github.com/verrazzano/verrazzano@v1.7.0/platform-operator/capi/bootstrap-ocne/v1.7.0/bootstrap-components.yaml (about) 1 # Copyright (c) 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 apiVersion: v1 5 kind: Namespace 6 metadata: 7 labels: 8 cluster.x-k8s.io/provider: bootstrap-ocne 9 control-plane: controller-manager 10 name: capi-ocne-bootstrap-system 11 --- 12 apiVersion: apiextensions.k8s.io/v1 13 kind: CustomResourceDefinition 14 metadata: 15 annotations: 16 cert-manager.io/inject-ca-from: capi-ocne-bootstrap-system/capi-ocne-bootstrap-serving-cert 17 controller-gen.kubebuilder.io/version: v0.10.0 18 labels: 19 cluster.x-k8s.io/provider: bootstrap-ocne 20 cluster.x-k8s.io/v1beta1: v1alpha1 21 name: ocneconfigs.bootstrap.cluster.x-k8s.io 22 spec: 23 conversion: 24 strategy: Webhook 25 webhook: 26 clientConfig: 27 caBundle: Cg== 28 service: 29 name: capi-ocne-bootstrap-webhook-service 30 namespace: capi-ocne-bootstrap-system 31 path: /convert 32 conversionReviewVersions: 33 - v1 34 - v1beta1 35 group: bootstrap.cluster.x-k8s.io 36 names: 37 categories: 38 - cluster-api 39 kind: OCNEConfig 40 listKind: OCNEConfigList 41 plural: ocneconfigs 42 singular: ocneconfig 43 scope: Namespaced 44 versions: 45 - additionalPrinterColumns: 46 - description: Cluster 47 jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] 48 name: Cluster 49 type: string 50 - description: Time duration since creation of OCNEConfig 51 jsonPath: .metadata.creationTimestamp 52 name: Age 53 type: date 54 name: v1alpha1 55 schema: 56 openAPIV3Schema: 57 description: OCNEConfig is the Schema for the ocneconfigs API. 58 properties: 59 apiVersion: 60 description: 'APIVersion defines the versioned schema of this representation 61 of an object. Servers should convert recognized schemas to the latest 62 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 63 type: string 64 kind: 65 description: 'Kind is a string value representing the REST resource this 66 object represents. Servers may infer this from the endpoint the client 67 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 68 type: string 69 metadata: 70 type: object 71 spec: 72 description: OCNEConfigSpec defines the desired state of OCNEConfig. Either 73 ClusterConfiguration and InitConfiguration should be defined or the 74 JoinConfiguration should be defined. 75 properties: 76 clusterConfiguration: 77 description: ClusterConfiguration along with InitConfiguration are 78 the configurations necessary for the init command 79 properties: 80 apiServer: 81 description: APIServer contains extra settings for the API server 82 control plane component 83 properties: 84 certSANs: 85 description: CertSANs sets extra Subject Alternative Names 86 for the API Server signing cert. 87 items: 88 type: string 89 type: array 90 extraArgs: 91 additionalProperties: 92 type: string 93 description: 'ExtraArgs is an extra set of flags to pass to 94 the control plane component. TODO: This is temporary and 95 ideally we would like to switch all components to use ComponentConfig 96 + ConfigMaps.' 97 type: object 98 extraVolumes: 99 description: ExtraVolumes is an extra set of host volumes, 100 mounted to the control plane component. 101 items: 102 description: HostPathMount contains elements describing 103 volumes that are mounted from the host. 104 properties: 105 hostPath: 106 description: HostPath is the path in the host that will 107 be mounted inside the pod. 108 type: string 109 mountPath: 110 description: MountPath is the path inside the pod where 111 hostPath will be mounted. 112 type: string 113 name: 114 description: Name of the volume inside the pod template. 115 type: string 116 pathType: 117 description: PathType is the type of the HostPath. 118 type: string 119 readOnly: 120 description: ReadOnly controls write access to the volume 121 type: boolean 122 required: 123 - hostPath 124 - mountPath 125 - name 126 type: object 127 type: array 128 timeoutForControlPlane: 129 description: TimeoutForControlPlane controls the timeout that 130 we use for API server to appear 131 type: string 132 type: object 133 apiVersion: 134 description: 'APIVersion defines the versioned schema of this 135 representation of an object. Servers should convert recognized 136 schemas to the latest internal value, and may reject unrecognized 137 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 138 type: string 139 certificatesDir: 140 description: 'CertificatesDir specifies where to store or look 141 for all required certificates. NB: if not provided, this will 142 default to `/etc/kubernetes/pki`' 143 type: string 144 clusterName: 145 description: The cluster name 146 type: string 147 controlPlaneEndpoint: 148 description: 'ControlPlaneEndpoint sets a stable IP address or 149 DNS name for the control plane; it can be a valid IP address 150 or a RFC-1123 DNS subdomain, both with optional TCP port. In 151 case the ControlPlaneEndpoint is not specified, the AdvertiseAddress 152 + BindPort are used; in case the ControlPlaneEndpoint is specified 153 but without a TCP port, the BindPort is used. Possible usages 154 are: e.g. In a cluster with more than one control plane instances, 155 this field should be assigned the address of the external load 156 balancer in front of the control plane instances. e.g. in environments 157 with enforced node recycling, the ControlPlaneEndpoint could 158 be used for assigning a stable DNS to the control plane. NB: 159 This value defaults to the first value in the Cluster object 160 status.apiEndpoints array.' 161 type: string 162 controllerManager: 163 description: ControllerManager contains extra settings for the 164 controller manager control plane component 165 properties: 166 extraArgs: 167 additionalProperties: 168 type: string 169 description: 'ExtraArgs is an extra set of flags to pass to 170 the control plane component. TODO: This is temporary and 171 ideally we would like to switch all components to use ComponentConfig 172 + ConfigMaps.' 173 type: object 174 extraVolumes: 175 description: ExtraVolumes is an extra set of host volumes, 176 mounted to the control plane component. 177 items: 178 description: HostPathMount contains elements describing 179 volumes that are mounted from the host. 180 properties: 181 hostPath: 182 description: HostPath is the path in the host that will 183 be mounted inside the pod. 184 type: string 185 mountPath: 186 description: MountPath is the path inside the pod where 187 hostPath will be mounted. 188 type: string 189 name: 190 description: Name of the volume inside the pod template. 191 type: string 192 pathType: 193 description: PathType is the type of the HostPath. 194 type: string 195 readOnly: 196 description: ReadOnly controls write access to the volume 197 type: boolean 198 required: 199 - hostPath 200 - mountPath 201 - name 202 type: object 203 type: array 204 type: object 205 dns: 206 description: DNS defines the options for the DNS add-on installed 207 in the cluster. 208 properties: 209 imageRepository: 210 description: ImageRepository sets the container registry to 211 pull images from. if not set, the ImageRepository defined 212 in ClusterConfiguration will be used instead. 213 type: string 214 imageTag: 215 description: ImageTag allows to specify a tag for the image. 216 In case this value is set, kubeadm does not change automatically 217 the version of the above components during upgrades. 218 type: string 219 type: object 220 etcd: 221 description: 'Etcd holds configuration for etcd. NB: This value 222 defaults to a Local (stacked) etcd' 223 properties: 224 external: 225 description: External describes how to connect to an external 226 etcd cluster Local and External are mutually exclusive 227 properties: 228 caFile: 229 description: CAFile is an SSL Certificate Authority file 230 used to secure etcd communication. Required if using 231 a TLS connection. 232 type: string 233 certFile: 234 description: CertFile is an SSL certification file used 235 to secure etcd communication. Required if using a TLS 236 connection. 237 type: string 238 endpoints: 239 description: Endpoints of etcd members. Required for ExternalEtcd. 240 items: 241 type: string 242 type: array 243 keyFile: 244 description: KeyFile is an SSL key file used to secure 245 etcd communication. Required if using a TLS connection. 246 type: string 247 required: 248 - caFile 249 - certFile 250 - endpoints 251 - keyFile 252 type: object 253 local: 254 description: Local provides configuration knobs for configuring 255 the local etcd instance Local and External are mutually 256 exclusive 257 properties: 258 dataDir: 259 description: DataDir is the directory etcd will place 260 its data. Defaults to "/var/lib/etcd". 261 type: string 262 extraArgs: 263 additionalProperties: 264 type: string 265 description: ExtraArgs are extra arguments provided to 266 the etcd binary when run inside a static pod. 267 type: object 268 imageRepository: 269 description: ImageRepository sets the container registry 270 to pull images from. if not set, the ImageRepository 271 defined in ClusterConfiguration will be used instead. 272 type: string 273 imageTag: 274 description: ImageTag allows to specify a tag for the 275 image. In case this value is set, kubeadm does not change 276 automatically the version of the above components during 277 upgrades. 278 type: string 279 peerCertSANs: 280 description: PeerCertSANs sets extra Subject Alternative 281 Names for the etcd peer signing cert. 282 items: 283 type: string 284 type: array 285 serverCertSANs: 286 description: ServerCertSANs sets extra Subject Alternative 287 Names for the etcd server signing cert. 288 items: 289 type: string 290 type: array 291 type: object 292 type: object 293 featureGates: 294 additionalProperties: 295 type: boolean 296 description: FeatureGates enabled by the user. 297 type: object 298 imageRepository: 299 description: 'ImageRepository sets the container registry to pull 300 images from. * If not set, the default registry of kubeadm will 301 be used, i.e. * registry.k8s.io (new registry): >= v1.22.17, 302 >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): 303 all older versions Please note that when imageRepository is 304 not set we don''t allow upgrades to versions >= v1.22.0 which 305 use the old registry (k8s.gcr.io). Please use a newer patch 306 version with the new registry instead (i.e. >= v1.22.17, >= 307 v1.23.15, >= v1.24.9, >= v1.25.0). * If the version is a CI 308 build (kubernetes version starts with `ci/` or `ci-cross/`) 309 `gcr.io/k8s-staging-ci-images` will be used as a default for 310 control plane components and for kube-proxy, while `registry.k8s.io` 311 will be used for all the other images.' 312 type: string 313 kind: 314 description: 'Kind is a string value representing the REST resource 315 this object represents. Servers may infer this from the endpoint 316 the client submits requests to. Cannot be updated. In CamelCase. 317 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 318 type: string 319 kubernetesVersion: 320 description: 'KubernetesVersion is the target version of the control 321 plane. NB: This value defaults to the Machine object spec.version' 322 type: string 323 networking: 324 description: 'Networking holds configuration for the networking 325 topology of the cluster. NB: This value defaults to the Cluster 326 object spec.clusterNetwork.' 327 properties: 328 dnsDomain: 329 description: DNSDomain is the dns domain used by k8s services. 330 Defaults to "cluster.local". 331 type: string 332 podSubnet: 333 description: PodSubnet is the subnet used by pods. If unset, 334 the API server will not allocate CIDR ranges for every node. 335 Defaults to a comma-delimited string of the Cluster object's 336 spec.clusterNetwork.services.cidrBlocks if that is set 337 type: string 338 serviceSubnet: 339 description: ServiceSubnet is the subnet used by k8s services. 340 Defaults to a comma-delimited string of the Cluster object's 341 spec.clusterNetwork.pods.cidrBlocks, or to "10.96.0.0/12" 342 if that's unset. 343 type: string 344 type: object 345 scheduler: 346 description: Scheduler contains extra settings for the scheduler 347 control plane component 348 properties: 349 extraArgs: 350 additionalProperties: 351 type: string 352 description: 'ExtraArgs is an extra set of flags to pass to 353 the control plane component. TODO: This is temporary and 354 ideally we would like to switch all components to use ComponentConfig 355 + ConfigMaps.' 356 type: object 357 extraVolumes: 358 description: ExtraVolumes is an extra set of host volumes, 359 mounted to the control plane component. 360 items: 361 description: HostPathMount contains elements describing 362 volumes that are mounted from the host. 363 properties: 364 hostPath: 365 description: HostPath is the path in the host that will 366 be mounted inside the pod. 367 type: string 368 mountPath: 369 description: MountPath is the path inside the pod where 370 hostPath will be mounted. 371 type: string 372 name: 373 description: Name of the volume inside the pod template. 374 type: string 375 pathType: 376 description: PathType is the type of the HostPath. 377 type: string 378 readOnly: 379 description: ReadOnly controls write access to the volume 380 type: boolean 381 required: 382 - hostPath 383 - mountPath 384 - name 385 type: object 386 type: array 387 type: object 388 type: object 389 diskSetup: 390 description: DiskSetup specifies options for the creation of partition 391 tables and file systems on devices. 392 properties: 393 filesystems: 394 description: Filesystems specifies the list of file systems to 395 setup. 396 items: 397 description: Filesystem defines the file systems to be created. 398 properties: 399 device: 400 description: Device specifies the device name 401 type: string 402 extraOpts: 403 description: ExtraOpts defined extra options to add to the 404 command for creating the file system. 405 items: 406 type: string 407 type: array 408 filesystem: 409 description: Filesystem specifies the file system type. 410 type: string 411 label: 412 description: Label specifies the file system label to be 413 used. If set to None, no label is used. 414 type: string 415 overwrite: 416 description: Overwrite defines whether or not to overwrite 417 any existing filesystem. If true, any pre-existing file 418 system will be destroyed. Use with Caution. 419 type: boolean 420 partition: 421 description: 'Partition specifies the partition to use. 422 The valid options are: "auto|any", "auto", "any", "none", 423 and <NUM>, where NUM is the actual partition number.' 424 type: string 425 replaceFS: 426 description: 'ReplaceFS is a special directive, used for 427 Microsoft Azure that instructs cloud-init to replace a 428 file system of <FS_TYPE>. NOTE: unless you define a label, 429 this requires the use of the ''any'' partition directive.' 430 type: string 431 required: 432 - device 433 - filesystem 434 - label 435 type: object 436 type: array 437 partitions: 438 description: Partitions specifies the list of the partitions to 439 setup. 440 items: 441 description: Partition defines how to create and layout a partition. 442 properties: 443 device: 444 description: Device is the name of the device. 445 type: string 446 layout: 447 description: Layout specifies the device layout. If it is 448 true, a single partition will be created for the entire 449 device. When layout is false, it means don't partition 450 or ignore existing partitioning. 451 type: boolean 452 overwrite: 453 description: Overwrite describes whether to skip checks 454 and create the partition if a partition or filesystem 455 is found on the device. Use with caution. Default is 'false'. 456 type: boolean 457 tableType: 458 description: 'TableType specifies the tupe of partition 459 table. The following are supported: ''mbr'': default and 460 setups a MS-DOS partition table ''gpt'': setups a GPT 461 partition table' 462 type: string 463 required: 464 - device 465 - layout 466 type: object 467 type: array 468 type: object 469 files: 470 description: Files specifies extra files to be passed to user_data 471 upon creation. 472 items: 473 description: File defines the input for generating write_files in 474 cloud-init. 475 properties: 476 append: 477 description: Append specifies whether to append Content to existing 478 file if Path exists. 479 type: boolean 480 content: 481 description: Content is the actual content of the file. 482 type: string 483 contentFrom: 484 description: ContentFrom is a referenced source of content to 485 populate the file. 486 properties: 487 secret: 488 description: Secret represents a secret that should populate 489 this file. 490 properties: 491 key: 492 description: Key is the key in the secret's data map 493 for this value. 494 type: string 495 name: 496 description: Name of the secret in the KubeadmBootstrapConfig's 497 namespace to use. 498 type: string 499 required: 500 - key 501 - name 502 type: object 503 required: 504 - secret 505 type: object 506 encoding: 507 description: Encoding specifies the encoding of the file contents. 508 enum: 509 - base64 510 - gzip 511 - gzip+base64 512 type: string 513 owner: 514 description: Owner specifies the ownership of the file, e.g. 515 "root:root". 516 type: string 517 path: 518 description: Path specifies the full path on disk where to store 519 the file. 520 type: string 521 permissions: 522 description: Permissions specifies the permissions to assign 523 to the file, e.g. "0640". 524 type: string 525 required: 526 - path 527 type: object 528 type: array 529 format: 530 description: Format specifies the output format of the bootstrap data 531 enum: 532 - cloud-config 533 - ignition 534 type: string 535 ignition: 536 description: Ignition contains Ignition specific configuration. 537 properties: 538 containerLinuxConfig: 539 description: ContainerLinuxConfig contains CLC specific configuration. 540 properties: 541 additionalConfig: 542 description: "AdditionalConfig contains additional configuration 543 to be merged with the Ignition configuration generated by 544 the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 545 \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" 546 type: string 547 strict: 548 description: Strict controls if AdditionalConfig should be 549 strictly parsed. If so, warnings are treated as errors. 550 type: boolean 551 type: object 552 type: object 553 imageConfiguration: 554 description: ImageConfiguration contains configuration required for 555 the base image. 556 properties: 557 dependencies: 558 description: Dependencies contains details about dependencies 559 on the image that can be configured at boot time. 560 properties: 561 skipInstall: 562 description: SkipInstall is the flag that can be used to tell 563 the provider to skip install of OCNE dependencies. The value, 564 if set to true, will be used to skip the overrides installation 565 on OCNEConfigSpec. By default, this value is false. 566 type: boolean 567 type: object 568 proxy: 569 description: Proxy contains proxy server info that may be required 570 for installing dependencies. The value, if specified is used 571 in conjunction with preOCNECommands to install and configure 572 repositories. 573 properties: 574 httpProxy: 575 description: HttpProxy contains http proxy server info that 576 may be required for installing dependencies. The value, 577 if specified is used in conjunction with preOCNECommands 578 to install and configure repositories. 579 type: string 580 httpsProxy: 581 description: HttpsProxy contains https proxy server info that 582 may be required for installing dependencies. The value, 583 if specified is used in conjunction with preOCNECommands 584 to install and configure repositories. 585 type: string 586 noProxy: 587 description: NoProxy contains addresses that needs to be skipped 588 when proxy server is being used. The value, if specified 589 is used in conjunction with preOCNECommands to install and 590 configure repositories. 591 type: string 592 type: object 593 type: object 594 initConfiguration: 595 description: InitConfiguration along with ClusterConfiguration are 596 the configurations necessary for the init command 597 properties: 598 apiVersion: 599 description: 'APIVersion defines the versioned schema of this 600 representation of an object. Servers should convert recognized 601 schemas to the latest internal value, and may reject unrecognized 602 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 603 type: string 604 bootstrapTokens: 605 description: BootstrapTokens is respected at `kubeadm init` time 606 and describes a set of Bootstrap Tokens to create. This information 607 IS NOT uploaded to the kubeadm cluster configmap, partly because 608 of its sensitive nature 609 items: 610 description: BootstrapToken describes one bootstrap token, stored 611 as a Secret in the cluster. 612 properties: 613 description: 614 description: Description sets a human-friendly message why 615 this token exists and what it's used for, so other administrators 616 can know its purpose. 617 type: string 618 expires: 619 description: Expires specifies the timestamp when this token 620 expires. Defaults to being set dynamically at runtime 621 based on the TTL. Expires and TTL are mutually exclusive. 622 format: date-time 623 type: string 624 groups: 625 description: Groups specifies the extra groups that this 626 token will authenticate as when/if used for authentication 627 items: 628 type: string 629 type: array 630 token: 631 description: Token is used for establishing bidirectional 632 trust between nodes and control-planes. Used for joining 633 nodes in the cluster. 634 type: string 635 ttl: 636 description: TTL defines the time to live for this token. 637 Defaults to 24h. Expires and TTL are mutually exclusive. 638 type: string 639 usages: 640 description: Usages describes the ways in which this token 641 can be used. Can by default be used for establishing bidirectional 642 trust, but that can be changed here. 643 items: 644 type: string 645 type: array 646 required: 647 - token 648 type: object 649 type: array 650 kind: 651 description: 'Kind is a string value representing the REST resource 652 this object represents. Servers may infer this from the endpoint 653 the client submits requests to. Cannot be updated. In CamelCase. 654 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 655 type: string 656 localAPIEndpoint: 657 description: LocalAPIEndpoint represents the endpoint of the API 658 server instance that's deployed on this control plane node In 659 HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 660 in the sense that ControlPlaneEndpoint is the global endpoint 661 for the cluster, which then loadbalances the requests to each 662 individual API server. This configuration object lets you customize 663 what IP/DNS name and port the local API server advertises it's 664 accessible on. By default, kubeadm tries to auto-detect the 665 IP of the default interface and use that, but in case that process 666 fails you may set the desired value here. 667 properties: 668 advertiseAddress: 669 description: AdvertiseAddress sets the IP address for the 670 API server to advertise. 671 type: string 672 bindPort: 673 description: BindPort sets the secure port for the API Server 674 to bind to. Defaults to 6443. 675 format: int32 676 type: integer 677 type: object 678 nodeRegistration: 679 description: NodeRegistration holds fields that relate to registering 680 the new control-plane node to the cluster. When used in the 681 context of control plane nodes, NodeRegistration should remain 682 consistent across both InitConfiguration and JoinConfiguration 683 properties: 684 criSocket: 685 description: CRISocket is used to retrieve container runtime 686 info. This information will be annotated to the Node API 687 object, for later re-use 688 type: string 689 ignorePreflightErrors: 690 description: IgnorePreflightErrors provides a slice of pre-flight 691 errors to be ignored when the current node is registered. 692 items: 693 type: string 694 type: array 695 kubeletExtraArgs: 696 additionalProperties: 697 type: string 698 description: KubeletExtraArgs passes through extra arguments 699 to the kubelet. The arguments here are passed to the kubelet 700 command line via the environment file kubeadm writes at 701 runtime for the kubelet to source. This overrides the generic 702 base-level configuration in the kubelet-config-1.X ConfigMap 703 Flags have higher priority when parsing. These values are 704 local and specific to the node kubeadm is executing on. 705 type: object 706 name: 707 description: Name is the `.Metadata.Name` field of the Node 708 API object that will be created in this `kubeadm init` or 709 `kubeadm join` operation. This field is also used in the 710 CommonName field of the kubelet's client certificate to 711 the API server. Defaults to the hostname of the node if 712 not provided. 713 type: string 714 taints: 715 description: 'Taints specifies the taints the Node API object 716 should be registered with. If this field is unset, i.e. 717 nil, in the `kubeadm init` process it will be defaulted 718 to []v1.Taint{''node-role.kubernetes.io/master=""''}. If 719 you don''t want to taint your control-plane node, set this 720 field to an empty slice, i.e. `taints: []` in the YAML file. 721 This field is solely used for Node registration.' 722 items: 723 description: The node this Taint is attached to has the 724 "effect" on any pod that does not tolerate the Taint. 725 properties: 726 effect: 727 description: Required. The effect of the taint on pods 728 that do not tolerate the taint. Valid effects are 729 NoSchedule, PreferNoSchedule and NoExecute. 730 type: string 731 key: 732 description: Required. The taint key to be applied to 733 a node. 734 type: string 735 timeAdded: 736 description: TimeAdded represents the time at which 737 the taint was added. It is only written for NoExecute 738 taints. 739 format: date-time 740 type: string 741 value: 742 description: The taint value corresponding to the taint 743 key. 744 type: string 745 required: 746 - effect 747 - key 748 type: object 749 type: array 750 type: object 751 patches: 752 description: Patches contains options related to applying patches 753 to components deployed by kubeadm during "kubeadm init". The 754 minimum kubernetes version needed to support Patches is v1.22 755 properties: 756 directory: 757 description: Directory is a path to a directory that contains 758 files named "target[suffix][+patchtype].extension". For 759 example, "kube-apiserver0+merge.yaml" or just "etcd.json". 760 "target" can be one of "kube-apiserver", "kube-controller-manager", 761 "kube-scheduler", "etcd". "patchtype" can be one of "strategic" 762 "merge" or "json" and they match the patch formats supported 763 by kubectl. The default "patchtype" is "strategic". "extension" 764 must be either "json" or "yaml". "suffix" is an optional 765 string that can be used to determine which patches are applied 766 first alpha-numerically. These files can be written into 767 the target directory via OCNEConfig.Files which specifies 768 additional files to be created on the machine, either with 769 content inline or by referencing a secret. 770 type: string 771 type: object 772 skipPhases: 773 description: SkipPhases is a list of phases to skip during command 774 execution. The list of phases can be obtained with the "kubeadm 775 init --help" command. This option takes effect only on Kubernetes 776 >=1.22.0. 777 items: 778 type: string 779 type: array 780 type: object 781 joinConfiguration: 782 description: JoinConfiguration is the kubeadm configuration for the 783 join command 784 properties: 785 apiVersion: 786 description: 'APIVersion defines the versioned schema of this 787 representation of an object. Servers should convert recognized 788 schemas to the latest internal value, and may reject unrecognized 789 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 790 type: string 791 caCertPath: 792 description: 'CACertPath is the path to the SSL certificate authority 793 used to secure comunications between node and control-plane. 794 Defaults to "/etc/kubernetes/pki/ca.crt". TODO: revisit when 795 there is defaulting from k/k' 796 type: string 797 controlPlane: 798 description: ControlPlane defines the additional control plane 799 instance to be deployed on the joining node. If nil, no additional 800 control plane instance will be deployed. 801 properties: 802 localAPIEndpoint: 803 description: LocalAPIEndpoint represents the endpoint of the 804 API server instance to be deployed on this node. 805 properties: 806 advertiseAddress: 807 description: AdvertiseAddress sets the IP address for 808 the API server to advertise. 809 type: string 810 bindPort: 811 description: BindPort sets the secure port for the API 812 Server to bind to. Defaults to 6443. 813 format: int32 814 type: integer 815 type: object 816 type: object 817 discovery: 818 description: 'Discovery specifies the options for the kubelet 819 to use during the TLS Bootstrap process TODO: revisit when there 820 is defaulting from k/k' 821 properties: 822 bootstrapToken: 823 description: BootstrapToken is used to set the options for 824 bootstrap token based discovery BootstrapToken and File 825 are mutually exclusive 826 properties: 827 apiServerEndpoint: 828 description: APIServerEndpoint is an IP or domain name 829 to the API server from which info will be fetched. 830 type: string 831 caCertHashes: 832 description: 'CACertHashes specifies a set of public key 833 pins to verify when token-based discovery is used. The 834 root CA found during discovery must match one of these 835 values. Specifying an empty set disables root CA pinning, 836 which can be unsafe. Each hash is specified as "<type>:<value>", 837 where the only currently supported type is "sha256". 838 This is a hex-encoded SHA-256 hash of the Subject Public 839 Key Info (SPKI) object in DER-encoded ASN.1. These hashes 840 can be calculated using, for example, OpenSSL: openssl 841 x509 -pubkey -in ca.crt openssl rsa -pubin -outform 842 der 2>&/dev/null | openssl dgst -sha256 -hex' 843 items: 844 type: string 845 type: array 846 token: 847 description: Token is a token used to validate cluster 848 information fetched from the control-plane. 849 type: string 850 unsafeSkipCAVerification: 851 description: UnsafeSkipCAVerification allows token-based 852 discovery without CA verification via CACertHashes. 853 This can weaken the security of kubeadm since other 854 nodes can impersonate the control-plane. 855 type: boolean 856 required: 857 - token 858 type: object 859 file: 860 description: File is used to specify a file or URL to a kubeconfig 861 file from which to load cluster information BootstrapToken 862 and File are mutually exclusive 863 properties: 864 kubeConfigPath: 865 description: KubeConfigPath is used to specify the actual 866 file path or URL to the kubeconfig file from which to 867 load cluster information 868 type: string 869 required: 870 - kubeConfigPath 871 type: object 872 timeout: 873 description: Timeout modifies the discovery timeout 874 type: string 875 tlsBootstrapToken: 876 description: TLSBootstrapToken is a token used for TLS bootstrapping. 877 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, 878 but can be overridden. If .File is set, this field **must 879 be set** in case the KubeConfigFile does not contain any 880 other authentication information 881 type: string 882 type: object 883 kind: 884 description: 'Kind is a string value representing the REST resource 885 this object represents. Servers may infer this from the endpoint 886 the client submits requests to. Cannot be updated. In CamelCase. 887 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 888 type: string 889 nodeRegistration: 890 description: NodeRegistration holds fields that relate to registering 891 the new control-plane node to the cluster. When used in the 892 context of control plane nodes, NodeRegistration should remain 893 consistent across both InitConfiguration and JoinConfiguration 894 properties: 895 criSocket: 896 description: CRISocket is used to retrieve container runtime 897 info. This information will be annotated to the Node API 898 object, for later re-use 899 type: string 900 ignorePreflightErrors: 901 description: IgnorePreflightErrors provides a slice of pre-flight 902 errors to be ignored when the current node is registered. 903 items: 904 type: string 905 type: array 906 kubeletExtraArgs: 907 additionalProperties: 908 type: string 909 description: KubeletExtraArgs passes through extra arguments 910 to the kubelet. The arguments here are passed to the kubelet 911 command line via the environment file kubeadm writes at 912 runtime for the kubelet to source. This overrides the generic 913 base-level configuration in the kubelet-config-1.X ConfigMap 914 Flags have higher priority when parsing. These values are 915 local and specific to the node kubeadm is executing on. 916 type: object 917 name: 918 description: Name is the `.Metadata.Name` field of the Node 919 API object that will be created in this `kubeadm init` or 920 `kubeadm join` operation. This field is also used in the 921 CommonName field of the kubelet's client certificate to 922 the API server. Defaults to the hostname of the node if 923 not provided. 924 type: string 925 taints: 926 description: 'Taints specifies the taints the Node API object 927 should be registered with. If this field is unset, i.e. 928 nil, in the `kubeadm init` process it will be defaulted 929 to []v1.Taint{''node-role.kubernetes.io/master=""''}. If 930 you don''t want to taint your control-plane node, set this 931 field to an empty slice, i.e. `taints: []` in the YAML file. 932 This field is solely used for Node registration.' 933 items: 934 description: The node this Taint is attached to has the 935 "effect" on any pod that does not tolerate the Taint. 936 properties: 937 effect: 938 description: Required. The effect of the taint on pods 939 that do not tolerate the taint. Valid effects are 940 NoSchedule, PreferNoSchedule and NoExecute. 941 type: string 942 key: 943 description: Required. The taint key to be applied to 944 a node. 945 type: string 946 timeAdded: 947 description: TimeAdded represents the time at which 948 the taint was added. It is only written for NoExecute 949 taints. 950 format: date-time 951 type: string 952 value: 953 description: The taint value corresponding to the taint 954 key. 955 type: string 956 required: 957 - effect 958 - key 959 type: object 960 type: array 961 type: object 962 patches: 963 description: Patches contains options related to applying patches 964 to components deployed by kubeadm during "kubeadm join". The 965 minimum kubernetes version needed to support Patches is v1.22 966 properties: 967 directory: 968 description: Directory is a path to a directory that contains 969 files named "target[suffix][+patchtype].extension". For 970 example, "kube-apiserver0+merge.yaml" or just "etcd.json". 971 "target" can be one of "kube-apiserver", "kube-controller-manager", 972 "kube-scheduler", "etcd". "patchtype" can be one of "strategic" 973 "merge" or "json" and they match the patch formats supported 974 by kubectl. The default "patchtype" is "strategic". "extension" 975 must be either "json" or "yaml". "suffix" is an optional 976 string that can be used to determine which patches are applied 977 first alpha-numerically. These files can be written into 978 the target directory via OCNEConfig.Files which specifies 979 additional files to be created on the machine, either with 980 content inline or by referencing a secret. 981 type: string 982 type: object 983 skipPhases: 984 description: SkipPhases is a list of phases to skip during command 985 execution. The list of phases can be obtained with the "kubeadm 986 init --help" command. This option takes effect only on Kubernetes 987 >=1.22.0. 988 items: 989 type: string 990 type: array 991 type: object 992 mounts: 993 description: Mounts specifies a list of mount points to be setup. 994 items: 995 description: MountPoints defines input for generated mounts in cloud-init. 996 items: 997 type: string 998 type: array 999 type: array 1000 ntp: 1001 description: NTP specifies NTP configuration 1002 properties: 1003 enabled: 1004 description: Enabled specifies whether NTP should be enabled 1005 type: boolean 1006 servers: 1007 description: Servers specifies which NTP servers to use 1008 items: 1009 type: string 1010 type: array 1011 type: object 1012 postOCNECommands: 1013 description: PostOCNECommands specifies extra commands to run after 1014 kubeadm runs 1015 items: 1016 type: string 1017 type: array 1018 preOCNECommands: 1019 description: PreOCNECommands specifies extra commands to run before 1020 kubeadm runs 1021 items: 1022 type: string 1023 type: array 1024 useExperimentalRetryJoin: 1025 description: "UseExperimentalRetryJoin replaces a basic kubeadm command 1026 with a shell script with retries for joins. \n This is meant to 1027 be an experimental temporary workaround on some environments where 1028 joins fail due to timing (and other issues). The long term goal 1029 is to add retries to kubeadm proper and use that functionality. 1030 \n This will add about 40KB to userdata \n For more information, 1031 refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 1032 \n Deprecated: This experimental fix is no longer needed and this 1033 field will be removed in a future release. When removing also remove 1034 from staticcheck exclude-rules for SA1019 in golangci.yml" 1035 type: boolean 1036 users: 1037 description: Users specifies extra users to add 1038 items: 1039 description: User defines the input for a generated user in cloud-init. 1040 properties: 1041 gecos: 1042 description: Gecos specifies the gecos to use for the user 1043 type: string 1044 groups: 1045 description: Groups specifies the additional groups for the 1046 user 1047 type: string 1048 homeDir: 1049 description: HomeDir specifies the home directory to use for 1050 the user 1051 type: string 1052 inactive: 1053 description: Inactive specifies whether to mark the user as 1054 inactive 1055 type: boolean 1056 lockPassword: 1057 description: LockPassword specifies if password login should 1058 be disabled 1059 type: boolean 1060 name: 1061 description: Name specifies the user name 1062 type: string 1063 passwd: 1064 description: Passwd specifies a hashed password for the user 1065 type: string 1066 passwdFrom: 1067 description: PasswdFrom is a referenced source of passwd to 1068 populate the passwd. 1069 properties: 1070 secret: 1071 description: Secret represents a secret that should populate 1072 this password. 1073 properties: 1074 key: 1075 description: Key is the key in the secret's data map 1076 for this value. 1077 type: string 1078 name: 1079 description: Name of the secret in the KubeadmBootstrapConfig's 1080 namespace to use. 1081 type: string 1082 required: 1083 - key 1084 - name 1085 type: object 1086 required: 1087 - secret 1088 type: object 1089 primaryGroup: 1090 description: PrimaryGroup specifies the primary group for the 1091 user 1092 type: string 1093 shell: 1094 description: Shell specifies the user's shell 1095 type: string 1096 sshAuthorizedKeys: 1097 description: SSHAuthorizedKeys specifies a list of ssh authorized 1098 keys for the user 1099 items: 1100 type: string 1101 type: array 1102 sudo: 1103 description: Sudo specifies a sudo role for the user 1104 type: string 1105 required: 1106 - name 1107 type: object 1108 type: array 1109 verbosity: 1110 description: Verbosity is the number for the kubeadm log level verbosity. 1111 It overrides the `--v` flag in kubeadm commands. 1112 format: int32 1113 type: integer 1114 type: object 1115 status: 1116 description: OCNEConfigStatus defines the observed state of OCNEConfig. 1117 properties: 1118 conditions: 1119 description: Conditions defines current service state of the OCNEConfig. 1120 items: 1121 description: Condition defines an observation of a Cluster API resource 1122 operational state. 1123 properties: 1124 lastTransitionTime: 1125 description: Last time the condition transitioned from one status 1126 to another. This should be when the underlying condition changed. 1127 If that is not known, then using the time when the API field 1128 changed is acceptable. 1129 format: date-time 1130 type: string 1131 message: 1132 description: A human readable message indicating details about 1133 the transition. This field may be empty. 1134 type: string 1135 reason: 1136 description: The reason for the condition's last transition 1137 in CamelCase. The specific API may choose whether or not this 1138 field is considered a guaranteed API. This field may not be 1139 empty. 1140 type: string 1141 severity: 1142 description: Severity provides an explicit classification of 1143 Reason code, so the users or machines can immediately understand 1144 the current situation and act accordingly. The Severity field 1145 MUST be set only when Status=False. 1146 type: string 1147 status: 1148 description: Status of the condition, one of True, False, Unknown. 1149 type: string 1150 type: 1151 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 1152 Many .condition.type values are consistent across resources 1153 like Available, but because arbitrary conditions can be useful 1154 (see .node.status.conditions), the ability to deconflict is 1155 important. 1156 type: string 1157 required: 1158 - lastTransitionTime 1159 - status 1160 - type 1161 type: object 1162 type: array 1163 dataSecretName: 1164 description: DataSecretName is the name of the secret that stores 1165 the bootstrap data script. 1166 type: string 1167 failureMessage: 1168 description: FailureMessage will be set on non-retryable errors 1169 type: string 1170 failureReason: 1171 description: FailureReason will be set on non-retryable errors 1172 type: string 1173 observedGeneration: 1174 description: ObservedGeneration is the latest generation observed 1175 by the controller. 1176 format: int64 1177 type: integer 1178 ready: 1179 description: Ready indicates the BootstrapData field is ready to be 1180 consumed 1181 type: boolean 1182 type: object 1183 type: object 1184 served: true 1185 storage: true 1186 subresources: 1187 status: {} 1188 --- 1189 apiVersion: apiextensions.k8s.io/v1 1190 kind: CustomResourceDefinition 1191 metadata: 1192 annotations: 1193 cert-manager.io/inject-ca-from: capi-ocne-bootstrap-system/capi-ocne-bootstrap-serving-cert 1194 controller-gen.kubebuilder.io/version: v0.10.0 1195 labels: 1196 cluster.x-k8s.io/provider: bootstrap-ocne 1197 cluster.x-k8s.io/v1beta1: v1alpha1 1198 name: ocneconfigtemplates.bootstrap.cluster.x-k8s.io 1199 spec: 1200 conversion: 1201 strategy: Webhook 1202 webhook: 1203 clientConfig: 1204 caBundle: Cg== 1205 service: 1206 name: capi-ocne-bootstrap-webhook-service 1207 namespace: capi-ocne-bootstrap-system 1208 path: /convert 1209 conversionReviewVersions: 1210 - v1 1211 - v1beta1 1212 group: bootstrap.cluster.x-k8s.io 1213 names: 1214 categories: 1215 - cluster-api 1216 kind: OCNEConfigTemplate 1217 listKind: OCNEConfigTemplateList 1218 plural: ocneconfigtemplates 1219 singular: ocneconfigtemplate 1220 scope: Namespaced 1221 versions: 1222 - additionalPrinterColumns: 1223 - description: Time duration since creation of OCNEConfigTemplate 1224 jsonPath: .metadata.creationTimestamp 1225 name: Age 1226 type: date 1227 name: v1alpha1 1228 schema: 1229 openAPIV3Schema: 1230 description: OCNEConfigTemplate is the Schema for the ocneconfigtemplates 1231 API. 1232 properties: 1233 apiVersion: 1234 description: 'APIVersion defines the versioned schema of this representation 1235 of an object. Servers should convert recognized schemas to the latest 1236 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1237 type: string 1238 kind: 1239 description: 'Kind is a string value representing the REST resource this 1240 object represents. Servers may infer this from the endpoint the client 1241 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1242 type: string 1243 metadata: 1244 type: object 1245 spec: 1246 description: OCNEConfigTemplateSpec defines the desired state of OCNEConfigTemplate. 1247 properties: 1248 template: 1249 description: OCNEConfigTemplateResource defines the Template structure. 1250 properties: 1251 spec: 1252 description: OCNEConfigSpec defines the desired state of OCNEConfig. 1253 Either ClusterConfiguration and InitConfiguration should be 1254 defined or the JoinConfiguration should be defined. 1255 properties: 1256 clusterConfiguration: 1257 description: ClusterConfiguration along with InitConfiguration 1258 are the configurations necessary for the init command 1259 properties: 1260 apiServer: 1261 description: APIServer contains extra settings for the 1262 API server control plane component 1263 properties: 1264 certSANs: 1265 description: CertSANs sets extra Subject Alternative 1266 Names for the API Server signing cert. 1267 items: 1268 type: string 1269 type: array 1270 extraArgs: 1271 additionalProperties: 1272 type: string 1273 description: 'ExtraArgs is an extra set of flags to 1274 pass to the control plane component. TODO: This 1275 is temporary and ideally we would like to switch 1276 all components to use ComponentConfig + ConfigMaps.' 1277 type: object 1278 extraVolumes: 1279 description: ExtraVolumes is an extra set of host 1280 volumes, mounted to the control plane component. 1281 items: 1282 description: HostPathMount contains elements describing 1283 volumes that are mounted from the host. 1284 properties: 1285 hostPath: 1286 description: HostPath is the path in the host 1287 that will be mounted inside the pod. 1288 type: string 1289 mountPath: 1290 description: MountPath is the path inside the 1291 pod where hostPath will be mounted. 1292 type: string 1293 name: 1294 description: Name of the volume inside the pod 1295 template. 1296 type: string 1297 pathType: 1298 description: PathType is the type of the HostPath. 1299 type: string 1300 readOnly: 1301 description: ReadOnly controls write access 1302 to the volume 1303 type: boolean 1304 required: 1305 - hostPath 1306 - mountPath 1307 - name 1308 type: object 1309 type: array 1310 timeoutForControlPlane: 1311 description: TimeoutForControlPlane controls the timeout 1312 that we use for API server to appear 1313 type: string 1314 type: object 1315 apiVersion: 1316 description: 'APIVersion defines the versioned schema 1317 of this representation of an object. Servers should 1318 convert recognized schemas to the latest internal value, 1319 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1320 type: string 1321 certificatesDir: 1322 description: 'CertificatesDir specifies where to store 1323 or look for all required certificates. NB: if not provided, 1324 this will default to `/etc/kubernetes/pki`' 1325 type: string 1326 clusterName: 1327 description: The cluster name 1328 type: string 1329 controlPlaneEndpoint: 1330 description: 'ControlPlaneEndpoint sets a stable IP address 1331 or DNS name for the control plane; it can be a valid 1332 IP address or a RFC-1123 DNS subdomain, both with optional 1333 TCP port. In case the ControlPlaneEndpoint is not specified, 1334 the AdvertiseAddress + BindPort are used; in case the 1335 ControlPlaneEndpoint is specified but without a TCP 1336 port, the BindPort is used. Possible usages are: e.g. 1337 In a cluster with more than one control plane instances, 1338 this field should be assigned the address of the external 1339 load balancer in front of the control plane instances. 1340 e.g. in environments with enforced node recycling, 1341 the ControlPlaneEndpoint could be used for assigning 1342 a stable DNS to the control plane. NB: This value defaults 1343 to the first value in the Cluster object status.apiEndpoints 1344 array.' 1345 type: string 1346 controllerManager: 1347 description: ControllerManager contains extra settings 1348 for the controller manager control plane component 1349 properties: 1350 extraArgs: 1351 additionalProperties: 1352 type: string 1353 description: 'ExtraArgs is an extra set of flags to 1354 pass to the control plane component. TODO: This 1355 is temporary and ideally we would like to switch 1356 all components to use ComponentConfig + ConfigMaps.' 1357 type: object 1358 extraVolumes: 1359 description: ExtraVolumes is an extra set of host 1360 volumes, mounted to the control plane component. 1361 items: 1362 description: HostPathMount contains elements describing 1363 volumes that are mounted from the host. 1364 properties: 1365 hostPath: 1366 description: HostPath is the path in the host 1367 that will be mounted inside the pod. 1368 type: string 1369 mountPath: 1370 description: MountPath is the path inside the 1371 pod where hostPath will be mounted. 1372 type: string 1373 name: 1374 description: Name of the volume inside the pod 1375 template. 1376 type: string 1377 pathType: 1378 description: PathType is the type of the HostPath. 1379 type: string 1380 readOnly: 1381 description: ReadOnly controls write access 1382 to the volume 1383 type: boolean 1384 required: 1385 - hostPath 1386 - mountPath 1387 - name 1388 type: object 1389 type: array 1390 type: object 1391 dns: 1392 description: DNS defines the options for the DNS add-on 1393 installed in the cluster. 1394 properties: 1395 imageRepository: 1396 description: ImageRepository sets the container registry 1397 to pull images from. if not set, the ImageRepository 1398 defined in ClusterConfiguration will be used instead. 1399 type: string 1400 imageTag: 1401 description: ImageTag allows to specify a tag for 1402 the image. In case this value is set, kubeadm does 1403 not change automatically the version of the above 1404 components during upgrades. 1405 type: string 1406 type: object 1407 etcd: 1408 description: 'Etcd holds configuration for etcd. NB: This 1409 value defaults to a Local (stacked) etcd' 1410 properties: 1411 external: 1412 description: External describes how to connect to 1413 an external etcd cluster Local and External are 1414 mutually exclusive 1415 properties: 1416 caFile: 1417 description: CAFile is an SSL Certificate Authority 1418 file used to secure etcd communication. Required 1419 if using a TLS connection. 1420 type: string 1421 certFile: 1422 description: CertFile is an SSL certification 1423 file used to secure etcd communication. Required 1424 if using a TLS connection. 1425 type: string 1426 endpoints: 1427 description: Endpoints of etcd members. Required 1428 for ExternalEtcd. 1429 items: 1430 type: string 1431 type: array 1432 keyFile: 1433 description: KeyFile is an SSL key file used to 1434 secure etcd communication. Required if using 1435 a TLS connection. 1436 type: string 1437 required: 1438 - caFile 1439 - certFile 1440 - endpoints 1441 - keyFile 1442 type: object 1443 local: 1444 description: Local provides configuration knobs for 1445 configuring the local etcd instance Local and External 1446 are mutually exclusive 1447 properties: 1448 dataDir: 1449 description: DataDir is the directory etcd will 1450 place its data. Defaults to "/var/lib/etcd". 1451 type: string 1452 extraArgs: 1453 additionalProperties: 1454 type: string 1455 description: ExtraArgs are extra arguments provided 1456 to the etcd binary when run inside a static 1457 pod. 1458 type: object 1459 imageRepository: 1460 description: ImageRepository sets the container 1461 registry to pull images from. if not set, the 1462 ImageRepository defined in ClusterConfiguration 1463 will be used instead. 1464 type: string 1465 imageTag: 1466 description: ImageTag allows to specify a tag 1467 for the image. In case this value is set, kubeadm 1468 does not change automatically the version of 1469 the above components during upgrades. 1470 type: string 1471 peerCertSANs: 1472 description: PeerCertSANs sets extra Subject Alternative 1473 Names for the etcd peer signing cert. 1474 items: 1475 type: string 1476 type: array 1477 serverCertSANs: 1478 description: ServerCertSANs sets extra Subject 1479 Alternative Names for the etcd server signing 1480 cert. 1481 items: 1482 type: string 1483 type: array 1484 type: object 1485 type: object 1486 featureGates: 1487 additionalProperties: 1488 type: boolean 1489 description: FeatureGates enabled by the user. 1490 type: object 1491 imageRepository: 1492 description: 'ImageRepository sets the container registry 1493 to pull images from. * If not set, the default registry 1494 of kubeadm will be used, i.e. * registry.k8s.io (new 1495 registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= 1496 v1.25.0 * k8s.gcr.io (old registry): all older versions 1497 Please note that when imageRepository is not set we 1498 don''t allow upgrades to versions >= v1.22.0 which use 1499 the old registry (k8s.gcr.io). Please use a newer patch 1500 version with the new registry instead (i.e. >= v1.22.17, 1501 >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version 1502 is a CI build (kubernetes version starts with `ci/` 1503 or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will 1504 be used as a default for control plane components and 1505 for kube-proxy, while `registry.k8s.io` will be used 1506 for all the other images.' 1507 type: string 1508 kind: 1509 description: 'Kind is a string value representing the 1510 REST resource this object represents. Servers may infer 1511 this from the endpoint the client submits requests to. 1512 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1513 type: string 1514 kubernetesVersion: 1515 description: 'KubernetesVersion is the target version 1516 of the control plane. NB: This value defaults to the 1517 Machine object spec.version' 1518 type: string 1519 networking: 1520 description: 'Networking holds configuration for the networking 1521 topology of the cluster. NB: This value defaults to 1522 the Cluster object spec.clusterNetwork.' 1523 properties: 1524 dnsDomain: 1525 description: DNSDomain is the dns domain used by k8s 1526 services. Defaults to "cluster.local". 1527 type: string 1528 podSubnet: 1529 description: PodSubnet is the subnet used by pods. 1530 If unset, the API server will not allocate CIDR 1531 ranges for every node. Defaults to a comma-delimited 1532 string of the Cluster object's spec.clusterNetwork.services.cidrBlocks 1533 if that is set 1534 type: string 1535 serviceSubnet: 1536 description: ServiceSubnet is the subnet used by k8s 1537 services. Defaults to a comma-delimited string of 1538 the Cluster object's spec.clusterNetwork.pods.cidrBlocks, 1539 or to "10.96.0.0/12" if that's unset. 1540 type: string 1541 type: object 1542 scheduler: 1543 description: Scheduler contains extra settings for the 1544 scheduler control plane component 1545 properties: 1546 extraArgs: 1547 additionalProperties: 1548 type: string 1549 description: 'ExtraArgs is an extra set of flags to 1550 pass to the control plane component. TODO: This 1551 is temporary and ideally we would like to switch 1552 all components to use ComponentConfig + ConfigMaps.' 1553 type: object 1554 extraVolumes: 1555 description: ExtraVolumes is an extra set of host 1556 volumes, mounted to the control plane component. 1557 items: 1558 description: HostPathMount contains elements describing 1559 volumes that are mounted from the host. 1560 properties: 1561 hostPath: 1562 description: HostPath is the path in the host 1563 that will be mounted inside the pod. 1564 type: string 1565 mountPath: 1566 description: MountPath is the path inside the 1567 pod where hostPath will be mounted. 1568 type: string 1569 name: 1570 description: Name of the volume inside the pod 1571 template. 1572 type: string 1573 pathType: 1574 description: PathType is the type of the HostPath. 1575 type: string 1576 readOnly: 1577 description: ReadOnly controls write access 1578 to the volume 1579 type: boolean 1580 required: 1581 - hostPath 1582 - mountPath 1583 - name 1584 type: object 1585 type: array 1586 type: object 1587 type: object 1588 diskSetup: 1589 description: DiskSetup specifies options for the creation 1590 of partition tables and file systems on devices. 1591 properties: 1592 filesystems: 1593 description: Filesystems specifies the list of file systems 1594 to setup. 1595 items: 1596 description: Filesystem defines the file systems to 1597 be created. 1598 properties: 1599 device: 1600 description: Device specifies the device name 1601 type: string 1602 extraOpts: 1603 description: ExtraOpts defined extra options to 1604 add to the command for creating the file system. 1605 items: 1606 type: string 1607 type: array 1608 filesystem: 1609 description: Filesystem specifies the file system 1610 type. 1611 type: string 1612 label: 1613 description: Label specifies the file system label 1614 to be used. If set to None, no label is used. 1615 type: string 1616 overwrite: 1617 description: Overwrite defines whether or not to 1618 overwrite any existing filesystem. If true, any 1619 pre-existing file system will be destroyed. Use 1620 with Caution. 1621 type: boolean 1622 partition: 1623 description: 'Partition specifies the partition 1624 to use. The valid options are: "auto|any", "auto", 1625 "any", "none", and <NUM>, where NUM is the actual 1626 partition number.' 1627 type: string 1628 replaceFS: 1629 description: 'ReplaceFS is a special directive, 1630 used for Microsoft Azure that instructs cloud-init 1631 to replace a file system of <FS_TYPE>. NOTE: unless 1632 you define a label, this requires the use of the 1633 ''any'' partition directive.' 1634 type: string 1635 required: 1636 - device 1637 - filesystem 1638 - label 1639 type: object 1640 type: array 1641 partitions: 1642 description: Partitions specifies the list of the partitions 1643 to setup. 1644 items: 1645 description: Partition defines how to create and layout 1646 a partition. 1647 properties: 1648 device: 1649 description: Device is the name of the device. 1650 type: string 1651 layout: 1652 description: Layout specifies the device layout. 1653 If it is true, a single partition will be created 1654 for the entire device. When layout is false, it 1655 means don't partition or ignore existing partitioning. 1656 type: boolean 1657 overwrite: 1658 description: Overwrite describes whether to skip 1659 checks and create the partition if a partition 1660 or filesystem is found on the device. Use with 1661 caution. Default is 'false'. 1662 type: boolean 1663 tableType: 1664 description: 'TableType specifies the tupe of partition 1665 table. The following are supported: ''mbr'': default 1666 and setups a MS-DOS partition table ''gpt'': setups 1667 a GPT partition table' 1668 type: string 1669 required: 1670 - device 1671 - layout 1672 type: object 1673 type: array 1674 type: object 1675 files: 1676 description: Files specifies extra files to be passed to user_data 1677 upon creation. 1678 items: 1679 description: File defines the input for generating write_files 1680 in cloud-init. 1681 properties: 1682 append: 1683 description: Append specifies whether to append Content 1684 to existing file if Path exists. 1685 type: boolean 1686 content: 1687 description: Content is the actual content of the file. 1688 type: string 1689 contentFrom: 1690 description: ContentFrom is a referenced source of content 1691 to populate the file. 1692 properties: 1693 secret: 1694 description: Secret represents a secret that should 1695 populate this file. 1696 properties: 1697 key: 1698 description: Key is the key in the secret's 1699 data map for this value. 1700 type: string 1701 name: 1702 description: Name of the secret in the KubeadmBootstrapConfig's 1703 namespace to use. 1704 type: string 1705 required: 1706 - key 1707 - name 1708 type: object 1709 required: 1710 - secret 1711 type: object 1712 encoding: 1713 description: Encoding specifies the encoding of the 1714 file contents. 1715 enum: 1716 - base64 1717 - gzip 1718 - gzip+base64 1719 type: string 1720 owner: 1721 description: Owner specifies the ownership of the file, 1722 e.g. "root:root". 1723 type: string 1724 path: 1725 description: Path specifies the full path on disk where 1726 to store the file. 1727 type: string 1728 permissions: 1729 description: Permissions specifies the permissions to 1730 assign to the file, e.g. "0640". 1731 type: string 1732 required: 1733 - path 1734 type: object 1735 type: array 1736 format: 1737 description: Format specifies the output format of the bootstrap 1738 data 1739 enum: 1740 - cloud-config 1741 - ignition 1742 type: string 1743 ignition: 1744 description: Ignition contains Ignition specific configuration. 1745 properties: 1746 containerLinuxConfig: 1747 description: ContainerLinuxConfig contains CLC specific 1748 configuration. 1749 properties: 1750 additionalConfig: 1751 description: "AdditionalConfig contains additional 1752 configuration to be merged with the Ignition configuration 1753 generated by the bootstrapper controller. More info: 1754 https://coreos.github.io/ignition/operator-notes/#config-merging 1755 \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" 1756 type: string 1757 strict: 1758 description: Strict controls if AdditionalConfig should 1759 be strictly parsed. If so, warnings are treated 1760 as errors. 1761 type: boolean 1762 type: object 1763 type: object 1764 imageConfiguration: 1765 description: ImageConfiguration contains configuration required 1766 for the base image. 1767 properties: 1768 dependencies: 1769 description: Dependencies contains details about dependencies 1770 on the image that can be configured at boot time. 1771 properties: 1772 skipInstall: 1773 description: SkipInstall is the flag that can be used 1774 to tell the provider to skip install of OCNE dependencies. 1775 The value, if set to true, will be used to skip 1776 the overrides installation on OCNEConfigSpec. By 1777 default, this value is false. 1778 type: boolean 1779 type: object 1780 proxy: 1781 description: Proxy contains proxy server info that may 1782 be required for installing dependencies. The value, 1783 if specified is used in conjunction with preOCNECommands 1784 to install and configure repositories. 1785 properties: 1786 httpProxy: 1787 description: HttpProxy contains http proxy server 1788 info that may be required for installing dependencies. 1789 The value, if specified is used in conjunction with 1790 preOCNECommands to install and configure repositories. 1791 type: string 1792 httpsProxy: 1793 description: HttpsProxy contains https proxy server 1794 info that may be required for installing dependencies. 1795 The value, if specified is used in conjunction with 1796 preOCNECommands to install and configure repositories. 1797 type: string 1798 noProxy: 1799 description: NoProxy contains addresses that needs 1800 to be skipped when proxy server is being used. The 1801 value, if specified is used in conjunction with 1802 preOCNECommands to install and configure repositories. 1803 type: string 1804 type: object 1805 type: object 1806 initConfiguration: 1807 description: InitConfiguration along with ClusterConfiguration 1808 are the configurations necessary for the init command 1809 properties: 1810 apiVersion: 1811 description: 'APIVersion defines the versioned schema 1812 of this representation of an object. Servers should 1813 convert recognized schemas to the latest internal value, 1814 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1815 type: string 1816 bootstrapTokens: 1817 description: BootstrapTokens is respected at `kubeadm 1818 init` time and describes a set of Bootstrap Tokens to 1819 create. This information IS NOT uploaded to the kubeadm 1820 cluster configmap, partly because of its sensitive nature 1821 items: 1822 description: BootstrapToken describes one bootstrap 1823 token, stored as a Secret in the cluster. 1824 properties: 1825 description: 1826 description: Description sets a human-friendly message 1827 why this token exists and what it's used for, 1828 so other administrators can know its purpose. 1829 type: string 1830 expires: 1831 description: Expires specifies the timestamp when 1832 this token expires. Defaults to being set dynamically 1833 at runtime based on the TTL. Expires and TTL are 1834 mutually exclusive. 1835 format: date-time 1836 type: string 1837 groups: 1838 description: Groups specifies the extra groups that 1839 this token will authenticate as when/if used for 1840 authentication 1841 items: 1842 type: string 1843 type: array 1844 token: 1845 description: Token is used for establishing bidirectional 1846 trust between nodes and control-planes. Used for 1847 joining nodes in the cluster. 1848 type: string 1849 ttl: 1850 description: TTL defines the time to live for this 1851 token. Defaults to 24h. Expires and TTL are mutually 1852 exclusive. 1853 type: string 1854 usages: 1855 description: Usages describes the ways in which 1856 this token can be used. Can by default be used 1857 for establishing bidirectional trust, but that 1858 can be changed here. 1859 items: 1860 type: string 1861 type: array 1862 required: 1863 - token 1864 type: object 1865 type: array 1866 kind: 1867 description: 'Kind is a string value representing the 1868 REST resource this object represents. Servers may infer 1869 this from the endpoint the client submits requests to. 1870 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1871 type: string 1872 localAPIEndpoint: 1873 description: LocalAPIEndpoint represents the endpoint 1874 of the API server instance that's deployed on this control 1875 plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 1876 in the sense that ControlPlaneEndpoint is the global 1877 endpoint for the cluster, which then loadbalances the 1878 requests to each individual API server. This configuration 1879 object lets you customize what IP/DNS name and port 1880 the local API server advertises it's accessible on. 1881 By default, kubeadm tries to auto-detect the IP of the 1882 default interface and use that, but in case that process 1883 fails you may set the desired value here. 1884 properties: 1885 advertiseAddress: 1886 description: AdvertiseAddress sets the IP address 1887 for the API server to advertise. 1888 type: string 1889 bindPort: 1890 description: BindPort sets the secure port for the 1891 API Server to bind to. Defaults to 6443. 1892 format: int32 1893 type: integer 1894 type: object 1895 nodeRegistration: 1896 description: NodeRegistration holds fields that relate 1897 to registering the new control-plane node to the cluster. 1898 When used in the context of control plane nodes, NodeRegistration 1899 should remain consistent across both InitConfiguration 1900 and JoinConfiguration 1901 properties: 1902 criSocket: 1903 description: CRISocket is used to retrieve container 1904 runtime info. This information will be annotated 1905 to the Node API object, for later re-use 1906 type: string 1907 ignorePreflightErrors: 1908 description: IgnorePreflightErrors provides a slice 1909 of pre-flight errors to be ignored when the current 1910 node is registered. 1911 items: 1912 type: string 1913 type: array 1914 kubeletExtraArgs: 1915 additionalProperties: 1916 type: string 1917 description: KubeletExtraArgs passes through extra 1918 arguments to the kubelet. The arguments here are 1919 passed to the kubelet command line via the environment 1920 file kubeadm writes at runtime for the kubelet to 1921 source. This overrides the generic base-level configuration 1922 in the kubelet-config-1.X ConfigMap Flags have higher 1923 priority when parsing. These values are local and 1924 specific to the node kubeadm is executing on. 1925 type: object 1926 name: 1927 description: Name is the `.Metadata.Name` field of 1928 the Node API object that will be created in this 1929 `kubeadm init` or `kubeadm join` operation. This 1930 field is also used in the CommonName field of the 1931 kubelet's client certificate to the API server. 1932 Defaults to the hostname of the node if not provided. 1933 type: string 1934 taints: 1935 description: 'Taints specifies the taints the Node 1936 API object should be registered with. If this field 1937 is unset, i.e. nil, in the `kubeadm init` process 1938 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 1939 If you don''t want to taint your control-plane node, 1940 set this field to an empty slice, i.e. `taints: 1941 []` in the YAML file. This field is solely used 1942 for Node registration.' 1943 items: 1944 description: The node this Taint is attached to 1945 has the "effect" on any pod that does not tolerate 1946 the Taint. 1947 properties: 1948 effect: 1949 description: Required. The effect of the taint 1950 on pods that do not tolerate the taint. Valid 1951 effects are NoSchedule, PreferNoSchedule and 1952 NoExecute. 1953 type: string 1954 key: 1955 description: Required. The taint key to be applied 1956 to a node. 1957 type: string 1958 timeAdded: 1959 description: TimeAdded represents the time at 1960 which the taint was added. It is only written 1961 for NoExecute taints. 1962 format: date-time 1963 type: string 1964 value: 1965 description: The taint value corresponding to 1966 the taint key. 1967 type: string 1968 required: 1969 - effect 1970 - key 1971 type: object 1972 type: array 1973 type: object 1974 patches: 1975 description: Patches contains options related to applying 1976 patches to components deployed by kubeadm during "kubeadm 1977 init". The minimum kubernetes version needed to support 1978 Patches is v1.22 1979 properties: 1980 directory: 1981 description: Directory is a path to a directory that 1982 contains files named "target[suffix][+patchtype].extension". 1983 For example, "kube-apiserver0+merge.yaml" or just 1984 "etcd.json". "target" can be one of "kube-apiserver", 1985 "kube-controller-manager", "kube-scheduler", "etcd". 1986 "patchtype" can be one of "strategic" "merge" or 1987 "json" and they match the patch formats supported 1988 by kubectl. The default "patchtype" is "strategic". 1989 "extension" must be either "json" or "yaml". "suffix" 1990 is an optional string that can be used to determine 1991 which patches are applied first alpha-numerically. 1992 These files can be written into the target directory 1993 via OCNEConfig.Files which specifies additional 1994 files to be created on the machine, either with 1995 content inline or by referencing a secret. 1996 type: string 1997 type: object 1998 skipPhases: 1999 description: SkipPhases is a list of phases to skip during 2000 command execution. The list of phases can be obtained 2001 with the "kubeadm init --help" command. This option 2002 takes effect only on Kubernetes >=1.22.0. 2003 items: 2004 type: string 2005 type: array 2006 type: object 2007 joinConfiguration: 2008 description: JoinConfiguration is the kubeadm configuration 2009 for the join command 2010 properties: 2011 apiVersion: 2012 description: 'APIVersion defines the versioned schema 2013 of this representation of an object. Servers should 2014 convert recognized schemas to the latest internal value, 2015 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2016 type: string 2017 caCertPath: 2018 description: 'CACertPath is the path to the SSL certificate 2019 authority used to secure comunications between node 2020 and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 2021 TODO: revisit when there is defaulting from k/k' 2022 type: string 2023 controlPlane: 2024 description: ControlPlane defines the additional control 2025 plane instance to be deployed on the joining node. If 2026 nil, no additional control plane instance will be deployed. 2027 properties: 2028 localAPIEndpoint: 2029 description: LocalAPIEndpoint represents the endpoint 2030 of the API server instance to be deployed on this 2031 node. 2032 properties: 2033 advertiseAddress: 2034 description: AdvertiseAddress sets the IP address 2035 for the API server to advertise. 2036 type: string 2037 bindPort: 2038 description: BindPort sets the secure port for 2039 the API Server to bind to. Defaults to 6443. 2040 format: int32 2041 type: integer 2042 type: object 2043 type: object 2044 discovery: 2045 description: 'Discovery specifies the options for the 2046 kubelet to use during the TLS Bootstrap process TODO: 2047 revisit when there is defaulting from k/k' 2048 properties: 2049 bootstrapToken: 2050 description: BootstrapToken is used to set the options 2051 for bootstrap token based discovery BootstrapToken 2052 and File are mutually exclusive 2053 properties: 2054 apiServerEndpoint: 2055 description: APIServerEndpoint is an IP or domain 2056 name to the API server from which info will 2057 be fetched. 2058 type: string 2059 caCertHashes: 2060 description: 'CACertHashes specifies a set of 2061 public key pins to verify when token-based discovery 2062 is used. The root CA found during discovery 2063 must match one of these values. Specifying an 2064 empty set disables root CA pinning, which can 2065 be unsafe. Each hash is specified as "<type>:<value>", 2066 where the only currently supported type is "sha256". 2067 This is a hex-encoded SHA-256 hash of the Subject 2068 Public Key Info (SPKI) object in DER-encoded 2069 ASN.1. These hashes can be calculated using, 2070 for example, OpenSSL: openssl x509 -pubkey -in 2071 ca.crt openssl rsa -pubin -outform der 2>&/dev/null 2072 | openssl dgst -sha256 -hex' 2073 items: 2074 type: string 2075 type: array 2076 token: 2077 description: Token is a token used to validate 2078 cluster information fetched from the control-plane. 2079 type: string 2080 unsafeSkipCAVerification: 2081 description: UnsafeSkipCAVerification allows token-based 2082 discovery without CA verification via CACertHashes. 2083 This can weaken the security of kubeadm since 2084 other nodes can impersonate the control-plane. 2085 type: boolean 2086 required: 2087 - token 2088 type: object 2089 file: 2090 description: File is used to specify a file or URL 2091 to a kubeconfig file from which to load cluster 2092 information BootstrapToken and File are mutually 2093 exclusive 2094 properties: 2095 kubeConfigPath: 2096 description: KubeConfigPath is used to specify 2097 the actual file path or URL to the kubeconfig 2098 file from which to load cluster information 2099 type: string 2100 required: 2101 - kubeConfigPath 2102 type: object 2103 timeout: 2104 description: Timeout modifies the discovery timeout 2105 type: string 2106 tlsBootstrapToken: 2107 description: TLSBootstrapToken is a token used for 2108 TLS bootstrapping. If .BootstrapToken is set, this 2109 field is defaulted to .BootstrapToken.Token, but 2110 can be overridden. If .File is set, this field **must 2111 be set** in case the KubeConfigFile does not contain 2112 any other authentication information 2113 type: string 2114 type: object 2115 kind: 2116 description: 'Kind is a string value representing the 2117 REST resource this object represents. Servers may infer 2118 this from the endpoint the client submits requests to. 2119 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2120 type: string 2121 nodeRegistration: 2122 description: NodeRegistration holds fields that relate 2123 to registering the new control-plane node to the cluster. 2124 When used in the context of control plane nodes, NodeRegistration 2125 should remain consistent across both InitConfiguration 2126 and JoinConfiguration 2127 properties: 2128 criSocket: 2129 description: CRISocket is used to retrieve container 2130 runtime info. This information will be annotated 2131 to the Node API object, for later re-use 2132 type: string 2133 ignorePreflightErrors: 2134 description: IgnorePreflightErrors provides a slice 2135 of pre-flight errors to be ignored when the current 2136 node is registered. 2137 items: 2138 type: string 2139 type: array 2140 kubeletExtraArgs: 2141 additionalProperties: 2142 type: string 2143 description: KubeletExtraArgs passes through extra 2144 arguments to the kubelet. The arguments here are 2145 passed to the kubelet command line via the environment 2146 file kubeadm writes at runtime for the kubelet to 2147 source. This overrides the generic base-level configuration 2148 in the kubelet-config-1.X ConfigMap Flags have higher 2149 priority when parsing. These values are local and 2150 specific to the node kubeadm is executing on. 2151 type: object 2152 name: 2153 description: Name is the `.Metadata.Name` field of 2154 the Node API object that will be created in this 2155 `kubeadm init` or `kubeadm join` operation. This 2156 field is also used in the CommonName field of the 2157 kubelet's client certificate to the API server. 2158 Defaults to the hostname of the node if not provided. 2159 type: string 2160 taints: 2161 description: 'Taints specifies the taints the Node 2162 API object should be registered with. If this field 2163 is unset, i.e. nil, in the `kubeadm init` process 2164 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 2165 If you don''t want to taint your control-plane node, 2166 set this field to an empty slice, i.e. `taints: 2167 []` in the YAML file. This field is solely used 2168 for Node registration.' 2169 items: 2170 description: The node this Taint is attached to 2171 has the "effect" on any pod that does not tolerate 2172 the Taint. 2173 properties: 2174 effect: 2175 description: Required. The effect of the taint 2176 on pods that do not tolerate the taint. Valid 2177 effects are NoSchedule, PreferNoSchedule and 2178 NoExecute. 2179 type: string 2180 key: 2181 description: Required. The taint key to be applied 2182 to a node. 2183 type: string 2184 timeAdded: 2185 description: TimeAdded represents the time at 2186 which the taint was added. It is only written 2187 for NoExecute taints. 2188 format: date-time 2189 type: string 2190 value: 2191 description: The taint value corresponding to 2192 the taint key. 2193 type: string 2194 required: 2195 - effect 2196 - key 2197 type: object 2198 type: array 2199 type: object 2200 patches: 2201 description: Patches contains options related to applying 2202 patches to components deployed by kubeadm during "kubeadm 2203 join". The minimum kubernetes version needed to support 2204 Patches is v1.22 2205 properties: 2206 directory: 2207 description: Directory is a path to a directory that 2208 contains files named "target[suffix][+patchtype].extension". 2209 For example, "kube-apiserver0+merge.yaml" or just 2210 "etcd.json". "target" can be one of "kube-apiserver", 2211 "kube-controller-manager", "kube-scheduler", "etcd". 2212 "patchtype" can be one of "strategic" "merge" or 2213 "json" and they match the patch formats supported 2214 by kubectl. The default "patchtype" is "strategic". 2215 "extension" must be either "json" or "yaml". "suffix" 2216 is an optional string that can be used to determine 2217 which patches are applied first alpha-numerically. 2218 These files can be written into the target directory 2219 via OCNEConfig.Files which specifies additional 2220 files to be created on the machine, either with 2221 content inline or by referencing a secret. 2222 type: string 2223 type: object 2224 skipPhases: 2225 description: SkipPhases is a list of phases to skip during 2226 command execution. The list of phases can be obtained 2227 with the "kubeadm init --help" command. This option 2228 takes effect only on Kubernetes >=1.22.0. 2229 items: 2230 type: string 2231 type: array 2232 type: object 2233 mounts: 2234 description: Mounts specifies a list of mount points to be 2235 setup. 2236 items: 2237 description: MountPoints defines input for generated mounts 2238 in cloud-init. 2239 items: 2240 type: string 2241 type: array 2242 type: array 2243 ntp: 2244 description: NTP specifies NTP configuration 2245 properties: 2246 enabled: 2247 description: Enabled specifies whether NTP should be enabled 2248 type: boolean 2249 servers: 2250 description: Servers specifies which NTP servers to use 2251 items: 2252 type: string 2253 type: array 2254 type: object 2255 postOCNECommands: 2256 description: PostOCNECommands specifies extra commands to 2257 run after kubeadm runs 2258 items: 2259 type: string 2260 type: array 2261 preOCNECommands: 2262 description: PreOCNECommands specifies extra commands to run 2263 before kubeadm runs 2264 items: 2265 type: string 2266 type: array 2267 useExperimentalRetryJoin: 2268 description: "UseExperimentalRetryJoin replaces a basic kubeadm 2269 command with a shell script with retries for joins. \n This 2270 is meant to be an experimental temporary workaround on some 2271 environments where joins fail due to timing (and other issues). 2272 The long term goal is to add retries to kubeadm proper and 2273 use that functionality. \n This will add about 40KB to userdata 2274 \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 2275 \n Deprecated: This experimental fix is no longer needed 2276 and this field will be removed in a future release. When 2277 removing also remove from staticcheck exclude-rules for 2278 SA1019 in golangci.yml" 2279 type: boolean 2280 users: 2281 description: Users specifies extra users to add 2282 items: 2283 description: User defines the input for a generated user 2284 in cloud-init. 2285 properties: 2286 gecos: 2287 description: Gecos specifies the gecos to use for the 2288 user 2289 type: string 2290 groups: 2291 description: Groups specifies the additional groups 2292 for the user 2293 type: string 2294 homeDir: 2295 description: HomeDir specifies the home directory to 2296 use for the user 2297 type: string 2298 inactive: 2299 description: Inactive specifies whether to mark the 2300 user as inactive 2301 type: boolean 2302 lockPassword: 2303 description: LockPassword specifies if password login 2304 should be disabled 2305 type: boolean 2306 name: 2307 description: Name specifies the user name 2308 type: string 2309 passwd: 2310 description: Passwd specifies a hashed password for 2311 the user 2312 type: string 2313 passwdFrom: 2314 description: PasswdFrom is a referenced source of passwd 2315 to populate the passwd. 2316 properties: 2317 secret: 2318 description: Secret represents a secret that should 2319 populate this password. 2320 properties: 2321 key: 2322 description: Key is the key in the secret's 2323 data map for this value. 2324 type: string 2325 name: 2326 description: Name of the secret in the KubeadmBootstrapConfig's 2327 namespace to use. 2328 type: string 2329 required: 2330 - key 2331 - name 2332 type: object 2333 required: 2334 - secret 2335 type: object 2336 primaryGroup: 2337 description: PrimaryGroup specifies the primary group 2338 for the user 2339 type: string 2340 shell: 2341 description: Shell specifies the user's shell 2342 type: string 2343 sshAuthorizedKeys: 2344 description: SSHAuthorizedKeys specifies a list of ssh 2345 authorized keys for the user 2346 items: 2347 type: string 2348 type: array 2349 sudo: 2350 description: Sudo specifies a sudo role for the user 2351 type: string 2352 required: 2353 - name 2354 type: object 2355 type: array 2356 verbosity: 2357 description: Verbosity is the number for the kubeadm log level 2358 verbosity. It overrides the `--v` flag in kubeadm commands. 2359 format: int32 2360 type: integer 2361 type: object 2362 type: object 2363 required: 2364 - template 2365 type: object 2366 type: object 2367 served: true 2368 storage: true 2369 subresources: {} 2370 --- 2371 apiVersion: v1 2372 kind: ServiceAccount 2373 metadata: 2374 labels: 2375 cluster.x-k8s.io/provider: bootstrap-ocne 2376 name: capi-ocne-bootstrap-manager 2377 namespace: capi-ocne-bootstrap-system 2378 --- 2379 apiVersion: rbac.authorization.k8s.io/v1 2380 kind: Role 2381 metadata: 2382 labels: 2383 cluster.x-k8s.io/provider: bootstrap-ocne 2384 name: capi-ocne-bootstrap-leader-election-role 2385 namespace: capi-ocne-bootstrap-system 2386 rules: 2387 - apiGroups: 2388 - "" 2389 resources: 2390 - events 2391 verbs: 2392 - create 2393 - apiGroups: 2394 - coordination.k8s.io 2395 resources: 2396 - leases 2397 verbs: 2398 - get 2399 - list 2400 - watch 2401 - create 2402 - update 2403 - patch 2404 - delete 2405 --- 2406 apiVersion: rbac.authorization.k8s.io/v1 2407 kind: ClusterRole 2408 metadata: 2409 creationTimestamp: null 2410 labels: 2411 cluster.x-k8s.io/provider: bootstrap-ocne 2412 name: capi-ocne-bootstrap-manager-role 2413 rules: 2414 - apiGroups: 2415 - "" 2416 resources: 2417 - configmaps 2418 - events 2419 - secrets 2420 verbs: 2421 - create 2422 - delete 2423 - get 2424 - list 2425 - patch 2426 - update 2427 - watch 2428 - apiGroups: 2429 - bootstrap.cluster.x-k8s.io 2430 resources: 2431 - ocneconfigs 2432 - ocneconfigs/finalizers 2433 - ocneconfigs/status 2434 verbs: 2435 - create 2436 - delete 2437 - get 2438 - list 2439 - patch 2440 - update 2441 - watch 2442 - apiGroups: 2443 - cluster.x-k8s.io 2444 resources: 2445 - clusters 2446 - clusters/status 2447 - machinepools 2448 - machinepools/status 2449 - machines 2450 - machines/status 2451 - machinesets 2452 verbs: 2453 - get 2454 - list 2455 - watch 2456 - apiGroups: 2457 - controlplane.cluster.x-k8s.io 2458 resources: 2459 - '*' 2460 verbs: 2461 - get 2462 - list 2463 --- 2464 apiVersion: rbac.authorization.k8s.io/v1 2465 kind: RoleBinding 2466 metadata: 2467 labels: 2468 cluster.x-k8s.io/provider: bootstrap-ocne 2469 name: capi-ocne-bootstrap-leader-election-rolebinding 2470 namespace: capi-ocne-bootstrap-system 2471 roleRef: 2472 apiGroup: rbac.authorization.k8s.io 2473 kind: Role 2474 name: capi-ocne-bootstrap-leader-election-role 2475 subjects: 2476 - kind: ServiceAccount 2477 name: capi-ocne-bootstrap-manager 2478 namespace: capi-ocne-bootstrap-system 2479 --- 2480 apiVersion: rbac.authorization.k8s.io/v1 2481 kind: ClusterRoleBinding 2482 metadata: 2483 labels: 2484 cluster.x-k8s.io/provider: bootstrap-ocne 2485 name: capi-ocne-bootstrap-manager-rolebinding 2486 roleRef: 2487 apiGroup: rbac.authorization.k8s.io 2488 kind: ClusterRole 2489 name: capi-ocne-bootstrap-manager-role 2490 subjects: 2491 - kind: ServiceAccount 2492 name: capi-ocne-bootstrap-manager 2493 namespace: capi-ocne-bootstrap-system 2494 --- 2495 apiVersion: v1 2496 kind: Service 2497 metadata: 2498 labels: 2499 cluster.x-k8s.io/provider: bootstrap-ocne 2500 name: capi-ocne-bootstrap-webhook-service 2501 namespace: capi-ocne-bootstrap-system 2502 spec: 2503 ports: 2504 - port: 443 2505 targetPort: webhook-server 2506 selector: 2507 cluster.x-k8s.io/provider: bootstrap-ocne 2508 --- 2509 apiVersion: apps/v1 2510 kind: Deployment 2511 metadata: 2512 labels: 2513 cluster.x-k8s.io/provider: bootstrap-ocne 2514 control-plane: controller-manager 2515 name: capi-ocne-bootstrap-controller-manager 2516 namespace: capi-ocne-bootstrap-system 2517 spec: 2518 replicas: 1 2519 selector: 2520 matchLabels: 2521 cluster.x-k8s.io/provider: bootstrap-ocne 2522 control-plane: controller-manager 2523 template: 2524 metadata: 2525 labels: 2526 cluster.x-k8s.io/provider: bootstrap-ocne 2527 control-plane: controller-manager 2528 spec: 2529 containers: 2530 - args: 2531 - --leader-elect 2532 - --metrics-bind-addr=localhost:8080 2533 - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} 2534 - --bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m} 2535 command: 2536 - /manager 2537 env: 2538 - name: POD_NAMESPACE 2539 valueFrom: 2540 fieldRef: 2541 fieldPath: metadata.namespace 2542 image: ghcr.io/verrazzano/cluster-api-ocne-bootstrap-controller:v1.7.0-20230815141941-9a36ded 2543 imagePullPolicy: IfNotPresent 2544 livenessProbe: 2545 httpGet: 2546 path: /healthz 2547 port: healthz 2548 name: manager 2549 ports: 2550 - containerPort: 9443 2551 name: webhook-server 2552 protocol: TCP 2553 - containerPort: 9440 2554 name: healthz 2555 protocol: TCP 2556 readinessProbe: 2557 httpGet: 2558 path: /readyz 2559 port: healthz 2560 volumeMounts: 2561 - mountPath: /tmp/k8s-webhook-server/serving-certs 2562 name: cert 2563 readOnly: true 2564 serviceAccountName: capi-ocne-bootstrap-manager 2565 terminationGracePeriodSeconds: 10 2566 tolerations: 2567 - effect: NoSchedule 2568 key: node-role.kubernetes.io/master 2569 - effect: NoSchedule 2570 key: node-role.kubernetes.io/control-plane 2571 volumes: 2572 - name: cert 2573 secret: 2574 secretName: capi-ocne-bootstrap-webhook-service-cert 2575 --- 2576 apiVersion: cert-manager.io/v1 2577 kind: Certificate 2578 metadata: 2579 labels: 2580 cluster.x-k8s.io/provider: bootstrap-ocne 2581 name: capi-ocne-bootstrap-serving-cert 2582 namespace: capi-ocne-bootstrap-system 2583 spec: 2584 dnsNames: 2585 - capi-ocne-bootstrap-webhook-service.capi-ocne-bootstrap-system.svc 2586 - capi-ocne-bootstrap-webhook-service.capi-ocne-bootstrap-system.svc.cluster.local 2587 issuerRef: 2588 kind: Issuer 2589 name: capi-ocne-bootstrap-selfsigned-issuer 2590 secretName: capi-ocne-bootstrap-webhook-service-cert 2591 subject: 2592 organizations: 2593 - k8s-sig-cluster-lifecycle 2594 --- 2595 apiVersion: cert-manager.io/v1 2596 kind: Issuer 2597 metadata: 2598 labels: 2599 cluster.x-k8s.io/provider: bootstrap-ocne 2600 name: capi-ocne-bootstrap-selfsigned-issuer 2601 namespace: capi-ocne-bootstrap-system 2602 spec: 2603 selfSigned: {} 2604 --- 2605 apiVersion: admissionregistration.k8s.io/v1 2606 kind: MutatingWebhookConfiguration 2607 metadata: 2608 annotations: 2609 cert-manager.io/inject-ca-from: capi-ocne-bootstrap-system/capi-ocne-bootstrap-serving-cert 2610 labels: 2611 cluster.x-k8s.io/provider: bootstrap-ocne 2612 name: capi-ocne-bootstrap-mutating-webhook-configuration 2613 webhooks: 2614 - admissionReviewVersions: 2615 - v1 2616 - v1alpha1 2617 clientConfig: 2618 service: 2619 name: capi-ocne-bootstrap-webhook-service 2620 namespace: capi-ocne-bootstrap-system 2621 path: /mutate-bootstrap-cluster-x-k8s-io-v1alpha1-ocneconfig 2622 failurePolicy: Fail 2623 name: default.ocneconfig.bootstrap.cluster.x-k8s.io 2624 rules: 2625 - apiGroups: 2626 - bootstrap.cluster.x-k8s.io 2627 apiVersions: 2628 - v1alpha1 2629 operations: 2630 - CREATE 2631 - UPDATE 2632 resources: 2633 - ocneconfigs 2634 sideEffects: None 2635 - admissionReviewVersions: 2636 - v1 2637 - v1alpha1 2638 clientConfig: 2639 service: 2640 name: capi-ocne-bootstrap-webhook-service 2641 namespace: capi-ocne-bootstrap-system 2642 path: /mutate-bootstrap-cluster-x-k8s-io-v1alpha1-ocneconfigtemplate 2643 failurePolicy: Fail 2644 name: default.ocneconfigtemplate.bootstrap.cluster.x-k8s.io 2645 rules: 2646 - apiGroups: 2647 - bootstrap.cluster.x-k8s.io 2648 apiVersions: 2649 - v1alpha1 2650 operations: 2651 - CREATE 2652 - UPDATE 2653 resources: 2654 - ocneconfigtemplates 2655 sideEffects: None 2656 --- 2657 apiVersion: admissionregistration.k8s.io/v1 2658 kind: ValidatingWebhookConfiguration 2659 metadata: 2660 annotations: 2661 cert-manager.io/inject-ca-from: capi-ocne-bootstrap-system/capi-ocne-bootstrap-serving-cert 2662 labels: 2663 cluster.x-k8s.io/provider: bootstrap-ocne 2664 name: capi-ocne-bootstrap-validating-webhook-configuration 2665 webhooks: 2666 - admissionReviewVersions: 2667 - v1 2668 - v1alpha1 2669 clientConfig: 2670 service: 2671 name: capi-ocne-bootstrap-webhook-service 2672 namespace: capi-ocne-bootstrap-system 2673 path: /validate-bootstrap-cluster-x-k8s-io-v1alpha1-ocneconfig 2674 failurePolicy: Fail 2675 matchPolicy: Equivalent 2676 name: validation.ocneconfig.bootstrap.cluster.x-k8s.io 2677 rules: 2678 - apiGroups: 2679 - bootstrap.cluster.x-k8s.io 2680 apiVersions: 2681 - v1alpha1 2682 operations: 2683 - CREATE 2684 - UPDATE 2685 resources: 2686 - ocneconfigs 2687 sideEffects: None 2688 - admissionReviewVersions: 2689 - v1 2690 - v1alpha1 2691 clientConfig: 2692 service: 2693 name: capi-ocne-bootstrap-webhook-service 2694 namespace: capi-ocne-bootstrap-system 2695 path: /validate-bootstrap-cluster-x-k8s-io-v1alpha1-ocneconfigtemplate 2696 failurePolicy: Fail 2697 matchPolicy: Equivalent 2698 name: validation.ocneconfigtemplate.bootstrap.cluster.x-k8s.io 2699 rules: 2700 - apiGroups: 2701 - bootstrap.cluster.x-k8s.io 2702 apiVersions: 2703 - v1alpha1 2704 operations: 2705 - CREATE 2706 - UPDATE 2707 resources: 2708 - ocneconfigtemplates 2709 sideEffects: None