github.com/rancher/types@v0.0.0-20220328215343-4370ff10ecd5/apis/management.cattle.io/v3/rke_types.go (about) 1 package v3 2 3 import ( 4 "github.com/rancher/norman/types" 5 v1 "k8s.io/api/core/v1" 6 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" 8 auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" 9 apiserverconfig "k8s.io/apiserver/pkg/apis/config" 10 ) 11 12 type RancherKubernetesEngineConfig struct { 13 // Kubernetes nodes 14 Nodes []RKEConfigNode `yaml:"nodes" json:"nodes,omitempty"` 15 // Kubernetes components 16 Services RKEConfigServices `yaml:"services" json:"services,omitempty"` 17 // Network configuration used in the kubernetes cluster (flannel, calico) 18 Network NetworkConfig `yaml:"network" json:"network,omitempty"` 19 // Authentication configuration used in the cluster (default: x509) 20 Authentication AuthnConfig `yaml:"authentication" json:"authentication,omitempty"` 21 // YAML manifest for user provided addons to be deployed on the cluster 22 Addons string `yaml:"addons" json:"addons,omitempty"` 23 // List of urls or paths for addons 24 AddonsInclude []string `yaml:"addons_include" json:"addonsInclude,omitempty"` 25 // List of images used internally for proxy, cert downlaod and kubedns 26 SystemImages RKESystemImages `yaml:"system_images" json:"systemImages,omitempty"` 27 // SSH Private Key Path 28 SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty" norman:"nocreate,noupdate"` 29 // SSH Certificate Path 30 SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty" norman:"nocreate,noupdate"` 31 // SSH Agent Auth enable 32 SSHAgentAuth bool `yaml:"ssh_agent_auth" json:"sshAgentAuth"` 33 // Authorization mode configuration used in the cluster 34 Authorization AuthzConfig `yaml:"authorization" json:"authorization,omitempty"` 35 // Enable/disable strict docker version checking 36 IgnoreDockerVersion *bool `yaml:"ignore_docker_version" json:"ignoreDockerVersion" norman:"default=true"` 37 // Kubernetes version to use (if kubernetes image is specifed, image version takes precedence) 38 Version string `yaml:"kubernetes_version" json:"kubernetesVersion,omitempty"` 39 // List of private registries and their credentials 40 PrivateRegistries []PrivateRegistry `yaml:"private_registries" json:"privateRegistries,omitempty"` 41 // Ingress controller used in the cluster 42 Ingress IngressConfig `yaml:"ingress" json:"ingress,omitempty"` 43 // Cluster Name used in the kube config 44 ClusterName string `yaml:"cluster_name" json:"clusterName,omitempty"` 45 // Cloud Provider options 46 CloudProvider CloudProvider `yaml:"cloud_provider" json:"cloudProvider,omitempty"` 47 // kubernetes directory path 48 PrefixPath string `yaml:"prefix_path" json:"prefixPath,omitempty"` 49 // kubernetes directory path for windows 50 WindowsPrefixPath string `yaml:"win_prefix_path" json:"winPrefixPath,omitempty"` 51 // Timeout in seconds for status check on addon deployment jobs 52 AddonJobTimeout int `yaml:"addon_job_timeout" json:"addonJobTimeout,omitempty" norman:"default=30"` 53 // Bastion/Jump Host configuration 54 BastionHost BastionHost `yaml:"bastion_host" json:"bastionHost,omitempty"` 55 // Monitoring Config 56 Monitoring MonitoringConfig `yaml:"monitoring" json:"monitoring,omitempty"` 57 // RestoreCluster flag 58 Restore RestoreConfig `yaml:"restore" json:"restore,omitempty"` 59 // Rotating Certificates Option 60 RotateCertificates *RotateCertificates `yaml:"rotate_certificates,omitempty" json:"rotateCertificates,omitempty"` 61 // DNS Config 62 DNS *DNSConfig `yaml:"dns" json:"dns,omitempty"` 63 // Upgrade Strategy for the cluster 64 UpgradeStrategy *NodeUpgradeStrategy `yaml:"upgrade_strategy,omitempty" json:"upgradeStrategy,omitempty"` 65 } 66 67 func (r *RancherKubernetesEngineConfig) ObjClusterName() string { 68 return r.ClusterName 69 } 70 71 type NodeUpgradeStrategy struct { 72 // MaxUnavailableWorker input can be a number of nodes or a percentage of nodes (example, max_unavailable_worker: 2 OR max_unavailable_worker: 20%) 73 MaxUnavailableWorker string `yaml:"max_unavailable_worker" json:"maxUnavailableWorker,omitempty" norman:"min=1,default=10%"` 74 // MaxUnavailableControlplane input can be a number of nodes or a percentage of nodes 75 MaxUnavailableControlplane string `yaml:"max_unavailable_controlplane" json:"maxUnavailableControlplane,omitempty" norman:"min=1,default=1"` 76 Drain bool `yaml:"drain" json:"drain,omitempty"` 77 DrainInput *NodeDrainInput `yaml:"node_drain_input" json:"nodeDrainInput,omitempty"` 78 } 79 80 type BastionHost struct { 81 // Address of Bastion Host 82 Address string `yaml:"address" json:"address,omitempty"` 83 // SSH Port of Bastion Host 84 Port string `yaml:"port" json:"port,omitempty"` 85 // ssh User to Bastion Host 86 User string `yaml:"user" json:"user,omitempty"` 87 // SSH Agent Auth enable 88 SSHAgentAuth bool `yaml:"ssh_agent_auth,omitempty" json:"sshAgentAuth,omitempty"` 89 // SSH Private Key 90 SSHKey string `yaml:"ssh_key" json:"sshKey,omitempty" norman:"type=password"` 91 // SSH Private Key Path 92 SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty"` 93 // SSH Certificate 94 SSHCert string `yaml:"ssh_cert" json:"sshCert,omitempty"` 95 // SSH Certificate Path 96 SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty"` 97 } 98 99 type PrivateRegistry struct { 100 // URL for the registry 101 URL string `yaml:"url" json:"url,omitempty"` 102 // User name for registry acces 103 User string `yaml:"user" json:"user,omitempty"` 104 // Password for registry access 105 Password string `yaml:"password" json:"password,omitempty" norman:"type=password"` 106 // Default registry 107 IsDefault bool `yaml:"is_default" json:"isDefault,omitempty"` 108 } 109 110 type RKESystemImages struct { 111 // etcd image 112 Etcd string `yaml:"etcd" json:"etcd,omitempty"` 113 // Alpine image 114 Alpine string `yaml:"alpine" json:"alpine,omitempty"` 115 // rke-nginx-proxy image 116 NginxProxy string `yaml:"nginx_proxy" json:"nginxProxy,omitempty"` 117 // rke-cert-deployer image 118 CertDownloader string `yaml:"cert_downloader" json:"certDownloader,omitempty"` 119 // rke-service-sidekick image 120 KubernetesServicesSidecar string `yaml:"kubernetes_services_sidecar" json:"kubernetesServicesSidecar,omitempty"` 121 // KubeDNS image 122 KubeDNS string `yaml:"kubedns" json:"kubedns,omitempty"` 123 // DNSMasq image 124 DNSmasq string `yaml:"dnsmasq" json:"dnsmasq,omitempty"` 125 // KubeDNS side car image 126 KubeDNSSidecar string `yaml:"kubedns_sidecar" json:"kubednsSidecar,omitempty"` 127 // KubeDNS autoscaler image 128 KubeDNSAutoscaler string `yaml:"kubedns_autoscaler" json:"kubednsAutoscaler,omitempty"` 129 // CoreDNS image 130 CoreDNS string `yaml:"coredns" json:"coredns,omitempty"` 131 // CoreDNS autoscaler image 132 CoreDNSAutoscaler string `yaml:"coredns_autoscaler" json:"corednsAutoscaler,omitempty"` 133 // Nodelocal image 134 Nodelocal string `yaml:"nodelocal" json:"nodelocal,omitempty"` 135 // Kubernetes image 136 Kubernetes string `yaml:"kubernetes" json:"kubernetes,omitempty"` 137 // Flannel image 138 Flannel string `yaml:"flannel" json:"flannel,omitempty"` 139 // Flannel CNI image 140 FlannelCNI string `yaml:"flannel_cni" json:"flannelCni,omitempty"` 141 // Calico Node image 142 CalicoNode string `yaml:"calico_node" json:"calicoNode,omitempty"` 143 // Calico CNI image 144 CalicoCNI string `yaml:"calico_cni" json:"calicoCni,omitempty"` 145 // Calico Controllers image 146 CalicoControllers string `yaml:"calico_controllers" json:"calicoControllers,omitempty"` 147 // Calicoctl image 148 CalicoCtl string `yaml:"calico_ctl" json:"calicoCtl,omitempty"` 149 //CalicoFlexVol image 150 CalicoFlexVol string `yaml:"calico_flexvol" json:"calicoFlexVol,omitempty"` 151 // Canal Node Image 152 CanalNode string `yaml:"canal_node" json:"canalNode,omitempty"` 153 // Canal CNI image 154 CanalCNI string `yaml:"canal_cni" json:"canalCni,omitempty"` 155 //CanalFlannel image 156 CanalFlannel string `yaml:"canal_flannel" json:"canalFlannel,omitempty"` 157 //CanalFlexVol image 158 CanalFlexVol string `yaml:"canal_flexvol" json:"canalFlexVol,omitempty"` 159 //Weave Node image 160 WeaveNode string `yaml:"weave_node" json:"weaveNode,omitempty"` 161 // Weave CNI image 162 WeaveCNI string `yaml:"weave_cni" json:"weaveCni,omitempty"` 163 // Pod infra container image 164 PodInfraContainer string `yaml:"pod_infra_container" json:"podInfraContainer,omitempty"` 165 // Ingress Controller image 166 Ingress string `yaml:"ingress" json:"ingress,omitempty"` 167 // Ingress Controller Backend image 168 IngressBackend string `yaml:"ingress_backend" json:"ingressBackend,omitempty"` 169 // Metrics Server image 170 MetricsServer string `yaml:"metrics_server" json:"metricsServer,omitempty"` 171 // Pod infra container image for Windows 172 WindowsPodInfraContainer string `yaml:"windows_pod_infra_container" json:"windowsPodInfraContainer,omitempty"` 173 } 174 175 type RKEConfigNode struct { 176 // Name of the host provisioned via docker machine 177 NodeName string `yaml:"nodeName,omitempty" json:"nodeName,omitempty" norman:"type=reference[node]"` 178 // IP or FQDN that is fully resolvable and used for SSH communication 179 Address string `yaml:"address" json:"address,omitempty"` 180 // Port used for SSH communication 181 Port string `yaml:"port" json:"port,omitempty"` 182 // Optional - Internal address that will be used for components communication 183 InternalAddress string `yaml:"internal_address" json:"internalAddress,omitempty"` 184 // Node role in kubernetes cluster (controlplane, worker, or etcd) 185 Role []string `yaml:"role" json:"role,omitempty" norman:"type=array[enum],options=etcd|worker|controlplane"` 186 // Optional - Hostname of the node 187 HostnameOverride string `yaml:"hostname_override" json:"hostnameOverride,omitempty"` 188 // SSH usesr that will be used by RKE 189 User string `yaml:"user" json:"user,omitempty"` 190 // Optional - Docker socket on the node that will be used in tunneling 191 DockerSocket string `yaml:"docker_socket" json:"dockerSocket,omitempty"` 192 // SSH Agent Auth enable 193 SSHAgentAuth bool `yaml:"ssh_agent_auth,omitempty" json:"sshAgentAuth,omitempty"` 194 // SSH Private Key 195 SSHKey string `yaml:"ssh_key" json:"sshKey,omitempty" norman:"type=password"` 196 // SSH Private Key Path 197 SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty"` 198 // SSH Certificate 199 SSHCert string `yaml:"ssh_cert" json:"sshCert,omitempty"` 200 // SSH Certificate Path 201 SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty"` 202 // Node Labels 203 Labels map[string]string `yaml:"labels" json:"labels,omitempty"` 204 // Node Taints 205 Taints []RKETaint `yaml:"taints" json:"taints,omitempty"` 206 } 207 208 type RKEK8sSystemImage struct { 209 types.Namespaced 210 metav1.TypeMeta `json:",inline"` 211 metav1.ObjectMeta `json:"metadata,omitempty"` 212 213 SystemImages RKESystemImages `yaml:"system_images" json:"systemImages,omitempty"` 214 } 215 216 type RKEK8sServiceOption struct { 217 types.Namespaced 218 metav1.TypeMeta `json:",inline"` 219 metav1.ObjectMeta `json:"metadata,omitempty"` 220 221 ServiceOptions KubernetesServicesOptions `yaml:"service_options" json:"serviceOptions,omitempty"` 222 } 223 224 type RKEAddon struct { 225 types.Namespaced 226 metav1.TypeMeta `json:",inline"` 227 metav1.ObjectMeta `json:"metadata,omitempty"` 228 229 Template string `yaml:"template" json:"template,omitempty"` 230 } 231 232 type K8sVersionInfo struct { 233 MinRKEVersion string `yaml:"min_rke_version" json:"minRKEVersion,omitempty"` 234 MaxRKEVersion string `yaml:"max_rke_version" json:"maxRKEVersion,omitempty"` 235 DeprecateRKEVersion string `yaml:"deprecate_rke_version" json:"deprecateRKEVersion,omitempty"` 236 237 MinRancherVersion string `yaml:"min_rancher_version" json:"minRancherVersion,omitempty"` 238 MaxRancherVersion string `yaml:"max_rancher_version" json:"maxRancherVersion,omitempty"` 239 DeprecateRancherVersion string `yaml:"deprecate_rancher_version" json:"deprecateRancherVersion,omitempty"` 240 } 241 242 type RKEConfigServices struct { 243 // Etcd Service 244 Etcd ETCDService `yaml:"etcd" json:"etcd,omitempty"` 245 // KubeAPI Service 246 KubeAPI KubeAPIService `yaml:"kube-api" json:"kubeApi,omitempty"` 247 // KubeController Service 248 KubeController KubeControllerService `yaml:"kube-controller" json:"kubeController,omitempty"` 249 // Scheduler Service 250 Scheduler SchedulerService `yaml:"scheduler" json:"scheduler,omitempty"` 251 // Kubelet Service 252 Kubelet KubeletService `yaml:"kubelet" json:"kubelet,omitempty"` 253 // KubeProxy Service 254 Kubeproxy KubeproxyService `yaml:"kubeproxy" json:"kubeproxy,omitempty"` 255 } 256 257 type ETCDService struct { 258 // Base service properties 259 BaseService `yaml:",inline" json:",inline"` 260 // List of etcd urls 261 ExternalURLs []string `yaml:"external_urls" json:"externalUrls,omitempty"` 262 // External CA certificate 263 CACert string `yaml:"ca_cert" json:"caCert,omitempty"` 264 // External Client certificate 265 Cert string `yaml:"cert" json:"cert,omitempty"` 266 // External Client key 267 Key string `yaml:"key" json:"key,omitempty"` 268 // External etcd prefix 269 Path string `yaml:"path" json:"path,omitempty"` 270 // UID to run etcd container as 271 UID int `yaml:"uid" json:"uid,omitempty"` 272 // GID to run etcd container as 273 GID int `yaml:"gid" json:"gid,omitempty"` 274 275 // Etcd Recurring snapshot Service, used by rke only 276 Snapshot *bool `yaml:"snapshot" json:"snapshot,omitempty" norman:"default=false"` 277 // Etcd snapshot Retention period 278 Retention string `yaml:"retention" json:"retention,omitempty" norman:"default=72h"` 279 // Etcd snapshot Creation period 280 Creation string `yaml:"creation" json:"creation,omitempty" norman:"default=12h"` 281 // Backup backend for etcd snapshots 282 BackupConfig *BackupConfig `yaml:"backup_config" json:"backupConfig,omitempty"` 283 } 284 285 type KubeAPIService struct { 286 // Base service properties 287 BaseService `yaml:",inline" json:",inline"` 288 // Virtual IP range that will be used by Kubernetes services 289 ServiceClusterIPRange string `yaml:"service_cluster_ip_range" json:"serviceClusterIpRange,omitempty"` 290 // Port range for services defined with NodePort type 291 ServiceNodePortRange string `yaml:"service_node_port_range" json:"serviceNodePortRange,omitempty" norman:"default=30000-32767"` 292 // Enabled/Disable PodSecurityPolicy 293 PodSecurityPolicy bool `yaml:"pod_security_policy" json:"podSecurityPolicy,omitempty"` 294 // Enable/Disable AlwaysPullImages admissions plugin 295 AlwaysPullImages bool `yaml:"always_pull_images" json:"alwaysPullImages,omitempty"` 296 // Secrets encryption provider config 297 SecretsEncryptionConfig *SecretsEncryptionConfig `yaml:"secrets_encryption_config" json:"secretsEncryptionConfig,omitempty"` 298 // Audit Log Configuration 299 AuditLog *AuditLog `yaml:"audit_log" json:"auditLog,omitempty"` 300 // AdmissionConfiguration 301 AdmissionConfiguration *apiserverv1alpha1.AdmissionConfiguration `yaml:"admission_configuration" json:"admissionConfiguration,omitempty" norman:"type=map[json]"` 302 // Event Rate Limit configuration 303 EventRateLimit *EventRateLimit `yaml:"event_rate_limit" json:"eventRateLimit,omitempty"` 304 } 305 306 type EventRateLimit struct { 307 Enabled bool `yaml:"enabled" json:"enabled,omitempty"` 308 Configuration *Configuration `yaml:"configuration" json:"configuration,omitempty" norman:"type=map[json]"` 309 } 310 311 type AuditLog struct { 312 Enabled bool `yaml:"enabled" json:"enabled,omitempty"` 313 Configuration *AuditLogConfig `yaml:"configuration" json:"configuration,omitempty"` 314 } 315 316 type AuditLogConfig struct { 317 MaxAge int `yaml:"max_age" json:"maxAge,omitempty"` 318 MaxBackup int `yaml:"max_backup" json:"maxBackup,omitempty"` 319 MaxSize int `yaml:"max_size" json:"maxSize,omitempty"` 320 Path string `yaml:"path" json:"path,omitempty"` 321 Format string `yaml:"format" json:"format,omitempty"` 322 Policy *auditv1.Policy `yaml:"policy" json:"policy,omitempty" norman:"type=map[json]"` 323 } 324 325 type KubeControllerService struct { 326 // Base service properties 327 BaseService `yaml:",inline" json:",inline"` 328 // CIDR Range for Pods in cluster 329 ClusterCIDR string `yaml:"cluster_cidr" json:"clusterCidr,omitempty"` 330 // Virtual IP range that will be used by Kubernetes services 331 ServiceClusterIPRange string `yaml:"service_cluster_ip_range" json:"serviceClusterIpRange,omitempty"` 332 } 333 334 type KubeletService struct { 335 // Base service properties 336 BaseService `yaml:",inline" json:",inline"` 337 // Domain of the cluster (default: "cluster.local") 338 ClusterDomain string `yaml:"cluster_domain" json:"clusterDomain,omitempty"` 339 // The image whose network/ipc namespaces containers in each pod will use 340 InfraContainerImage string `yaml:"infra_container_image" json:"infraContainerImage,omitempty"` 341 // Cluster DNS service ip 342 ClusterDNSServer string `yaml:"cluster_dns_server" json:"clusterDnsServer,omitempty"` 343 // Fail if swap is enabled 344 FailSwapOn bool `yaml:"fail_swap_on" json:"failSwapOn,omitempty"` 345 // Generate per node kubelet serving certificates created using kube-ca 346 GenerateServingCertificate bool `yaml:"generate_serving_certificate" json:"generateServingCertificate,omitempty"` 347 } 348 349 type KubeproxyService struct { 350 // Base service properties 351 BaseService `yaml:",inline" json:",inline"` 352 } 353 354 type SchedulerService struct { 355 // Base service properties 356 BaseService `yaml:",inline" json:",inline"` 357 } 358 359 type BaseService struct { 360 // Docker image of the service 361 Image string `yaml:"image" json:"image,omitempty"` 362 // Extra arguments that are added to the services 363 ExtraArgs map[string]string `yaml:"extra_args" json:"extraArgs,omitempty"` 364 // Extra binds added to the nodes 365 ExtraBinds []string `yaml:"extra_binds" json:"extraBinds,omitempty"` 366 // this is to provide extra env variable to the docker container running kubernetes service 367 ExtraEnv []string `yaml:"extra_env" json:"extraEnv,omitempty"` 368 369 // Windows nodes only of the same as the above 370 // Extra arguments that are added to the services 371 WindowsExtraArgs map[string]string `yaml:"win_extra_args" json:"winExtraArgs,omitempty"` 372 // Extra binds added to the nodes 373 WindowsExtraBinds []string `yaml:"win_extra_binds" json:"winExtraBinds,omitempty"` 374 // this is to provide extra env variable to the docker container running kubernetes service 375 WindowsExtraEnv []string `yaml:"win_extra_env" json:"winExtraEnv,omitempty"` 376 } 377 378 type NetworkConfig struct { 379 // Network Plugin That will be used in kubernetes cluster 380 Plugin string `yaml:"plugin" json:"plugin,omitempty" norman:"default=canal"` 381 // Plugin options to configure network properties 382 Options map[string]string `yaml:"options" json:"options,omitempty"` 383 // Set MTU for CNI provider 384 MTU int `yaml:"mtu" json:"mtu,omitempty"` 385 // CalicoNetworkProvider 386 CalicoNetworkProvider *CalicoNetworkProvider `yaml:"calico_network_provider,omitempty" json:"calicoNetworkProvider,omitempty"` 387 // CanalNetworkProvider 388 CanalNetworkProvider *CanalNetworkProvider `yaml:"canal_network_provider,omitempty" json:"canalNetworkProvider,omitempty"` 389 // FlannelNetworkProvider 390 FlannelNetworkProvider *FlannelNetworkProvider `yaml:"flannel_network_provider,omitempty" json:"flannelNetworkProvider,omitempty"` 391 // WeaveNetworkProvider 392 WeaveNetworkProvider *WeaveNetworkProvider `yaml:"weave_network_provider,omitempty" json:"weaveNetworkProvider,omitempty"` 393 // NodeSelector key pair 394 NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` 395 // Network plugin daemonset upgrade strategy 396 UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` 397 // Tolerations for Deployments 398 Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"` 399 } 400 401 type AuthWebhookConfig struct { 402 // ConfigFile is a multiline string that represent a custom webhook config file 403 ConfigFile string `yaml:"config_file" json:"configFile,omitempty"` 404 // CacheTimeout controls how long to cache authentication decisions 405 CacheTimeout string `yaml:"cache_timeout" json:"cacheTimeout,omitempty"` 406 } 407 408 type AuthnConfig struct { 409 // Authentication strategy that will be used in kubernetes cluster 410 Strategy string `yaml:"strategy" json:"strategy,omitempty" norman:"default=x509"` 411 // List of additional hostnames and IPs to include in the api server PKI cert 412 SANs []string `yaml:"sans" json:"sans,omitempty"` 413 // Webhook configuration options 414 Webhook *AuthWebhookConfig `yaml:"webhook" json:"webhook,omitempty"` 415 } 416 417 type AuthzConfig struct { 418 // Authorization mode used by kubernetes 419 Mode string `yaml:"mode" json:"mode,omitempty"` 420 // Authorization mode options 421 Options map[string]string `yaml:"options" json:"options,omitempty"` 422 } 423 424 type IngressConfig struct { 425 // Ingress controller type used by kubernetes 426 Provider string `yaml:"provider" json:"provider,omitempty" norman:"default=nginx"` 427 // Ingress controller options 428 Options map[string]string `yaml:"options" json:"options,omitempty"` 429 // NodeSelector key pair 430 NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` 431 // Ingress controller extra arguments 432 ExtraArgs map[string]string `yaml:"extra_args" json:"extraArgs,omitempty"` 433 // DNS Policy 434 DNSPolicy string `yaml:"dns_policy" json:"dnsPolicy,omitempty"` 435 // Extra Env vars 436 ExtraEnvs []ExtraEnv `yaml:"extra_envs" json:"extraEnvs,omitempty" norman:"type=array[json]"` 437 // Extra volumes 438 ExtraVolumes []ExtraVolume `yaml:"extra_volumes" json:"extraVolumes,omitempty" norman:"type=array[json]"` 439 // Extra volume mounts 440 ExtraVolumeMounts []ExtraVolumeMount `yaml:"extra_volume_mounts" json:"extraVolumeMounts,omitempty" norman:"type=array[json]"` 441 // nginx daemonset upgrade strategy 442 UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` 443 // Http port for ingress controller daemonset 444 HTTPPort int `yaml:"http_port" json:"httpPort,omitempty"` 445 // Https port for ingress controller daemonset 446 HTTPSPort int `yaml:"https_port" json:"httpsPort,omitempty"` 447 // NetworkMode selector for ingress controller pods. Default is HostNetwork 448 NetworkMode string `yaml:"network_mode" json:"networkMode,omitempty"` 449 // Tolerations for Deployments 450 Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"` 451 } 452 453 type ExtraEnv struct { 454 v1.EnvVar 455 } 456 457 type ExtraVolume struct { 458 v1.Volume 459 } 460 461 type ExtraVolumeMount struct { 462 v1.VolumeMount 463 } 464 465 type RKEPlan struct { 466 // List of node Plans 467 Nodes []RKEConfigNodePlan `json:"nodes,omitempty"` 468 } 469 470 type RKEConfigNodePlan struct { 471 // Node address 472 Address string `json:"address,omitempty"` 473 // map of named processes that should run on the node 474 Processes map[string]Process `json:"processes,omitempty"` 475 // List of portchecks that should be open on the node 476 PortChecks []PortCheck `json:"portChecks,omitempty"` 477 // List of files to deploy on the node 478 Files []File `json:"files,omitempty"` 479 // Node Annotations 480 Annotations map[string]string `json:"annotations,omitempty"` 481 // Node Labels 482 Labels map[string]string `json:"labels,omitempty"` 483 // Node Taints 484 Taints []RKETaint `json:"taints,omitempty"` 485 } 486 487 type Process struct { 488 // Process name, this should be the container name 489 Name string `json:"name,omitempty"` 490 // Process Entrypoint command 491 Command []string `json:"command,omitempty"` 492 // Process args 493 Args []string `json:"args,omitempty"` 494 // Environment variables list 495 Env []string `json:"env,omitempty"` 496 // Process docker image 497 Image string `json:"image,omitempty"` 498 //AuthConfig for image private registry 499 ImageRegistryAuthConfig string `json:"imageRegistryAuthConfig,omitempty"` 500 // Process docker image VolumesFrom 501 VolumesFrom []string `json:"volumesFrom,omitempty"` 502 // Process docker container bind mounts 503 Binds []string `json:"binds,omitempty"` 504 // Process docker container netwotk mode 505 NetworkMode string `json:"networkMode,omitempty"` 506 // Process container restart policy 507 RestartPolicy string `json:"restartPolicy,omitempty"` 508 // Process container pid mode 509 PidMode string `json:"pidMode,omitempty"` 510 // Run process in privileged container 511 Privileged bool `json:"privileged,omitempty"` 512 // Process healthcheck 513 HealthCheck HealthCheck `json:"healthCheck,omitempty"` 514 // Process docker container Labels 515 Labels map[string]string `json:"labels,omitempty"` 516 // Process docker publish container's port to host 517 Publish []string `json:"publish,omitempty"` 518 // docker will run the container with this user 519 User string `json:"user,omitempty"` 520 } 521 522 type HealthCheck struct { 523 // Healthcheck URL 524 URL string `json:"url,omitempty"` 525 } 526 527 type PortCheck struct { 528 // Portcheck address to check. 529 Address string `json:"address,omitempty"` 530 // Port number 531 Port int `json:"port,omitempty"` 532 // Port Protocol 533 Protocol string `json:"protocol,omitempty"` 534 } 535 536 type CloudProvider struct { 537 // Name of the Cloud Provider 538 Name string `yaml:"name" json:"name,omitempty"` 539 // AWSCloudProvider 540 AWSCloudProvider *AWSCloudProvider `yaml:"awsCloudProvider,omitempty" json:"awsCloudProvider,omitempty"` 541 // AzureCloudProvider 542 AzureCloudProvider *AzureCloudProvider `yaml:"azureCloudProvider,omitempty" json:"azureCloudProvider,omitempty"` 543 // OpenstackCloudProvider 544 OpenstackCloudProvider *OpenstackCloudProvider `yaml:"openstackCloudProvider,omitempty" json:"openstackCloudProvider,omitempty"` 545 // VsphereCloudProvider 546 VsphereCloudProvider *VsphereCloudProvider `yaml:"vsphereCloudProvider,omitempty" json:"vsphereCloudProvider,omitempty"` 547 // CustomCloudProvider is a multiline string that represent a custom cloud config file 548 CustomCloudProvider string `yaml:"customCloudProvider,omitempty" json:"customCloudProvider,omitempty"` 549 } 550 551 type CalicoNetworkProvider struct { 552 // Cloud provider type used with calico 553 CloudProvider string `json:"cloudProvider"` 554 } 555 556 type FlannelNetworkProvider struct { 557 // Alternate cloud interface for flannel 558 Iface string `json:"iface"` 559 } 560 561 type CanalNetworkProvider struct { 562 FlannelNetworkProvider `yaml:",inline" json:",inline"` 563 } 564 565 type WeaveNetworkProvider struct { 566 Password string `yaml:"password,omitempty" json:"password,omitempty" norman:"type=password"` 567 } 568 569 type KubernetesServicesOptions struct { 570 // Additional options passed to Etcd 571 Etcd map[string]string `json:"etcd"` 572 // Additional options passed to KubeAPI 573 KubeAPI map[string]string `json:"kubeapi"` 574 // Additional options passed to Kubelet 575 Kubelet map[string]string `json:"kubelet"` 576 // Additional options passed to Kubeproxy 577 Kubeproxy map[string]string `json:"kubeproxy"` 578 // Additional options passed to KubeController 579 KubeController map[string]string `json:"kubeController"` 580 // Additional options passed to Scheduler 581 Scheduler map[string]string `json:"scheduler"` 582 } 583 584 // VsphereCloudProvider options 585 type VsphereCloudProvider struct { 586 Global GlobalVsphereOpts `json:"global,omitempty" yaml:"global,omitempty" ini:"Global,omitempty"` 587 VirtualCenter map[string]VirtualCenterConfig `json:"virtualCenter,omitempty" yaml:"virtual_center,omitempty" ini:"VirtualCenter,omitempty"` 588 Network NetworkVshpereOpts `json:"network,omitempty" yaml:"network,omitempty" ini:"Network,omitempty"` 589 Disk DiskVsphereOpts `json:"disk,omitempty" yaml:"disk,omitempty" ini:"Disk,omitempty"` 590 Workspace WorkspaceVsphereOpts `json:"workspace,omitempty" yaml:"workspace,omitempty" ini:"Workspace,omitempty"` 591 } 592 593 type GlobalVsphereOpts struct { 594 User string `json:"user,omitempty" yaml:"user,omitempty" ini:"user,omitempty"` 595 Password string `json:"password,omitempty" yaml:"password,omitempty" ini:"password,omitempty" norman:"type=password"` 596 VCenterIP string `json:"server,omitempty" yaml:"server,omitempty" ini:"server,omitempty"` 597 VCenterPort string `json:"port,omitempty" yaml:"port,omitempty" ini:"port,omitempty"` 598 InsecureFlag bool `json:"insecure-flag,omitempty" yaml:"insecure-flag,omitempty" ini:"insecure-flag,omitempty"` 599 Datacenter string `json:"datacenter,omitempty" yaml:"datacenter,omitempty" ini:"datacenter,omitempty"` 600 Datacenters string `json:"datacenters,omitempty" yaml:"datacenters,omitempty" ini:"datacenters,omitempty"` 601 DefaultDatastore string `json:"datastore,omitempty" yaml:"datastore,omitempty" ini:"datastore,omitempty"` 602 WorkingDir string `json:"working-dir,omitempty" yaml:"working-dir,omitempty" ini:"working-dir,omitempty"` 603 RoundTripperCount int `json:"soap-roundtrip-count,omitempty" yaml:"soap-roundtrip-count,omitempty" ini:"soap-roundtrip-count,omitempty"` 604 VMUUID string `json:"vm-uuid,omitempty" yaml:"vm-uuid,omitempty" ini:"vm-uuid,omitempty"` 605 VMName string `json:"vm-name,omitempty" yaml:"vm-name,omitempty" ini:"vm-name,omitempty"` 606 } 607 608 type VirtualCenterConfig struct { 609 User string `json:"user,omitempty" yaml:"user,omitempty" ini:"user,omitempty"` 610 Password string `json:"password,omitempty" yaml:"password,omitempty" ini:"password,omitempty" norman:"type=password"` 611 VCenterPort string `json:"port,omitempty" yaml:"port,omitempty" ini:"port,omitempty"` 612 Datacenters string `json:"datacenters,omitempty" yaml:"datacenters,omitempty" ini:"datacenters,omitempty"` 613 RoundTripperCount int `json:"soap-roundtrip-count,omitempty" yaml:"soap-roundtrip-count,omitempty" ini:"soap-roundtrip-count,omitempty"` 614 } 615 616 type NetworkVshpereOpts struct { 617 PublicNetwork string `json:"public-network,omitempty" yaml:"public-network,omitempty" ini:"public-network,omitempty"` 618 } 619 620 type DiskVsphereOpts struct { 621 SCSIControllerType string `json:"scsicontrollertype,omitempty" yaml:"scsicontrollertype,omitempty" ini:"scsicontrollertype,omitempty"` 622 } 623 624 type WorkspaceVsphereOpts struct { 625 VCenterIP string `json:"server,omitempty" yaml:"server,omitempty" ini:"server,omitempty"` 626 Datacenter string `json:"datacenter,omitempty" yaml:"datacenter,omitempty" ini:"datacenter,omitempty"` 627 Folder string `json:"folder,omitempty" yaml:"folder,omitempty" ini:"folder,omitempty"` 628 DefaultDatastore string `json:"default-datastore,omitempty" yaml:"default-datastore,omitempty" ini:"default-datastore,omitempty"` 629 ResourcePoolPath string `json:"resourcepool-path,omitempty" yaml:"resourcepool-path,omitempty" ini:"resourcepool-path,omitempty"` 630 } 631 632 // OpenstackCloudProvider options 633 type OpenstackCloudProvider struct { 634 Global GlobalOpenstackOpts `json:"global" yaml:"global" ini:"Global,omitempty"` 635 LoadBalancer LoadBalancerOpenstackOpts `json:"loadBalancer" yaml:"load_balancer" ini:"LoadBalancer,omitempty"` 636 BlockStorage BlockStorageOpenstackOpts `json:"blockStorage" yaml:"block_storage" ini:"BlockStorage,omitempty"` 637 Route RouteOpenstackOpts `json:"route" yaml:"route" ini:"Route,omitempty"` 638 Metadata MetadataOpenstackOpts `json:"metadata" yaml:"metadata" ini:"Metadata,omitempty"` 639 } 640 641 type GlobalOpenstackOpts struct { 642 AuthURL string `json:"auth-url" yaml:"auth-url" ini:"auth-url,omitempty"` 643 Username string `json:"username" yaml:"username" ini:"username,omitempty"` 644 UserID string `json:"user-id" yaml:"user-id" ini:"user-id,omitempty"` 645 Password string `json:"password" yaml:"password" ini:"password,omitempty" norman:"type=password"` 646 TenantID string `json:"tenant-id" yaml:"tenant-id" ini:"tenant-id,omitempty"` 647 TenantName string `json:"tenant-name" yaml:"tenant-name" ini:"tenant-name,omitempty"` 648 TrustID string `json:"trust-id" yaml:"trust-id" ini:"trust-id,omitempty"` 649 DomainID string `json:"domain-id" yaml:"domain-id" ini:"domain-id,omitempty"` 650 DomainName string `json:"domain-name" yaml:"domain-name" ini:"domain-name,omitempty"` 651 Region string `json:"region" yaml:"region" ini:"region,omitempty"` 652 CAFile string `json:"ca-file" yaml:"ca-file" ini:"ca-file,omitempty"` 653 } 654 655 type LoadBalancerOpenstackOpts struct { 656 LBVersion string `json:"lb-version" yaml:"lb-version" ini:"lb-version,omitempty"` // overrides autodetection. Only support v2. 657 UseOctavia bool `json:"use-octavia" yaml:"use-octavia" ini:"use-octavia,omitempty"` // uses Octavia V2 service catalog endpoint 658 SubnetID string `json:"subnet-id" yaml:"subnet-id" ini:"subnet-id,omitempty"` // overrides autodetection. 659 FloatingNetworkID string `json:"floating-network-id" yaml:"floating-network-id" ini:"floating-network-id,omitempty"` // If specified, will create floating ip for loadbalancer, or do not create floating ip. 660 LBMethod string `json:"lb-method" yaml:"lb-method" ini:"lb-method,omitempty"` // default to ROUND_ROBIN. 661 LBProvider string `json:"lb-provider" yaml:"lb-provider" ini:"lb-provider,omitempty"` 662 CreateMonitor bool `json:"create-monitor" yaml:"create-monitor" ini:"create-monitor,omitempty"` 663 MonitorDelay string `json:"monitor-delay" yaml:"monitor-delay" ini:"monitor-delay,omitempty"` 664 MonitorTimeout string `json:"monitor-timeout" yaml:"monitor-timeout" ini:"monitor-timeout,omitempty"` 665 MonitorMaxRetries int `json:"monitor-max-retries" yaml:"monitor-max-retries" ini:"monitor-max-retries,omitempty"` 666 ManageSecurityGroups bool `json:"manage-security-groups" yaml:"manage-security-groups" ini:"manage-security-groups,omitempty"` 667 } 668 669 type BlockStorageOpenstackOpts struct { 670 BSVersion string `json:"bs-version" yaml:"bs-version" ini:"bs-version,omitempty"` // overrides autodetection. v1 or v2. Defaults to auto 671 TrustDevicePath bool `json:"trust-device-path" yaml:"trust-device-path" ini:"trust-device-path,omitempty"` // See Issue #33128 672 IgnoreVolumeAZ bool `json:"ignore-volume-az" yaml:"ignore-volume-az" ini:"ignore-volume-az,omitempty"` 673 } 674 675 type RouteOpenstackOpts struct { 676 RouterID string `json:"router-id" yaml:"router-id" ini:"router-id,omitempty"` // required 677 } 678 679 type MetadataOpenstackOpts struct { 680 SearchOrder string `json:"search-order" yaml:"search-order" ini:"search-order,omitempty"` 681 RequestTimeout int `json:"request-timeout" yaml:"request-timeout" ini:"request-timeout,omitempty"` 682 } 683 684 // AzureCloudProvider options 685 type AzureCloudProvider struct { 686 // The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13 687 Cloud string `json:"cloud" yaml:"cloud"` 688 // The AAD Tenant ID for the Subscription that the cluster is deployed in 689 TenantID string `json:"tenantId" yaml:"tenantId"` 690 // The ID of the Azure Subscription that the cluster is deployed in 691 SubscriptionID string `json:"subscriptionId" yaml:"subscriptionId"` 692 // The name of the resource group that the cluster is deployed in 693 ResourceGroup string `json:"resourceGroup" yaml:"resourceGroup"` 694 // The location of the resource group that the cluster is deployed in 695 Location string `json:"location" yaml:"location"` 696 // The name of the VNet that the cluster is deployed in 697 VnetName string `json:"vnetName" yaml:"vnetName"` 698 // The name of the resource group that the Vnet is deployed in 699 VnetResourceGroup string `json:"vnetResourceGroup" yaml:"vnetResourceGroup"` 700 // The name of the subnet that the cluster is deployed in 701 SubnetName string `json:"subnetName" yaml:"subnetName"` 702 // The name of the security group attached to the cluster's subnet 703 SecurityGroupName string `json:"securityGroupName" yaml:"securityGroupName"` 704 // (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in 705 RouteTableName string `json:"routeTableName" yaml:"routeTableName"` 706 // (Optional) The name of the availability set that should be used as the load balancer backend 707 // If this is set, the Azure cloudprovider will only add nodes from that availability set to the load 708 // balancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, then 709 // the cloudprovider will try to add all nodes to a single backend pool which is forbidden. 710 // In other words, if you use multiple agent pools (availability sets), you MUST set this field. 711 PrimaryAvailabilitySetName string `json:"primaryAvailabilitySetName" yaml:"primaryAvailabilitySetName"` 712 // The type of azure nodes. Candidate valudes are: vmss and standard. 713 // If not set, it will be default to standard. 714 VMType string `json:"vmType" yaml:"vmType"` 715 // The name of the scale set that should be used as the load balancer backend. 716 // If this is set, the Azure cloudprovider will only add nodes from that scale set to the load 717 // balancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, then 718 // the cloudprovider will try to add all nodes to a single backend pool which is forbidden. 719 // In other words, if you use multiple agent pools (scale sets), you MUST set this field. 720 PrimaryScaleSetName string `json:"primaryScaleSetName" yaml:"primaryScaleSetName"` 721 // The ClientID for an AAD application with RBAC access to talk to Azure RM APIs 722 // This's used for service principal authentication: https://github.com/Azure/aks-engine/blob/master/docs/topics/service-principals.md 723 AADClientID string `json:"aadClientId" yaml:"aadClientId"` 724 // The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs 725 // This's used for service principal authentication: https://github.com/Azure/aks-engine/blob/master/docs/topics/service-principals.md 726 AADClientSecret string `json:"aadClientSecret" yaml:"aadClientSecret" norman:"type=password"` 727 // The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs 728 // This's used for client certificate authentication: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service 729 AADClientCertPath string `json:"aadClientCertPath" yaml:"aadClientCertPath"` 730 // The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs 731 // This's used for client certificate authentication: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service 732 AADClientCertPassword string `json:"aadClientCertPassword" yaml:"aadClientCertPassword" norman:"type=password"` 733 // Enable exponential backoff to manage resource request retries 734 CloudProviderBackoff bool `json:"cloudProviderBackoff" yaml:"cloudProviderBackoff"` 735 // Backoff retry limit 736 CloudProviderBackoffRetries int `json:"cloudProviderBackoffRetries" yaml:"cloudProviderBackoffRetries"` 737 // Backoff exponent 738 CloudProviderBackoffExponent int `json:"cloudProviderBackoffExponent" yaml:"cloudProviderBackoffExponent"` 739 // Backoff duration 740 CloudProviderBackoffDuration int `json:"cloudProviderBackoffDuration" yaml:"cloudProviderBackoffDuration"` 741 // Backoff jitter 742 CloudProviderBackoffJitter int `json:"cloudProviderBackoffJitter" yaml:"cloudProviderBackoffJitter"` 743 // Enable rate limiting 744 CloudProviderRateLimit bool `json:"cloudProviderRateLimit" yaml:"cloudProviderRateLimit"` 745 // Rate limit QPS 746 CloudProviderRateLimitQPS int `json:"cloudProviderRateLimitQPS" yaml:"cloudProviderRateLimitQPS"` 747 // Rate limit Bucket Size 748 CloudProviderRateLimitBucket int `json:"cloudProviderRateLimitBucket" yaml:"cloudProviderRateLimitBucket"` 749 // Use instance metadata service where possible 750 UseInstanceMetadata bool `json:"useInstanceMetadata" yaml:"useInstanceMetadata"` 751 // Use managed service identity for the virtual machine to access Azure ARM APIs 752 // This's used for managed identity authentication: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview 753 // For user-assigned managed identity, need to set the below UserAssignedIdentityID 754 UseManagedIdentityExtension bool `json:"useManagedIdentityExtension" yaml:"useManagedIdentityExtension"` 755 // The Client ID of the user assigned MSI which is assigned to the underlying VMs 756 // This's used for managed identity authentication: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview 757 UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"` 758 // Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer, default(0) to 148 759 MaximumLoadBalancerRuleCount int `json:"maximumLoadBalancerRuleCount" yaml:"maximumLoadBalancerRuleCount"` 760 // Sku of Load Balancer and Public IP: `basic` or `standard`, default(blank) to `basic` 761 LoadBalancerSku string `json:"loadBalancerSku,omitempty" yaml:"loadBalancerSku,omitempty"` 762 // Excludes master nodes (labeled with `node-role.kubernetes.io/master`) from the backend pool of Azure standard loadbalancer, default(nil) to `true` 763 // If want adding the master nodes to ALB, this should be set to `false` and remove the `node-role.kubernetes.io/master` label from master nodes 764 ExcludeMasterFromStandardLB *bool `json:"excludeMasterFromStandardLB,omitempty" yaml:"excludeMasterFromStandardLB,omitempty"` 765 } 766 767 // AWSCloudProvider options 768 type AWSCloudProvider struct { 769 Global GlobalAwsOpts `json:"global" yaml:"global" ini:"Global,omitempty"` 770 ServiceOverride map[string]ServiceOverride `json:"serviceOverride,omitempty" yaml:"service_override,omitempty" ini:"ServiceOverride,omitempty"` 771 } 772 773 type ServiceOverride struct { 774 Service string `json:"service" yaml:"service" ini:"Service,omitempty"` 775 Region string `json:"region" yaml:"region" ini:"Region,omitempty"` 776 URL string `json:"url" yaml:"url" ini:"URL,omitempty"` 777 SigningRegion string `json:"signing-region" yaml:"signing-region" ini:"SigningRegion,omitempty"` 778 SigningMethod string `json:"signing-method" yaml:"signing-method" ini:"SigningMethod,omitempty"` 779 SigningName string `json:"signing-name" yaml:"signing-name" ini:"SigningName,omitempty"` 780 } 781 782 type GlobalAwsOpts struct { 783 // TODO: Is there any use for this? We can get it from the instance metadata service 784 // Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful 785 Zone string `json:"zone" yaml:"zone" ini:"Zone,omitempty"` 786 787 // The AWS VPC flag enables the possibility to run the master components 788 // on a different aws account, on a different cloud provider or on-premises. 789 // If the flag is set also the KubernetesClusterTag must be provided 790 VPC string `json:"vpc" yaml:"vpc" ini:"VPC,omitempty"` 791 // SubnetID enables using a specific subnet to use for ELB's 792 SubnetID string `json:"subnet-id" yaml:"subnet-id" ini:"SubnetID,omitempty"` 793 // RouteTableID enables using a specific RouteTable 794 RouteTableID string `json:"routetable-id" yaml:"routetable-id" ini:"RouteTableID,omitempty"` 795 796 // RoleARN is the IAM role to assume when interaction with AWS APIs. 797 RoleARN string `json:"role-arn" yaml:"role-arn" ini:"RoleARN,omitempty"` 798 799 // KubernetesClusterTag is the legacy cluster id we'll use to identify our cluster resources 800 KubernetesClusterTag string `json:"kubernetes-cluster-tag" yaml:"kubernetes-cluster-tag" ini:"KubernetesClusterTag,omitempty"` 801 // KubernetesClusterID is the cluster id we'll use to identify our cluster resources 802 KubernetesClusterID string `json:"kubernetes-cluster-id" yaml:"kubernetes-cluster-id" ini:"KubernetesClusterID,omitempty"` 803 804 //The aws provider creates an inbound rule per load balancer on the node security 805 //group. However, this can run into the AWS security group rule limit of 50 if 806 //many LoadBalancers are created. 807 // 808 //This flag disables the automatic ingress creation. It requires that the user 809 //has setup a rule that allows inbound traffic on kubelet ports from the 810 //local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000. 811 DisableSecurityGroupIngress bool `json:"disable-security-group-ingress" yaml:"disable-security-group-ingress" ini:"DisableSecurityGroupIngress,omitempty"` 812 813 //AWS has a hard limit of 500 security groups. For large clusters creating a security group for each ELB 814 //can cause the max number of security groups to be reached. If this is set instead of creating a new 815 //Security group for each ELB this security group will be used instead. 816 ElbSecurityGroup string `json:"elb-security-group" yaml:"elb-security-group" ini:"ElbSecurityGroup,omitempty"` 817 818 //During the instantiation of an new AWS cloud provider, the detected region 819 //is validated against a known set of regions. 820 // 821 //In a non-standard, AWS like environment (e.g. Eucalyptus), this check may 822 //be undesirable. Setting this to true will disable the check and provide 823 //a warning that the check was skipped. Please note that this is an 824 //experimental feature and work-in-progress for the moment. If you find 825 //yourself in an non-AWS cloud and open an issue, please indicate that in the 826 //issue body. 827 DisableStrictZoneCheck bool `json:"disable-strict-zone-check" yaml:"disable-strict-zone-check" ini:"DisableStrictZoneCheck,omitempty"` 828 } 829 830 type MonitoringConfig struct { 831 // Monitoring server provider 832 Provider string `yaml:"provider" json:"provider,omitempty" norman:"default=metrics-server"` 833 // Metrics server options 834 Options map[string]string `yaml:"options" json:"options,omitempty"` 835 // NodeSelector key pair 836 NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` 837 // Update strategy 838 UpdateStrategy *DeploymentStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` 839 // Number of monitoring addon pods 840 Replicas *int32 `yaml:"replicas" json:"replicas,omitempty" norman:"default=1"` 841 // Tolerations for Deployments 842 Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"` 843 } 844 845 type RestoreConfig struct { 846 Restore bool `yaml:"restore" json:"restore,omitempty"` 847 SnapshotName string `yaml:"snapshot_name" json:"snapshotName,omitempty"` 848 } 849 type RotateCertificates struct { 850 // Rotate CA Certificates 851 CACertificates bool `json:"caCertificates,omitempty"` 852 // Services to rotate their certs 853 Services []string `json:"services,omitempty" norman:"type=enum,options=etcd|kubelet|kube-apiserver|kube-proxy|kube-scheduler|kube-controller-manager"` 854 } 855 856 type DNSConfig struct { 857 // DNS provider 858 Provider string `yaml:"provider" json:"provider,omitempty"` 859 // Upstream nameservers 860 UpstreamNameservers []string `yaml:"upstreamnameservers" json:"upstreamnameservers,omitempty"` 861 // ReverseCIDRs 862 ReverseCIDRs []string `yaml:"reversecidrs" json:"reversecidrs,omitempty"` 863 // Stubdomains 864 StubDomains map[string][]string `yaml:"stubdomains" json:"stubdomains,omitempty"` 865 // NodeSelector key pair 866 NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` 867 // Nodelocal DNS 868 Nodelocal *Nodelocal `yaml:"nodelocal" json:"nodelocal,omitempy"` 869 // Update strategy 870 UpdateStrategy *DeploymentStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` 871 // Autoscaler fields to determine number of dns replicas 872 LinearAutoscalerParams *LinearAutoscalerParams `yaml:"linear_autoscaler_params" json:"linearAutoscalerParams,omitempty"` 873 // Tolerations for Deployments 874 Tolerations []v1.Toleration `yaml:"tolerations" json:"tolerations,omitempty"` 875 } 876 877 type Nodelocal struct { 878 // link-local IP for nodelocal DNS 879 IPAddress string `yaml:"ip_address" json:"ipAddress,omitempy"` 880 // Nodelocal DNS daemonset upgrade strategy 881 UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` 882 // NodeSelector key pair 883 NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` 884 } 885 886 // LinearAutoscalerParams contains fields expected by the cluster-proportional-autoscaler https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/blob/0c61e63fc81449abdd52315aa27179a17e5d1580/pkg/autoscaler/controller/linearcontroller/linear_controller.go#L50 887 type LinearAutoscalerParams struct { 888 CoresPerReplica float64 `yaml:"cores_per_replica" json:"coresPerReplica,omitempty" norman:"default=128"` 889 NodesPerReplica float64 `yaml:"nodes_per_replica" json:"nodesPerReplica,omitempty" norman:"default=4"` 890 Min int `yaml:"min" json:"min,omitempty" norman:"default=1"` 891 Max int `yaml:"max" json:"max,omitempty"` 892 PreventSinglePointFailure bool `yaml:"prevent_single_point_failure" json:"preventSinglePointFailure,omitempty" norman:"default=true"` 893 } 894 895 type RKETaint struct { 896 Key string `json:"key,omitempty" yaml:"key"` 897 Value string `json:"value,omitempty" yaml:"value"` 898 Effect v1.TaintEffect `json:"effect,omitempty" yaml:"effect"` 899 TimeAdded *metav1.Time `json:"timeAdded,omitempty" yaml:"timeAdded,omitempty"` 900 } 901 902 type SecretsEncryptionConfig struct { 903 // Enable/disable secrets encryption provider config 904 Enabled bool `yaml:"enabled" json:"enabled,omitempty"` 905 // Custom Encryption Provider configuration object 906 CustomConfig *apiserverconfig.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty" norman:"type=map[json]"` 907 }