github.com/giantswarm/apiextensions/v2@v2.6.2/config/crd/v1beta1/core.giantswarm.io_ignitions.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1beta1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.2.4 8 creationTimestamp: null 9 name: ignitions.core.giantswarm.io 10 spec: 11 group: core.giantswarm.io 12 names: 13 categories: 14 - common 15 - giantswarm 16 kind: Ignition 17 listKind: IgnitionList 18 plural: ignitions 19 singular: ignition 20 scope: Namespaced 21 subresources: 22 status: {} 23 validation: 24 openAPIV3Schema: 25 description: "Ignition is a Kubernetes resource (CR) which is based on the Ignition 26 CRD defined above. \n An example Ignition resource can be viewed here https://github.com/giantswarm/apiextensions/blob/master/docs/cr/core.giantswarm.io_v1alpha1_ignition.yaml" 27 properties: 28 apiVersion: 29 description: 'APIVersion defines the versioned schema of this representation 30 of an object. Servers should convert recognized schemas to the latest 31 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 32 type: string 33 kind: 34 description: 'Kind is a string value representing the REST resource this 35 object represents. Servers may infer this from the endpoint the client 36 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 37 type: string 38 metadata: 39 type: object 40 spec: 41 description: IgnitionSpec is the interface which defines the input parameters 42 for a newly rendered g8s ignition template. 43 properties: 44 apiServerEncryptionKey: 45 description: APIServerEncryptionKey is used in EncryptionConfiguration 46 to encrypt Kubernetes secrets at rest. 47 type: string 48 baseDomain: 49 description: BaseDomain is the base domain for all cluster services. 50 For test installations, this may be in the form <clusterId>.k8s.<installation>.<region>.<provider>.gigantic.io. 51 type: string 52 calico: 53 description: Calico provides configuration for all calico-related services. 54 properties: 55 cidr: 56 description: CIDR is the CIDR-component of the IPv4 overlay subnetwork. 57 Combined with Subnet below. 58 type: string 59 disable: 60 description: Disable can be set to true to disable Calico setup. 61 type: boolean 62 mtu: 63 description: MTU is the maximum size of packets sent over Calico 64 in bytes. 65 type: string 66 subnet: 67 description: Subnet is the IP-component of the IPv4 overlay subnetwork. 68 Combined with CIDR above. 69 type: string 70 required: 71 - cidr 72 - disable 73 - mtu 74 - subnet 75 type: object 76 clusterID: 77 description: ClusterID is the name of the tenant cluster to be created. 78 type: string 79 disableEncryptionAtRest: 80 description: DisableEncryptionAtRest will disable secret encryption 81 at rest when set to true. 82 type: boolean 83 docker: 84 description: Docker provides configuration for all calico-related services. 85 properties: 86 daemon: 87 description: Daemon provides information about the Docker daemon 88 running on TC nodes. 89 properties: 90 cidr: 91 description: CIDR is the fully specified subnet used for DOCKER_OPT_BIP. 92 type: string 93 required: 94 - cidr 95 type: object 96 networkSetup: 97 description: NetworkSetup provides the Docker image to be used for 98 network environment setup. 99 properties: 100 image: 101 description: Image provides the Docker image to be used for 102 network environment setup. 103 type: string 104 required: 105 - image 106 type: object 107 required: 108 - daemon 109 - networkSetup 110 type: object 111 etcd: 112 description: Etcd provides configuration for all etcd-related services. 113 properties: 114 domain: 115 description: Domain is the domain of the etcd service. 116 type: string 117 port: 118 description: Port is the port of the etcd service, usually 2379. 119 type: integer 120 prefix: 121 description: Prefix is the prefix to add to all etcd keys created 122 by Kubernetes. 123 type: string 124 required: 125 - domain 126 - port 127 - prefix 128 type: object 129 extension: 130 description: Extension can be used to extend an ignition with extra 131 configuration provided by the provider operator. 132 properties: 133 files: 134 description: Files is an optional array of files which will be rendered 135 and added to the final node ignition. 136 items: 137 properties: 138 content: 139 description: Content is the string containing a file with 140 optional go-template-style replacements. 141 type: string 142 metadata: 143 description: Metadata is the filesystem metadata of the given 144 file. 145 properties: 146 compression: 147 description: Compression allows a file to be passed in 148 as a base64-encoded compressed string. 149 type: boolean 150 owner: 151 description: Owner is the owner of the file. 152 properties: 153 group: 154 description: Group is the group which owns the file. 155 properties: 156 id: 157 description: ID is the GID of the group. 158 type: string 159 name: 160 description: Name is the name of the group. 161 type: string 162 required: 163 - id 164 - name 165 type: object 166 user: 167 description: User is the user which owns the file. 168 properties: 169 id: 170 description: ID is the UID of the user. 171 type: string 172 name: 173 description: Name is the name of the user. 174 type: string 175 required: 176 - id 177 - name 178 type: object 179 required: 180 - group 181 - user 182 type: object 183 path: 184 description: Path is the path of the file. 185 type: string 186 permissions: 187 description: Permissions is the numeric permissions applied 188 to the file. 189 type: integer 190 required: 191 - compression 192 - owner 193 - path 194 - permissions 195 type: object 196 required: 197 - content 198 - metadata 199 type: object 200 type: array 201 units: 202 description: Files is an optional array of systemd units which will 203 be rendered and added to the final node ignition. 204 items: 205 properties: 206 content: 207 description: Content is the string containing a systemd unit 208 with optional go-template-style replacements. 209 type: string 210 metadata: 211 description: Metadata is the filesystem metadata of the given 212 file. 213 properties: 214 enabled: 215 description: Enabled indicates that the unit should be 216 enabled by default. 217 type: boolean 218 name: 219 description: Name is the name of the unit on the filesystem 220 and used in systemctl commands. 221 type: string 222 required: 223 - enabled 224 - name 225 type: object 226 required: 227 - content 228 - metadata 229 type: object 230 type: array 231 users: 232 description: Files is an optional array of users which will be added 233 to the final node ignition. 234 items: 235 properties: 236 name: 237 description: Name is the name of the user to be added to the 238 node via ignition. 239 type: string 240 publicKey: 241 description: PublicKey is the public key of the user to be 242 added to the node via ignition. 243 type: string 244 required: 245 - name 246 - publicKey 247 type: object 248 type: array 249 type: object 250 ingress: 251 description: Ingress provides configuration for all ingress-related 252 services. 253 properties: 254 disable: 255 description: Disable will disable the ingress controller in the 256 TC when true. 257 type: boolean 258 required: 259 - disable 260 type: object 261 isMaster: 262 description: IsMaster determines if the rendered ignition should contain 263 master-specific configuration. 264 type: boolean 265 kubernetes: 266 description: Kubernetes provides configuration for all Kubernetes-related 267 services. 268 properties: 269 api: 270 description: API holds information about the desired TC Kubernetes 271 API. 272 properties: 273 domain: 274 description: Domain is the domain of the API server. 275 type: string 276 securePort: 277 description: Secure port is the port on which the API will listen. 278 type: integer 279 required: 280 - domain 281 - securePort 282 type: object 283 cloudProvider: 284 description: CloudProvider is the provider upon which the cluster 285 is running. It is passed to API server as a flag. 286 type: string 287 dns: 288 description: DNS hold information about the in-cluster DNS service. 289 properties: 290 ip: 291 description: IP is the IP of the in-cluster DNS service. Usually 292 this is the same as the API server IP with the final component 293 replaced with .10. 294 type: string 295 required: 296 - ip 297 type: object 298 domain: 299 description: Domain is the domain used for services running in the 300 cluster. Usually this is "cluster.local". 301 type: string 302 ipRange: 303 description: IPRange is the range of IPs used for pod networking. 304 type: string 305 kubelet: 306 description: Kubelet holds information about the kubelet running 307 on nodes. 308 properties: 309 domain: 310 description: Domain is the domain of the network. 311 type: string 312 required: 313 - domain 314 type: object 315 oidc: 316 description: OIDC hold configuration which will be applied to the 317 apiserver OIDC flags. 318 properties: 319 clientID: 320 description: The client ID for the OpenID Connect client, must 321 be set if IssuerURL is set. 322 type: string 323 enabled: 324 description: Enabled indicates that the OIDC settings should 325 be applied when true. 326 type: boolean 327 groupsClaim: 328 description: If provided, the name of a custom OpenID Connect 329 claim for specifying user groups. The claim value is expected 330 to be a string or JSON encoded array of strings. 331 type: string 332 groupsPrefix: 333 description: If provided, all groups will be prefixed with this 334 value to prevent conflicts with other authentication strategies. 335 type: string 336 issuerUrl: 337 description: The URL of the OpenID issuer, only HTTPS scheme 338 will be accepted. If set, it will be used to verify the OIDC 339 JSON Web Token (JWT). 340 type: string 341 usernameClaim: 342 description: The OpenID claim to use as the user name. Note 343 that claims other than the default ('sub') is not guaranteed 344 to be unique and immutable. 345 type: string 346 usernamePrefix: 347 description: If provided, all usernames will be prefixed with 348 this value. If not provided, username claims other than 'email' 349 are prefixed by the issuer URL to avoid clashes. To skip any 350 prefixing, provide the value '-'. 351 type: string 352 required: 353 - clientID 354 - enabled 355 - groupsClaim 356 - groupsPrefix 357 - issuerUrl 358 - usernameClaim 359 - usernamePrefix 360 type: object 361 required: 362 - api 363 - cloudProvider 364 - dns 365 - domain 366 - ipRange 367 - kubelet 368 - oidc 369 type: object 370 provider: 371 description: Defines the provider which should be rendered. 372 type: string 373 registry: 374 description: Registry provides configuration for the docker registry 375 used for core component images. 376 properties: 377 domain: 378 description: Domain is the domain of the registry to be used for 379 pulling core component images. 380 type: string 381 pullProgressDeadline: 382 description: Pull progress deadline is a string representing a duration 383 to be used as a deadline for pulling images. 384 type: string 385 required: 386 - domain 387 - pullProgressDeadline 388 type: object 389 sso: 390 description: SSO provides configuration for all SSO-related services. 391 properties: 392 publicKey: 393 description: PublicKey is the public key of the SSO service. 394 type: string 395 required: 396 - publicKey 397 type: object 398 required: 399 - apiServerEncryptionKey 400 - baseDomain 401 - calico 402 - clusterID 403 - disableEncryptionAtRest 404 - docker 405 - etcd 406 - extension 407 - ingress 408 - isMaster 409 - kubernetes 410 - provider 411 - registry 412 - sso 413 type: object 414 status: 415 description: IgnitionStatus holds the rendering result. 416 properties: 417 dataSecretName: 418 description: DataSecret is a reference to the secret containing the 419 rendered ignition once created. 420 properties: 421 name: 422 description: Name is the name of the secret containing the rendered 423 ignition. 424 type: string 425 namespace: 426 description: Namespace is the namespace of the secret containing 427 the rendered ignition. 428 type: string 429 resourceVersion: 430 description: ResourceVersion is the Kubernetes resource version 431 of the secret. Used to detect if the secret has changed, e.g. 432 12345. 433 type: string 434 required: 435 - name 436 - namespace 437 - resourceVersion 438 type: object 439 failureMessage: 440 description: FailureMessage is a longer message indicating the reason 441 rendering failed (if it did). 442 type: string 443 failureReason: 444 description: FailureReason is a short string indicating the reason rendering 445 failed (if it did). 446 type: string 447 ready: 448 description: Ready will be true when the referenced secret contains 449 the rendered ignition and can be used for creating nodes. 450 type: boolean 451 verification: 452 description: Verification is a hash of the rendered ignition to ensure 453 that it has not been changed when loaded as a remote file by the bootstrap 454 ignition. See https://coreos.com/ignition/docs/latest/configuration-v2_2.html 455 properties: 456 algorithm: 457 description: The algorithm used for hashing. Must be sha512 for 458 now. 459 type: string 460 hash: 461 description: The content of the full rendered ignition hashed by 462 the corresponding algorithm. 463 type: string 464 required: 465 - algorithm 466 - hash 467 type: object 468 required: 469 - dataSecretName 470 - failureMessage 471 - failureReason 472 - ready 473 - verification 474 type: object 475 required: 476 - metadata 477 - spec 478 type: object 479 version: v1alpha1 480 versions: 481 - name: v1alpha1 482 served: true 483 storage: true 484 status: 485 acceptedNames: 486 kind: "" 487 plural: "" 488 conditions: [] 489 storedVersions: []