the state of an OpenStack
+ instance.
+ type: string
+ subnet:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ trunk:
+ type: boolean
+ userData:
+ type: string
+ type: object
+ bastionSecurityGroup:
+ description: SecurityGroup represents the basic information of the
+ associated OpenStack Neutron Security Group.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ controlPlaneSecurityGroup:
+ description: 'ControlPlaneSecurityGroups contains all the information
+ about the OpenStack Security Group that needs to be applied to control
+ plane nodes. TODO: Maybe instead of two properties, we add a property
+ to the group?'
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ externalNetwork:
+ description: External Network contains information about the created
+ OpenStack external network.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed
+ IP of a port in. This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to
+ the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ failureDomains:
+ additionalProperties:
+ description: FailureDomainSpec is the Schema for Cluster API failure
+ domains. It allows controllers to understand how many failure
+ domains a cluster can optionally span across.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a free form map of attributes an
+ infrastructure provider might use or require.
+ type: object
+ controlPlane:
+ description: ControlPlane determines if this failure domain
+ is suitable for use by control plane machines.
+ type: boolean
+ type: object
+ description: FailureDomains represent OpenStack availability zones
+ type: object
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a more verbose string suitable for logging and human consumption.
+ \n This field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the OpenStackCluster's spec or the configuration of the
+ controller, and that manual intervention is required. Examples of
+ terminal errors would be invalid combinations of settings in the
+ spec, values that are unsupported by the controller, or the responsible
+ controller itself being critically misconfigured. \n Any transient
+ errors that occur during the reconciliation of OpenStackClusters
+ can be added as events to the OpenStackCluster object and/or logged
+ in the controller's output."
+ type: string
+ failureReason:
+ description: "FailureReason will be set in the event that there is
+ a terminal problem reconciling the OpenStackCluster and will contain
+ a succinct value suitable for machine interpretation. \n This field
+ should not be set for transitive errors that a controller faces
+ that are expected to be fixed automatically over time (like service
+ outages), but instead indicate that something is fundamentally wrong
+ with the OpenStackCluster's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of OpenStackClusters can be added
+ as events to the OpenStackCluster object and/or logged in the controller's
+ output."
+ type: string
+ network:
+ description: Network contains all information about the created OpenStack
+ Network. It includes Subnets and Router.
+ properties:
+ apiServerLoadBalancer:
+ description: Be careful when using APIServerLoadBalancer, because
+ this field is optional and therefore not set in all cases
+ properties:
+ allowedCIDRs:
+ items:
+ type: string
+ type: array
+ id:
+ type: string
+ internalIP:
+ type: string
+ ip:
+ type: string
+ name:
+ type: string
+ required:
+ - id
+ - internalIP
+ - ip
+ - name
+ type: object
+ id:
+ type: string
+ name:
+ type: string
+ port:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed
+ IP of a port in. This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If
+ unspecified, instead the 0-based index of the port in the
+ list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to
+ the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If
+ not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ router:
+ description: Router represents basic information about the associated
+ OpenStack Neutron Router.
+ properties:
+ id:
+ type: string
+ ips:
+ items:
+ type: string
+ type: array
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ subnet:
+ description: Subnet represents basic information about the associated
+ OpenStack Neutron Subnet.
+ properties:
+ cidr:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - cidr
+ - id
+ - name
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ required:
+ - id
+ - name
+ type: object
+ ready:
+ type: boolean
+ workerSecurityGroup:
+ description: WorkerSecurityGroup contains all the information about
+ the OpenStack Security Group that needs to be applied to worker
+ nodes.
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ rules:
+ items:
+ description: SecurityGroupRule represent the basic information
+ of the associated OpenStack Security Group Role.
+ properties:
+ description:
+ type: string
+ direction:
+ type: string
+ etherType:
+ type: string
+ name:
+ type: string
+ portRangeMax:
+ type: integer
+ portRangeMin:
+ type: integer
+ protocol:
+ type: string
+ remoteGroupID:
+ type: string
+ remoteIPPrefix:
+ type: string
+ securityGroupID:
+ type: string
+ required:
+ - description
+ - direction
+ - etherType
+ - name
+ - portRangeMax
+ - portRangeMin
+ - protocol
+ - remoteGroupID
+ - remoteIPPrefix
+ - securityGroupID
+ type: object
+ type: array
+ required:
+ - id
+ - name
+ - rules
+ type: object
+ required:
+ - ready
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.9.2
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+ name: openstackclustertemplates.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackClusterTemplate
+ listKind: OpenStackClusterTemplateList
+ plural: openstackclustertemplates
+ shortNames:
+ - osct
+ singular: openstackclustertemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterTemplateSpec defines the desired state of
+ OpenStackClusterTemplate.
+ properties:
+ template:
+ description: OpenStackClusterTemplateResource describes the data needed
+ to create a OpenStackCluster from a template.
+ properties:
+ spec:
+ description: OpenStackClusterSpec defines the desired state of
+ OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed
+ security groups are in use. If set to true, the rules for
+ the managed security groups are configured so that all ingress
+ and egress between cluster nodes is permitted, allowing
+ CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be
+ associated with the API server. In the case where the API
+ server has a floating IP but not a managed load balancer,
+ this field is not used. If a managed load balancer is used
+ and this field is not specified, a fixed IP will be dynamically
+ allocated for the load balancer. If a managed load balancer
+ is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a
+ pre-allocated port that holds the fixed IP to be used as
+ a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will
+ be associated with the API server. The floatingIP will be
+ created if it does not already exist. If not specified,
+ a new floatingIP is allocated. This field is not used if
+ DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancerAdditionalPorts:
+ description: APIServerLoadBalancerAdditionalPorts adds additional
+ ports to the APIServerLoadBalancer
+ items:
+ type: integer
+ type: array
+ apiServerPort:
+ description: APIServerPort is the port on which the listener
+ on the APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the
+ nodes \n As a rolling update is not ideal during a bastion
+ host session, we prevent changes to a running bastion configuration.
+ Set `enabled: false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the
+ clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for
+ your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated
+ to the machine, only used for master. The floatingIP
+ should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity
+ to be used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported
+ by the infrastructure provider and may be either
+ cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity
+ to be used. Must be either a cluster-scoped
+ resource, or namespaced-scoped resource the
+ same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your
+ server instance. If the RootVolume is specified,
+ this will be ignored and use rootVolume directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance
+ ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter
+ when there are multiple networks defined for the
+ tenant. When you do not specify both networks and
+ ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet
+ query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet.
+ If specified this will not be validated
+ prior to server creation. If specified,
+ the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If
+ specified this will not be validated prior
+ to server creation. Required if `Subnets`
+ specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does
+ not already exist. When you do not specify both
+ networks and ports parameters, the server attaches
+ to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or
+ disables the port security when set. When
+ not set, it takes the value of the corresponding
+ field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or
+ IP address. These should be subnets of the
+ network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port
+ is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port
+ unique. If unspecified, instead the 0-based
+ index of the port in the list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on
+ which to create the port. If unspecified,
+ create the port on the default cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and
+ receive virtual network interface (VIF) port-specific
+ information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags
+ are applied in addition to the instance's
+ tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port
+ level. If not provided, openStackMachine.Spec.Trunk
+ is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card
+ (vNIC) type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as
+ specified by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign
+ to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security
+ groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine
+ to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create
+ a map of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this
+ subnet will be marked as AccessIPv4 on the created
+ compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created
+ on a trunk port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy
+ control plane to
+ items:
+ type: string
+ type: array
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint
+ used to communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether
+ or not to attempt to attach a floating IP to the API server.
+ This allows for the creation of clusters when attaching
+ a floating IP to the API server (and hence, in many cases,
+ exposing the API server to the internet) is not possible
+ or desirable, e.g. if using a shared VLAN for communication
+ between management and workload clusters or when the management
+ cluster is inside the project network. This option requires
+ that the API server use a VIP on the cluster network so
+ that the underlying machines can change without changing
+ ControlPlaneEndpoint.Host. When using a managed load balancer,
+ this VIP will be managed automatically. If not using a managed
+ load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines,
+ which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security
+ of the network created for the Kubernetes cluster, which
+ also disables SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for
+ OpenStack Subnet being created. Set this value when you
+ need create a new network/subnet while the access through
+ DNS is required.
+ items:
+ type: string
+ type: array
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the
+ VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs
+ on the respective subnets. This is necessary if the router
+ needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used
+ for the Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedAPIServerLoadBalancer:
+ description: ManagedAPIServerLoadBalancer defines whether
+ a LoadBalancer for the APIServer should be created.
+ type: boolean
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack
+ security groups for the cluster will be managed by the OpenStack
+ provider or whether pre-existing security groups will be
+ specified as part of the configuration. By default, the
+ managed security groups have rules that allow the Kubelet,
+ etcd, the Kubernetes API server and the Calico CNI plugin
+ to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing network.
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created.
+ Cluster actuator will create a network, a subnet with NodeCIDR,
+ and a router connected to this subnet. If you leave this
+ empty, no network will be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - name: v1alpha5
+ schema:
+ openAPIV3Schema:
+ description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterTemplateSpec defines the desired state of
+ OpenStackClusterTemplate.
+ properties:
+ template:
+ description: OpenStackClusterTemplateResource describes the data needed
+ to create a OpenStackCluster from a template.
+ properties:
+ spec:
+ description: OpenStackClusterSpec defines the desired state of
+ OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed
+ security groups are in use. If set to true, the rules for
+ the managed security groups are configured so that all ingress
+ and egress between cluster nodes is permitted, allowing
+ CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be
+ associated with the API server. In the case where the API
+ server has a floating IP but not a managed load balancer,
+ this field is not used. If a managed load balancer is used
+ and this field is not specified, a fixed IP will be dynamically
+ allocated for the load balancer. If a managed load balancer
+ is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a
+ pre-allocated port that holds the fixed IP to be used as
+ a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will
+ be associated with the API server. The floatingIP will be
+ created if it does not already exist. If not specified,
+ a new floatingIP is allocated. This field is not used if
+ DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: 'APIServerLoadBalancer configures the optional
+ LoadBalancer for the APIServer. It must be activated by
+ setting `enabled: true`.'
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports
+ to the load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server
+ listeners to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should
+ be created.
+ type: boolean
+ type: object
+ apiServerPort:
+ description: APIServerPort is the port on which the listener
+ on the APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the
+ nodes \n As a rolling update is not ideal during a bastion
+ host session, we prevent changes to a running bastion configuration.
+ Set `enabled: false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the
+ clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for
+ your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated
+ to the machine, only used for master. The floatingIP
+ should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity
+ to be used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported
+ by the infrastructure provider and may be either
+ cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity
+ to be used. Must be either a cluster-scoped
+ resource, or namespaced-scoped resource the
+ same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your
+ server instance. If the RootVolume is specified,
+ this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your
+ server instance. if it's empty, Image name will
+ be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance
+ ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter
+ when there are multiple networks defined for the
+ tenant. When you do not specify both networks and
+ ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet
+ query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet.
+ If specified this will not be validated
+ prior to server creation. If specified,
+ the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If
+ specified this will not be validated prior
+ to server creation. Required if `Subnets`
+ specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does
+ not already exist. When you do not specify both
+ networks and ports parameters, the server attaches
+ to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or
+ disables the port security when set. When
+ not set, it takes the value of the corresponding
+ field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or
+ IP address. These should be subnets of the
+ network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet
+ query that will return the id of a subnet
+ to create the fixed IP of a port in.
+ This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port
+ is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port
+ unique. If unspecified, instead the 0-based
+ index of the port in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack
+ network that the port will be created or discovered
+ on. This will fail if the query returns more
+ than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and
+ receive virtual network interface (VIF) port-specific
+ information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any
+ combination these of the security groups to
+ assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security
+ groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups
+ to assign to the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags
+ are applied in addition to the instance's
+ tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port
+ level. If not provided, openStackMachine.Spec.Trunk
+ is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card
+ (vNIC) type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as
+ specified by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign
+ to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security
+ groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine
+ to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create
+ a map of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this
+ subnet will be marked as AccessIPv4 on the created
+ compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created
+ on a trunk port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy
+ control plane to
+ items:
+ type: string
+ type: array
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint
+ used to communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether
+ or not to attempt to attach a floating IP to the API server.
+ This allows for the creation of clusters when attaching
+ a floating IP to the API server (and hence, in many cases,
+ exposing the API server to the internet) is not possible
+ or desirable, e.g. if using a shared VLAN for communication
+ between management and workload clusters or when the management
+ cluster is inside the project network. This option requires
+ that the API server use a VIP on the cluster network so
+ that the underlying machines can change without changing
+ ControlPlaneEndpoint.Host. When using a managed load balancer,
+ this VIP will be managed automatically. If not using a managed
+ load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines,
+ which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security
+ of the network created for the Kubernetes cluster, which
+ also disables SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for
+ OpenStack Subnet being created. Set this value when you
+ need create a new network/subnet while the access through
+ DNS is required.
+ items:
+ type: string
+ type: array
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the
+ VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs
+ on the respective subnets. This is necessary if the router
+ needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used
+ for the Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack
+ security groups for the cluster will be managed by the OpenStack
+ provider or whether pre-existing security groups will be
+ specified as part of the configuration. By default, the
+ managed security groups have rules that allow the Kubelet,
+ etcd, the Kubernetes API server and the Calico CNI plugin
+ to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created.
+ Cluster actuator will create a network, a subnet with NodeCIDR,
+ and a router connected to this subnet. If you leave this
+ empty, no network will be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - name: v1alpha6
+ schema:
+ openAPIV3Schema:
+ description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackClusterTemplateSpec defines the desired state of
+ OpenStackClusterTemplate.
+ properties:
+ template:
+ description: OpenStackClusterTemplateResource describes the data needed
+ to create a OpenStackCluster from a template.
+ properties:
+ spec:
+ description: OpenStackClusterSpec defines the desired state of
+ OpenStackCluster.
+ properties:
+ allowAllInClusterTraffic:
+ description: AllowAllInClusterTraffic is only used when managed
+ security groups are in use. If set to true, the rules for
+ the managed security groups are configured so that all ingress
+ and egress between cluster nodes is permitted, allowing
+ CNIs other than Calico to be used.
+ type: boolean
+ apiServerFixedIP:
+ description: APIServerFixedIP is the fixed IP which will be
+ associated with the API server. In the case where the API
+ server has a floating IP but not a managed load balancer,
+ this field is not used. If a managed load balancer is used
+ and this field is not specified, a fixed IP will be dynamically
+ allocated for the load balancer. If a managed load balancer
+ is not used AND the API server floating IP is disabled,
+ this field MUST be specified and should correspond to a
+ pre-allocated port that holds the fixed IP to be used as
+ a VIP.
+ type: string
+ apiServerFloatingIP:
+ description: APIServerFloatingIP is the floatingIP which will
+ be associated with the API server. The floatingIP will be
+ created if it does not already exist. If not specified,
+ a new floatingIP is allocated. This field is not used if
+ DisableAPIServerFloatingIP is set to true.
+ type: string
+ apiServerLoadBalancer:
+ description: 'APIServerLoadBalancer configures the optional
+ LoadBalancer for the APIServer. It must be activated by
+ setting `enabled: true`.'
+ properties:
+ additionalPorts:
+ description: AdditionalPorts adds additional tcp ports
+ to the load balancer.
+ items:
+ type: integer
+ type: array
+ allowedCidrs:
+ description: AllowedCIDRs restrict access to all API-Server
+ listeners to the given address CIDRs.
+ items:
+ type: string
+ type: array
+ enabled:
+ description: Enabled defines whether a load balancer should
+ be created.
+ type: boolean
+ type: object
+ apiServerPort:
+ description: APIServerPort is the port on which the listener
+ on the APIServer will be created
+ type: integer
+ bastion:
+ description: "Bastion is the OpenStack instance to login the
+ nodes \n As a rolling update is not ideal during a bastion
+ host session, we prevent changes to a running bastion configuration.
+ Set `enabled: false` to make changes."
+ properties:
+ availabilityZone:
+ type: string
+ enabled:
+ type: boolean
+ instance:
+ description: Instance for the bastion itself
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the
+ clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for
+ your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated
+ to the machine, only used for master. The floatingIP
+ should have been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity
+ to be used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported
+ by the infrastructure provider and may be either
+ cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity
+ to be used. Must be either a cluster-scoped
+ resource, or namespaced-scoped resource the
+ same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your
+ server instance. If the RootVolume is specified,
+ this will be ignored and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your
+ server instance. if it's empty, Image name will
+ be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance
+ ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter
+ when there are multiple networks defined for the
+ tenant. When you do not specify both networks and
+ ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet
+ query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet.
+ If specified this will not be validated
+ prior to server creation. If specified,
+ the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If
+ specified this will not be validated prior
+ to server creation. Required if `Subnets`
+ specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does
+ not already exist. When you do not specify both
+ networks and ports parameters, the server attaches
+ to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or
+ disables the port security when set. When
+ not set, it takes the value of the corresponding
+ field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or
+ IP address. These should be subnets of the
+ network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet
+ query that will return the id of a subnet
+ to create the fixed IP of a port in.
+ This query must not return more than
+ one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port
+ is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port
+ unique. If unspecified, instead the 0-based
+ index of the port in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack
+ network that the port will be created or discovered
+ on. This will fail if the query returns more
+ than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and
+ receive virtual network interface (VIF) port-specific
+ information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any
+ combination these of the security groups to
+ assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security
+ groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups
+ to assign to the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags
+ are applied in addition to the instance's
+ tags, which will also be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port
+ level. If not provided, openStackMachine.Spec.Trunk
+ is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card
+ (vNIC) type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as
+ specified by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign
+ to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security
+ groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine
+ to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create
+ a map of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this
+ subnet will be marked as AccessIPv4 on the created
+ compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created
+ on a trunk port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ type: object
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ controlPlaneAvailabilityZones:
+ description: ControlPlaneAvailabilityZones is the az to deploy
+ control plane to
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ controlPlaneEndpoint:
+ description: ControlPlaneEndpoint represents the endpoint
+ used to communicate with the control plane.
+ properties:
+ host:
+ description: The hostname on which the API server is serving.
+ type: string
+ port:
+ description: The port on which the API server is serving.
+ format: int32
+ type: integer
+ required:
+ - host
+ - port
+ type: object
+ controlPlaneOmitAvailabilityZone:
+ description: Indicates whether to omit the az for control
+ plane nodes, allowing the Nova scheduler to make a decision
+ on which az to use based on other scheduling constraints
+ type: boolean
+ disableAPIServerFloatingIP:
+ description: DisableAPIServerFloatingIP determines whether
+ or not to attempt to attach a floating IP to the API server.
+ This allows for the creation of clusters when attaching
+ a floating IP to the API server (and hence, in many cases,
+ exposing the API server to the internet) is not possible
+ or desirable, e.g. if using a shared VLAN for communication
+ between management and workload clusters or when the management
+ cluster is inside the project network. This option requires
+ that the API server use a VIP on the cluster network so
+ that the underlying machines can change without changing
+ ControlPlaneEndpoint.Host. When using a managed load balancer,
+ this VIP will be managed automatically. If not using a managed
+ load balancer, cluster configuration will fail without additional
+ configuration to manage the VIP on the control plane machines,
+ which falls outside of the scope of this controller.
+ type: boolean
+ disablePortSecurity:
+ description: DisablePortSecurity disables the port security
+ of the network created for the Kubernetes cluster, which
+ also disables SecurityGroups
+ type: boolean
+ dnsNameservers:
+ description: DNSNameservers is the list of nameservers for
+ OpenStack Subnet being created. Set this value when you
+ need create a new network/subnet while the access through
+ DNS is required.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ externalNetworkId:
+ description: ExternalNetworkID is the ID of an external OpenStack
+ Network. This is necessary to get public internet to the
+ VMs.
+ type: string
+ externalRouterIPs:
+ description: ExternalRouterIPs is an array of externalIPs
+ on the respective subnets. This is necessary if the router
+ needs a fixed ip in a specific subnet.
+ items:
+ properties:
+ fixedIP:
+ description: The FixedIP in the corresponding subnet
+ type: string
+ subnet:
+ description: The subnet in which the FixedIP is used
+ for the Gateway of this router
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ managedSecurityGroups:
+ description: ManagedSecurityGroups determines whether OpenStack
+ security groups for the cluster will be managed by the OpenStack
+ provider or whether pre-existing security groups will be
+ specified as part of the configuration. By default, the
+ managed security groups have rules that allow the Kubelet,
+ etcd, the Kubernetes API server and the Calico CNI plugin
+ to function correctly.
+ type: boolean
+ network:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ nodeCidr:
+ description: NodeCIDR is the OpenStack Subnet to be created.
+ Cluster actuator will create a network, a subnet with NodeCIDR,
+ and a router connected to this subnet. If you leave this
+ empty, no network will be created.
+ type: string
+ subnet:
+ description: If NodeCIDR cannot be set this can be used to
+ detect an existing subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ tags:
+ description: Tags for all resources in cluster
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.9.2
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+ name: openstackmachines.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackMachine
+ listKind: OpenStackMachineList
+ plural: openstackmachines
+ shortNames:
+ - osm
+ singular: openstackmachine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachine is the Schema for the openstackmachines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ cloudsSecret:
+ description: The name of the secret containing the openstack credentials
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the machine,
+ only used for master. The floatingIP should have been created and
+ haven't been associated.
+ type: string
+ image:
+ description: The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume
+ directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there are
+ multiple networks defined for the tenant. When you do not specify
+ the networks parameter, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIp:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: The UUID of the network. Required if you
+ omit the port attribute.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: The UUID of the network. Required if you omit the
+ port attribute.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will be marked
+ as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ userDataSecret:
+ description: The name of the secret containing the user data (startup
+ script in most cases)
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - flavor
+ type: object
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ errorMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ errorReason:
+ description: MachineStatusError defines errors states for Machine
+ objects.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the OpenStack instance
+ for this machine.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachine is the Schema for the openstackmachines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the machine,
+ only used for master. The floatingIP should have been created and
+ haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume
+ directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there are
+ multiple networks defined for the tenant. When you do not specify
+ both networks and ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified this
+ will not be validated prior to server creation. Required if
+ `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance. They are
+ created if a port with the given name does not already exist. When
+ you do not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If unspecified,
+ instead the 0-based index of the port in the list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to create
+ the port. If unspecified, create the port on the default cluster
+ network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If not
+ provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will be marked
+ as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ errorMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ errorReason:
+ description: MachineStatusError defines errors states for Machine
+ objects.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the OpenStack instance
+ for this machine.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha5
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachine is the Schema for the openstackmachines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the machine,
+ only used for master. The floatingIP should have been created and
+ haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume
+ directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there are
+ multiple networks defined for the tenant. When you do not specify
+ both networks and ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified this
+ will not be validated prior to server creation. Required if
+ `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance. They are
+ created if a port with the given name does not already exist. When
+ you do not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed IP
+ of a port in. This query must not return more than one
+ subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If unspecified,
+ instead the 0-based index of the port in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination these
+ of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to the
+ instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If not
+ provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will be marked
+ as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ failureReason:
+ description: MachineStatusError defines errors states for Machine
+ objects.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the OpenStack instance
+ for this machine.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Cluster to which this OpenStackMachine belongs
+ jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
+ name: Cluster
+ type: string
+ - description: OpenStack instance state
+ jsonPath: .status.instanceState
+ name: InstanceState
+ type: string
+ - description: Machine ready status
+ jsonPath: .status.ready
+ name: Ready
+ type: string
+ - description: OpenStack instance ID
+ jsonPath: .spec.providerID
+ name: ProviderID
+ type: string
+ - description: Machine object which owns with this OpenStackMachine
+ jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name
+ name: Machine
+ type: string
+ - description: Time duration since creation of OpenStackMachine
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha6
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachine is the Schema for the openstackmachines API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineSpec defines the desired state of OpenStackMachine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the machine,
+ only used for master. The floatingIP should have been created and
+ haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be used when
+ reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by the infrastructure
+ provider and may be either cluster or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be used. Must
+ be either a cluster-scoped resource, or namespaced-scoped resource
+ the same namespace as the resource(s) being provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server instance.
+ If the RootVolume is specified, this will be ignored and use rootVolume
+ directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server instance.
+ if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there are
+ multiple networks defined for the tenant. When you do not specify
+ both networks and ports parameters, the server attaches to the only
+ network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must also
+ be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified this
+ will not be validated prior to server creation. Required if
+ `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance. They are
+ created if a port with the given name does not already exist. When
+ you do not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables the port
+ security when set. When not set, it takes the value of the
+ corresponding field at the network level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address. These
+ should be subnets of the network with the given NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query that
+ will return the id of a subnet to create the fixed IP
+ of a port in. This query must not return more than one
+ subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique. If unspecified,
+ instead the 0-based index of the port in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network that
+ the port will be created or discovered on. This will fail
+ if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application running
+ on the specified host to pass and receive virtual network
+ interface (VIF) port-specific information to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination these
+ of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign to the
+ instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding trunk,
+ if a trunk is configured.) These tags are applied in addition
+ to the instance's tags, which will also be applied to the
+ port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level. If not
+ provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC) type
+ that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified by the
+ cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map of key value
+ pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will be marked
+ as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk port
+ or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ status:
+ description: OpenStackMachineStatus defines the observed state of OpenStackMachine.
+ properties:
+ addresses:
+ description: Addresses contains the OpenStack instance associated
+ addresses.
+ items:
+ description: NodeAddress contains information for the node's address.
+ properties:
+ address:
+ description: The node address.
+ type: string
+ type:
+ description: Node address type, one of Hostname, ExternalIP
+ or InternalIP.
+ type: string
+ required:
+ - address
+ - type
+ type: object
+ type: array
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another. This should be when the underlying condition changed.
+ If that is not known, then using the time when the API field
+ changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: A human readable message indicating details about
+ the transition. This field may be empty.
+ type: string
+ reason:
+ description: The reason for the condition's last transition
+ in CamelCase. The specific API may choose whether or not this
+ field is considered a guaranteed API. This field may not be
+ empty.
+ type: string
+ severity:
+ description: Severity provides an explicit classification of
+ Reason code, so the users or machines can immediately understand
+ the current situation and act accordingly. The Severity field
+ MUST be set only when Status=False.
+ type: string
+ status:
+ description: Status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: Type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important.
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ failureMessage:
+ description: "FailureMessage will be set in the event that there is
+ a terminal problem reconciling the Machine and will contain a more
+ verbose string suitable for logging and human consumption. \n This
+ field should not be set for transitive errors that a controller
+ faces that are expected to be fixed automatically over time (like
+ service outages), but instead indicate that something is fundamentally
+ wrong with the Machine's spec or the configuration of the controller,
+ and that manual intervention is required. Examples of terminal errors
+ would be invalid combinations of settings in the spec, values that
+ are unsupported by the controller, or the responsible controller
+ itself being critically misconfigured. \n Any transient errors that
+ occur during the reconciliation of Machines can be added as events
+ to the Machine object and/or logged in the controller's output."
+ type: string
+ failureReason:
+ description: MachineStatusError defines errors states for Machine
+ objects.
+ type: string
+ instanceState:
+ description: InstanceState is the state of the OpenStack instance
+ for this machine.
+ type: string
+ ready:
+ description: Ready is true when the provider resource is ready.
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ controller-gen.kubebuilder.io/version: v0.9.2
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ cluster.x-k8s.io/v1alpha3: v1alpha3
+ cluster.x-k8s.io/v1beta1: v1alpha4_v1alpha5_v1alpha6
+ name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: Cg==
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ - v1beta1
+ group: infrastructure.cluster.x-k8s.io
+ names:
+ categories:
+ - cluster-api
+ kind: OpenStackMachineTemplate
+ listKind: OpenStackMachineTemplateList
+ plural: openstackmachinetemplates
+ shortNames:
+ - osmt
+ singular: openstackmachinetemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ cloudsSecret:
+ description: The name of the secret containing the openstack
+ credentials
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify the networks parameter, the server attaches
+ to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIp:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: The UUID of the network. Required
+ if you omit the port attribute.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: The UUID of the network. Required if you
+ omit the port attribute.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ userDataSecret:
+ description: The name of the secret containing the user data
+ (startup script in most cases)
+ properties:
+ name:
+ description: name is unique within a namespace to reference
+ a secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which
+ the secret name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - flavor
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - name: v1alpha4
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ adminStateUp:
+ type: boolean
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ shared:
+ type: boolean
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ status:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ enableDhcp:
+ type: boolean
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ networkId:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ subnetpoolId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnetId:
+ type: string
+ required:
+ - subnetId
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ networkId:
+ description: ID of the OpenStack network on which to
+ create the port. If unspecified, create the port on
+ the default cluster network.
+ type: string
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroups:
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ deviceType:
+ type: string
+ diskSize:
+ type: integer
+ sourceType:
+ type: string
+ sourceUUID:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - name: v1alpha5
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server
+ instance. if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: false
+ - name: v1alpha6
+ schema:
+ openAPIV3Schema:
+ description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates
+ API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpenStackMachineTemplateSpec defines the desired state of
+ OpenStackMachineTemplate.
+ properties:
+ template:
+ description: OpenStackMachineTemplateResource describes the data needed
+ to create a OpenStackMachine from a template.
+ properties:
+ spec:
+ description: Spec is the specification of the desired behavior
+ of the machine.
+ properties:
+ cloudName:
+ description: The name of the cloud to use from the clouds
+ secret
+ type: string
+ configDrive:
+ description: Config Drive support
+ type: boolean
+ flavor:
+ description: The flavor reference for the flavor for your
+ server instance.
+ type: string
+ floatingIP:
+ description: The floatingIP which will be associated to the
+ machine, only used for master. The floatingIP should have
+ been created and haven't been associated.
+ type: string
+ identityRef:
+ description: IdentityRef is a reference to a identity to be
+ used when reconciling this cluster
+ properties:
+ kind:
+ description: Kind of the identity. Must be supported by
+ the infrastructure provider and may be either cluster
+ or namespace-scoped.
+ minLength: 1
+ type: string
+ name:
+ description: Name of the infrastructure identity to be
+ used. Must be either a cluster-scoped resource, or namespaced-scoped
+ resource the same namespace as the resource(s) being
+ provisioned.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ image:
+ description: The name of the image to use for your server
+ instance. If the RootVolume is specified, this will be ignored
+ and use rootVolume directly.
+ type: string
+ imageUUID:
+ description: The uuid of the image to use for your server
+ instance. if it's empty, Image name will be used
+ type: string
+ instanceID:
+ description: InstanceID is the OpenStack instance ID for this
+ machine.
+ type: string
+ networks:
+ description: A networks object. Required parameter when there
+ are multiple networks defined for the tenant. When you do
+ not specify both networks and ports parameters, the server
+ attaches to the only network created for the current tenant.
+ items:
+ properties:
+ filter:
+ description: Filters for optional network query
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ fixedIP:
+ description: A fixed IPv4 address for the NIC.
+ type: string
+ subnets:
+ description: Subnet within a network to use
+ items:
+ properties:
+ filter:
+ description: Filters for optional subnet query
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ uuid:
+ description: Optional UUID of the subnet. If specified
+ this will not be validated prior to server creation.
+ If specified, the enclosing `NetworkParam` must
+ also be specified by UUID.
+ type: string
+ type: object
+ type: array
+ uuid:
+ description: Optional UUID of the network. If specified
+ this will not be validated prior to server creation.
+ Required if `Subnets` specifies a subnet by UUID.
+ type: string
+ type: object
+ type: array
+ ports:
+ description: Ports to be attached to the server instance.
+ They are created if a port with the given name does not
+ already exist. When you do not specify both networks and
+ ports parameters, the server attaches to the only network
+ created for the current tenant.
+ items:
+ properties:
+ adminStateUp:
+ type: boolean
+ allowedAddressPairs:
+ items:
+ properties:
+ ipAddress:
+ type: string
+ macAddress:
+ type: string
+ type: object
+ type: array
+ description:
+ type: string
+ disablePortSecurity:
+ description: DisablePortSecurity enables or disables
+ the port security when set. When not set, it takes
+ the value of the corresponding field at the network
+ level.
+ type: boolean
+ fixedIPs:
+ description: Specify pairs of subnet and/or IP address.
+ These should be subnets of the network with the given
+ NetworkID.
+ items:
+ properties:
+ ipAddress:
+ type: string
+ subnet:
+ description: Subnet is an openstack subnet query
+ that will return the id of a subnet to create
+ the fixed IP of a port in. This query must not
+ return more than one subnet.
+ properties:
+ cidr:
+ type: string
+ description:
+ type: string
+ gateway_ip:
+ type: string
+ id:
+ type: string
+ ipVersion:
+ type: integer
+ ipv6AddressMode:
+ type: string
+ ipv6RaMode:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ required:
+ - subnet
+ type: object
+ type: array
+ hostId:
+ description: The ID of the host where the port is allocated
+ type: string
+ macAddress:
+ type: string
+ nameSuffix:
+ description: Used to make the name of the port unique.
+ If unspecified, instead the 0-based index of the port
+ in the list is used.
+ type: string
+ network:
+ description: Network is a query for an openstack network
+ that the port will be created or discovered on. This
+ will fail if the query returns more than one network.
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ type: object
+ profile:
+ additionalProperties:
+ type: string
+ description: A dictionary that enables the application
+ running on the specified host to pass and receive
+ virtual network interface (VIF) port-specific information
+ to the plug-in.
+ type: object
+ projectId:
+ type: string
+ securityGroupFilters:
+ description: The names, uuids, filters or any combination
+ these of the security groups to assign to the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups
+ in openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ securityGroups:
+ description: The uuids of the security groups to assign
+ to the instance
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tags:
+ description: Tags applied to the port (and corresponding
+ trunk, if a trunk is configured.) These tags are applied
+ in addition to the instance's tags, which will also
+ be applied to the port.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ tenantId:
+ type: string
+ trunk:
+ description: Enables and disables trunk at port level.
+ If not provided, openStackMachine.Spec.Trunk is inherited.
+ type: boolean
+ vnicType:
+ description: The virtual network interface card (vNIC)
+ type that is bound to the neutron port.
+ type: string
+ type: object
+ type: array
+ providerID:
+ description: ProviderID is the unique identifier as specified
+ by the cloud provider.
+ type: string
+ rootVolume:
+ description: The volume metadata to boot from
+ properties:
+ availabilityZone:
+ type: string
+ diskSize:
+ type: integer
+ volumeType:
+ type: string
+ type: object
+ securityGroups:
+ description: The names of the security groups to assign to
+ the instance
+ items:
+ properties:
+ filter:
+ description: Filters used to query security groups in
+ openstack
+ properties:
+ description:
+ type: string
+ id:
+ type: string
+ limit:
+ type: integer
+ marker:
+ type: string
+ name:
+ type: string
+ notTags:
+ type: string
+ notTagsAny:
+ type: string
+ projectId:
+ type: string
+ sortDir:
+ type: string
+ sortKey:
+ type: string
+ tags:
+ type: string
+ tagsAny:
+ type: string
+ tenantId:
+ type: string
+ type: object
+ name:
+ description: Security Group name
+ type: string
+ uuid:
+ description: Security Group UID
+ type: string
+ type: object
+ type: array
+ serverGroupID:
+ description: The server group to assign the machine to
+ type: string
+ serverMetadata:
+ additionalProperties:
+ type: string
+ description: Metadata mapping. Allows you to create a map
+ of key value pairs to add to the server instance.
+ type: object
+ sshKeyName:
+ description: The ssh key to inject in the instance
+ type: string
+ subnet:
+ description: UUID, IP address of a port from this subnet will
+ be marked as AccessIPv4 on the created compute instance
+ type: string
+ tags:
+ description: Machine tags Requires Nova api 2.52 minimum!
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ trunk:
+ description: Whether the server instance is created on a trunk
+ port or not.
+ type: boolean
+ required:
+ - flavor
+ type: object
+ required:
+ - spec
+ type: object
+ required:
+ - template
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-leader-election-role
+ namespace: capo-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - machines
+ - machines/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackclusters
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackclusters/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackmachines
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - openstackmachines/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-leader-election-rolebinding
+ namespace: capo-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: capo-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: capo-manager-role
+subjects:
+- kind: ServiceAccount
+ name: capo-manager
+ namespace: capo-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-webhook-service
+ namespace: capo-system
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ control-plane: capo-controller-manager
+ name: capo-controller-manager
+ namespace: capo-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ control-plane: capo-controller-manager
+ template:
+ metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ control-plane: capo-controller-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --v=2
+ - --metrics-bind-addr=127.0.0.1:8080
+ command:
+ - /manager
+ image: "{{ atmosphere_images['cluster_api_openstack_controller'] | vexxhost.atmosphere.docker_image('ref') }}"
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 9440
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: healthz
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ serviceAccountName: capo-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: capo-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-serving-cert
+ namespace: capo-system
+spec:
+ dnsNames:
+ - capo-webhook-service.capo-system.svc
+ - capo-webhook-service.capo-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: capo-selfsigned-issuer
+ secretName: capo-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-selfsigned-issuer
+ namespace: capo-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackcluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.openstackcluster.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackclustertemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.openstackclustertemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclustertemplates
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: default.openstackmachine.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackmachines
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: capo-system/capo-serving-cert
+ labels:
+ cluster.x-k8s.io/provider: infrastructure-openstack
+ name: capo-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackcluster
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackcluster.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackclustertemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackclustertemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackclustertemplates
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachine
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackmachine.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackmachines
+ sideEffects: None
+- admissionReviewVersions:
+ - v1beta1
+ clientConfig:
+ service:
+ name: capo-webhook-service
+ namespace: capo-system
+ path: /validate-infrastructure-cluster-x-k8s-io-v1alpha6-openstackmachinetemplate
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: validation.openstackmachinetemplate.infrastructure.cluster.x-k8s.io
+ rules:
+ - apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ apiVersions:
+ - v1alpha6
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - openstackmachinetemplates
+ sideEffects: None
diff --git a/roles/cluster_api/templates/capi-rbac.yml b/roles/cluster_api/templates/capi-rbac.yml
new file mode 100644
index 0000000..f1f2fdc
--- /dev/null
+++ b/roles/cluster_api/templates/capi-rbac.yml
@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: magnum-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: magnum-cluster-api
+ namespace: magnum-system
+rules:
+ - apiGroups: [""]
+ resources: [namespaces]
+ verbs: [patch]
+ - apiGroups: [""]
+ resources: [configmaps, secrets]
+ verbs: [create, update, patch, get, delete]
+ - apiGroups: [cluster.x-k8s.io]
+ resources: [clusters]
+ verbs: [create, update, patch, get, delete]
+ - apiGroups: [cluster.x-k8s.io]
+ resources: [clusterclasses]
+ verbs: [create, update, patch]
+ - apiGroups: [cluster.x-k8s.io]
+ resources: [machinedeployments]
+ verbs: [list]
+ - apiGroups: [bootstrap.cluster.x-k8s.io]
+ resources: [kubeadmconfigtemplates]
+ verbs: [create, update, patch]
+ - apiGroups: [controlplane.cluster.x-k8s.io]
+ resources: [kubeadmcontrolplanes]
+ verbs: [list]
+ - apiGroups: [controlplane.cluster.x-k8s.io]
+ resources: [kubeadmcontrolplanetemplates]
+ verbs: [create, update, patch]
+ - apiGroups: [infrastructure.cluster.x-k8s.io]
+ resources: [openstackclustertemplates, openstackmachinetemplates]
+ verbs: [create, update, patch]
+ - apiGroups: [addons.cluster.x-k8s.io]
+ resources: [clusterresourcesets]
+ verbs: [create, update, patch, delete]
+ - apiGroups: [source.toolkit.fluxcd.io]
+ resources: [helmrepositories]
+ verbs: [create, update, patch]
+ - apiGroups: [helm.toolkit.fluxcd.io]
+ resources: [helmreleases]
+ verbs: [delete]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: magnum-cluster-api
+ namespace: magnum-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: magnum-cluster-api
+subjects:
+ - kind: ServiceAccount
+ name: magnum-conductor
+ namespace: openstack
diff --git a/roles/ingress_nginx/README.md b/roles/ingress_nginx/README.md
index be5590a..ba2e82d 100644
--- a/roles/ingress_nginx/README.md
+++ b/roles/ingress_nginx/README.md
@@ -1 +1 @@
-# `coredns`
+# `ingress-nginx`