github.com/giantswarm/apiextensions/v2@v2.6.2/config/crd/v1/core.giantswarm.io_ignitions.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.2.4 8 creationTimestamp: null 9 name: ignitions.core.giantswarm.io 10 spec: 11 group: core.giantswarm.io 12 names: 13 categories: 14 - common 15 - giantswarm 16 kind: Ignition 17 listKind: IgnitionList 18 plural: ignitions 19 singular: ignition 20 scope: Namespaced 21 versions: 22 - name: v1alpha1 23 schema: 24 openAPIV3Schema: 25 description: "Ignition is a Kubernetes resource (CR) which is based on the 26 Ignition CRD defined above. \n An example Ignition resource can be viewed 27 here https://github.com/giantswarm/apiextensions/blob/master/docs/cr/core.giantswarm.io_v1alpha1_ignition.yaml" 28 properties: 29 apiVersion: 30 description: 'APIVersion defines the versioned schema of this representation 31 of an object. Servers should convert recognized schemas to the latest 32 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 33 type: string 34 kind: 35 description: 'Kind is a string value representing the REST resource this 36 object represents. Servers may infer this from the endpoint the client 37 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 38 type: string 39 metadata: 40 type: object 41 spec: 42 description: IgnitionSpec is the interface which defines the input parameters 43 for a newly rendered g8s ignition template. 44 properties: 45 apiServerEncryptionKey: 46 description: APIServerEncryptionKey is used in EncryptionConfiguration 47 to encrypt Kubernetes secrets at rest. 48 type: string 49 baseDomain: 50 description: BaseDomain is the base domain for all cluster services. 51 For test installations, this may be in the form <clusterId>.k8s.<installation>.<region>.<provider>.gigantic.io. 52 type: string 53 calico: 54 description: Calico provides configuration for all calico-related 55 services. 56 properties: 57 cidr: 58 description: CIDR is the CIDR-component of the IPv4 overlay subnetwork. 59 Combined with Subnet below. 60 type: string 61 disable: 62 description: Disable can be set to true to disable Calico setup. 63 type: boolean 64 mtu: 65 description: MTU is the maximum size of packets sent over Calico 66 in bytes. 67 type: string 68 subnet: 69 description: Subnet is the IP-component of the IPv4 overlay subnetwork. 70 Combined with CIDR above. 71 type: string 72 required: 73 - cidr 74 - disable 75 - mtu 76 - subnet 77 type: object 78 clusterID: 79 description: ClusterID is the name of the tenant cluster to be created. 80 type: string 81 disableEncryptionAtRest: 82 description: DisableEncryptionAtRest will disable secret encryption 83 at rest when set to true. 84 type: boolean 85 docker: 86 description: Docker provides configuration for all calico-related 87 services. 88 properties: 89 daemon: 90 description: Daemon provides information about the Docker daemon 91 running on TC nodes. 92 properties: 93 cidr: 94 description: CIDR is the fully specified subnet used for DOCKER_OPT_BIP. 95 type: string 96 required: 97 - cidr 98 type: object 99 networkSetup: 100 description: NetworkSetup provides the Docker image to be used 101 for network environment setup. 102 properties: 103 image: 104 description: Image provides the Docker image to be used for 105 network environment setup. 106 type: string 107 required: 108 - image 109 type: object 110 required: 111 - daemon 112 - networkSetup 113 type: object 114 etcd: 115 description: Etcd provides configuration for all etcd-related services. 116 properties: 117 domain: 118 description: Domain is the domain of the etcd service. 119 type: string 120 port: 121 description: Port is the port of the etcd service, usually 2379. 122 type: integer 123 prefix: 124 description: Prefix is the prefix to add to all etcd keys created 125 by Kubernetes. 126 type: string 127 required: 128 - domain 129 - port 130 - prefix 131 type: object 132 extension: 133 description: Extension can be used to extend an ignition with extra 134 configuration provided by the provider operator. 135 properties: 136 files: 137 description: Files is an optional array of files which will be 138 rendered and added to the final node ignition. 139 items: 140 properties: 141 content: 142 description: Content is the string containing a file with 143 optional go-template-style replacements. 144 type: string 145 metadata: 146 description: Metadata is the filesystem metadata of the 147 given file. 148 properties: 149 compression: 150 description: Compression allows a file to be passed 151 in as a base64-encoded compressed string. 152 type: boolean 153 owner: 154 description: Owner is the owner of the file. 155 properties: 156 group: 157 description: Group is the group which owns the file. 158 properties: 159 id: 160 description: ID is the GID of the group. 161 type: string 162 name: 163 description: Name is the name of the group. 164 type: string 165 required: 166 - id 167 - name 168 type: object 169 user: 170 description: User is the user which owns the file. 171 properties: 172 id: 173 description: ID is the UID of the user. 174 type: string 175 name: 176 description: Name is the name of the user. 177 type: string 178 required: 179 - id 180 - name 181 type: object 182 required: 183 - group 184 - user 185 type: object 186 path: 187 description: Path is the path of the file. 188 type: string 189 permissions: 190 description: Permissions is the numeric permissions 191 applied to the file. 192 type: integer 193 required: 194 - compression 195 - owner 196 - path 197 - permissions 198 type: object 199 required: 200 - content 201 - metadata 202 type: object 203 type: array 204 units: 205 description: Files is an optional array of systemd units which 206 will be rendered and added to the final node ignition. 207 items: 208 properties: 209 content: 210 description: Content is the string containing a systemd 211 unit with optional go-template-style replacements. 212 type: string 213 metadata: 214 description: Metadata is the filesystem metadata of the 215 given file. 216 properties: 217 enabled: 218 description: Enabled indicates that the unit should 219 be enabled by default. 220 type: boolean 221 name: 222 description: Name is the name of the unit on the filesystem 223 and used in systemctl commands. 224 type: string 225 required: 226 - enabled 227 - name 228 type: object 229 required: 230 - content 231 - metadata 232 type: object 233 type: array 234 users: 235 description: Files is an optional array of users which will be 236 added to the final node ignition. 237 items: 238 properties: 239 name: 240 description: Name is the name of the user to be added to 241 the node via ignition. 242 type: string 243 publicKey: 244 description: PublicKey is the public key of the user to 245 be added to the node via ignition. 246 type: string 247 required: 248 - name 249 - publicKey 250 type: object 251 type: array 252 type: object 253 ingress: 254 description: Ingress provides configuration for all ingress-related 255 services. 256 properties: 257 disable: 258 description: Disable will disable the ingress controller in the 259 TC when true. 260 type: boolean 261 required: 262 - disable 263 type: object 264 isMaster: 265 description: IsMaster determines if the rendered ignition should contain 266 master-specific configuration. 267 type: boolean 268 kubernetes: 269 description: Kubernetes provides configuration for all Kubernetes-related 270 services. 271 properties: 272 api: 273 description: API holds information about the desired TC Kubernetes 274 API. 275 properties: 276 domain: 277 description: Domain is the domain of the API server. 278 type: string 279 securePort: 280 description: Secure port is the port on which the API will 281 listen. 282 type: integer 283 required: 284 - domain 285 - securePort 286 type: object 287 cloudProvider: 288 description: CloudProvider is the provider upon which the cluster 289 is running. It is passed to API server as a flag. 290 type: string 291 dns: 292 description: DNS hold information about the in-cluster DNS service. 293 properties: 294 ip: 295 description: IP is the IP of the in-cluster DNS service. Usually 296 this is the same as the API server IP with the final component 297 replaced with .10. 298 type: string 299 required: 300 - ip 301 type: object 302 domain: 303 description: Domain is the domain used for services running in 304 the cluster. Usually this is "cluster.local". 305 type: string 306 ipRange: 307 description: IPRange is the range of IPs used for pod networking. 308 type: string 309 kubelet: 310 description: Kubelet holds information about the kubelet running 311 on nodes. 312 properties: 313 domain: 314 description: Domain is the domain of the network. 315 type: string 316 required: 317 - domain 318 type: object 319 oidc: 320 description: OIDC hold configuration which will be applied to 321 the apiserver OIDC flags. 322 properties: 323 clientID: 324 description: The client ID for the OpenID Connect client, 325 must be set if IssuerURL is set. 326 type: string 327 enabled: 328 description: Enabled indicates that the OIDC settings should 329 be applied when true. 330 type: boolean 331 groupsClaim: 332 description: If provided, the name of a custom OpenID Connect 333 claim for specifying user groups. The claim value is expected 334 to be a string or JSON encoded array of strings. 335 type: string 336 groupsPrefix: 337 description: If provided, all groups will be prefixed with 338 this value to prevent conflicts with other authentication 339 strategies. 340 type: string 341 issuerUrl: 342 description: The URL of the OpenID issuer, only HTTPS scheme 343 will be accepted. If set, it will be used to verify the 344 OIDC JSON Web Token (JWT). 345 type: string 346 usernameClaim: 347 description: The OpenID claim to use as the user name. Note 348 that claims other than the default ('sub') is not guaranteed 349 to be unique and immutable. 350 type: string 351 usernamePrefix: 352 description: If provided, all usernames will be prefixed with 353 this value. If not provided, username claims other than 354 'email' are prefixed by the issuer URL to avoid clashes. 355 To skip any prefixing, provide the value '-'. 356 type: string 357 required: 358 - clientID 359 - enabled 360 - groupsClaim 361 - groupsPrefix 362 - issuerUrl 363 - usernameClaim 364 - usernamePrefix 365 type: object 366 required: 367 - api 368 - cloudProvider 369 - dns 370 - domain 371 - ipRange 372 - kubelet 373 - oidc 374 type: object 375 provider: 376 description: Defines the provider which should be rendered. 377 type: string 378 registry: 379 description: Registry provides configuration for the docker registry 380 used for core component images. 381 properties: 382 domain: 383 description: Domain is the domain of the registry to be used for 384 pulling core component images. 385 type: string 386 pullProgressDeadline: 387 description: Pull progress deadline is a string representing a 388 duration to be used as a deadline for pulling images. 389 type: string 390 required: 391 - domain 392 - pullProgressDeadline 393 type: object 394 sso: 395 description: SSO provides configuration for all SSO-related services. 396 properties: 397 publicKey: 398 description: PublicKey is the public key of the SSO service. 399 type: string 400 required: 401 - publicKey 402 type: object 403 required: 404 - apiServerEncryptionKey 405 - baseDomain 406 - calico 407 - clusterID 408 - disableEncryptionAtRest 409 - docker 410 - etcd 411 - extension 412 - ingress 413 - isMaster 414 - kubernetes 415 - provider 416 - registry 417 - sso 418 type: object 419 status: 420 description: IgnitionStatus holds the rendering result. 421 properties: 422 dataSecretName: 423 description: DataSecret is a reference to the secret containing the 424 rendered ignition once created. 425 properties: 426 name: 427 description: Name is the name of the secret containing the rendered 428 ignition. 429 type: string 430 namespace: 431 description: Namespace is the namespace of the secret containing 432 the rendered ignition. 433 type: string 434 resourceVersion: 435 description: ResourceVersion is the Kubernetes resource version 436 of the secret. Used to detect if the secret has changed, e.g. 437 12345. 438 type: string 439 required: 440 - name 441 - namespace 442 - resourceVersion 443 type: object 444 failureMessage: 445 description: FailureMessage is a longer message indicating the reason 446 rendering failed (if it did). 447 type: string 448 failureReason: 449 description: FailureReason is a short string indicating the reason 450 rendering failed (if it did). 451 type: string 452 ready: 453 description: Ready will be true when the referenced secret contains 454 the rendered ignition and can be used for creating nodes. 455 type: boolean 456 verification: 457 description: Verification is a hash of the rendered ignition to ensure 458 that it has not been changed when loaded as a remote file by the 459 bootstrap ignition. See https://coreos.com/ignition/docs/latest/configuration-v2_2.html 460 properties: 461 algorithm: 462 description: The algorithm used for hashing. Must be sha512 for 463 now. 464 type: string 465 hash: 466 description: The content of the full rendered ignition hashed 467 by the corresponding algorithm. 468 type: string 469 required: 470 - algorithm 471 - hash 472 type: object 473 required: 474 - dataSecretName 475 - failureMessage 476 - failureReason 477 - ready 478 - verification 479 type: object 480 required: 481 - metadata 482 - spec 483 type: object 484 served: true 485 storage: true 486 subresources: 487 status: {} 488 status: 489 acceptedNames: 490 kind: "" 491 plural: "" 492 conditions: [] 493 storedVersions: []