github.com/verrazzano/verrazzano@v1.7.0/platform-operator/capi/control-plane-ocne/v1.7.0/control-plane-components.yaml (about) 1 # Copyright (c) 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 apiVersion: v1 5 kind: Namespace 6 metadata: 7 labels: 8 cluster.x-k8s.io/provider: control-plane-ocne 9 control-plane: controller-manager 10 name: capi-ocne-control-plane-system 11 --- 12 apiVersion: apiextensions.k8s.io/v1 13 kind: CustomResourceDefinition 14 metadata: 15 annotations: 16 cert-manager.io/inject-ca-from: capi-ocne-control-plane-system/capi-ocne-control-plane-serving-cert 17 controller-gen.kubebuilder.io/version: v0.10.0 18 labels: 19 cluster.x-k8s.io/provider: control-plane-ocne 20 cluster.x-k8s.io/v1beta1: v1alpha1 21 name: ocnecontrolplanes.controlplane.cluster.x-k8s.io 22 spec: 23 conversion: 24 strategy: Webhook 25 webhook: 26 clientConfig: 27 caBundle: Cg== 28 service: 29 name: capi-ocne-control-plane-webhook-service 30 namespace: capi-ocne-control-plane-system 31 path: /convert 32 conversionReviewVersions: 33 - v1 34 - v1beta1 35 group: controlplane.cluster.x-k8s.io 36 names: 37 categories: 38 - cluster-api 39 kind: OCNEControlPlane 40 listKind: OCNEControlPlaneList 41 plural: ocnecontrolplanes 42 shortNames: 43 - ocnecp 44 singular: ocnecontrolplane 45 scope: Namespaced 46 versions: 47 - additionalPrinterColumns: 48 - description: Cluster 49 jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] 50 name: Cluster 51 type: string 52 - description: This denotes whether or not the control plane has the uploaded 53 kubeadm-config configmap 54 jsonPath: .status.initialized 55 name: Initialized 56 type: boolean 57 - description: OCNEControlPlane API Server is ready to receive requests 58 jsonPath: .status.ready 59 name: API Server Available 60 type: boolean 61 - description: Total number of machines desired by this control plane 62 jsonPath: .spec.replicas 63 name: Desired 64 priority: 10 65 type: integer 66 - description: Total number of non-terminated machines targeted by this control 67 plane 68 jsonPath: .status.replicas 69 name: Replicas 70 type: integer 71 - description: Total number of fully running and ready control plane machines 72 jsonPath: .status.readyReplicas 73 name: Ready 74 type: integer 75 - description: Total number of non-terminated machines targeted by this control 76 plane that have the desired template spec 77 jsonPath: .status.updatedReplicas 78 name: Updated 79 type: integer 80 - description: Total number of unavailable machines targeted by this control plane 81 jsonPath: .status.unavailableReplicas 82 name: Unavailable 83 type: integer 84 - description: Time duration since creation of OCNEControlPlane 85 jsonPath: .metadata.creationTimestamp 86 name: Age 87 type: date 88 - description: Kubernetes version associated with this control plane 89 jsonPath: .spec.version 90 name: Version 91 type: string 92 name: v1alpha1 93 schema: 94 openAPIV3Schema: 95 description: OCNEControlPlane is the Schema for the OCNEControlPlane API. 96 properties: 97 apiVersion: 98 description: 'APIVersion defines the versioned schema of this representation 99 of an object. Servers should convert recognized schemas to the latest 100 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 101 type: string 102 kind: 103 description: 'Kind is a string value representing the REST resource this 104 object represents. Servers may infer this from the endpoint the client 105 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 106 type: string 107 metadata: 108 type: object 109 spec: 110 description: OCNEControlPlaneSpec defines the desired state of OCNEControlPlane. 111 properties: 112 controlPlaneConfig: 113 description: ControlPlaneConfig is a bootstrap OCNEConfigSpec to use 114 for initializing and joining machines to the control plane. 115 properties: 116 clusterConfiguration: 117 description: ClusterConfiguration along with InitConfiguration 118 are the configurations necessary for the init command 119 properties: 120 apiServer: 121 description: APIServer contains extra settings for the API 122 server control plane component 123 properties: 124 certSANs: 125 description: CertSANs sets extra Subject Alternative Names 126 for the API Server signing cert. 127 items: 128 type: string 129 type: array 130 extraArgs: 131 additionalProperties: 132 type: string 133 description: 'ExtraArgs is an extra set of flags to pass 134 to the control plane component. TODO: This is temporary 135 and ideally we would like to switch all components to 136 use ComponentConfig + ConfigMaps.' 137 type: object 138 extraVolumes: 139 description: ExtraVolumes is an extra set of host volumes, 140 mounted to the control plane component. 141 items: 142 description: HostPathMount contains elements describing 143 volumes that are mounted from the host. 144 properties: 145 hostPath: 146 description: HostPath is the path in the host that 147 will be mounted inside the pod. 148 type: string 149 mountPath: 150 description: MountPath is the path inside the pod 151 where hostPath will be mounted. 152 type: string 153 name: 154 description: Name of the volume inside the pod template. 155 type: string 156 pathType: 157 description: PathType is the type of the HostPath. 158 type: string 159 readOnly: 160 description: ReadOnly controls write access to the 161 volume 162 type: boolean 163 required: 164 - hostPath 165 - mountPath 166 - name 167 type: object 168 type: array 169 timeoutForControlPlane: 170 description: TimeoutForControlPlane controls the timeout 171 that we use for API server to appear 172 type: string 173 type: object 174 apiVersion: 175 description: 'APIVersion defines the versioned schema of this 176 representation of an object. Servers should convert recognized 177 schemas to the latest internal value, and may reject unrecognized 178 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 179 type: string 180 certificatesDir: 181 description: 'CertificatesDir specifies where to store or 182 look for all required certificates. NB: if not provided, 183 this will default to `/etc/kubernetes/pki`' 184 type: string 185 clusterName: 186 description: The cluster name 187 type: string 188 controlPlaneEndpoint: 189 description: 'ControlPlaneEndpoint sets a stable IP address 190 or DNS name for the control plane; it can be a valid IP 191 address or a RFC-1123 DNS subdomain, both with optional 192 TCP port. In case the ControlPlaneEndpoint is not specified, 193 the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint 194 is specified but without a TCP port, the BindPort is used. 195 Possible usages are: e.g. In a cluster with more than one 196 control plane instances, this field should be assigned the 197 address of the external load balancer in front of the control 198 plane instances. e.g. in environments with enforced node 199 recycling, the ControlPlaneEndpoint could be used for assigning 200 a stable DNS to the control plane. NB: This value defaults 201 to the first value in the Cluster object status.apiEndpoints 202 array.' 203 type: string 204 controllerManager: 205 description: ControllerManager contains extra settings for 206 the controller manager control plane component 207 properties: 208 extraArgs: 209 additionalProperties: 210 type: string 211 description: 'ExtraArgs is an extra set of flags to pass 212 to the control plane component. TODO: This is temporary 213 and ideally we would like to switch all components to 214 use ComponentConfig + ConfigMaps.' 215 type: object 216 extraVolumes: 217 description: ExtraVolumes is an extra set of host volumes, 218 mounted to the control plane component. 219 items: 220 description: HostPathMount contains elements describing 221 volumes that are mounted from the host. 222 properties: 223 hostPath: 224 description: HostPath is the path in the host that 225 will be mounted inside the pod. 226 type: string 227 mountPath: 228 description: MountPath is the path inside the pod 229 where hostPath will be mounted. 230 type: string 231 name: 232 description: Name of the volume inside the pod template. 233 type: string 234 pathType: 235 description: PathType is the type of the HostPath. 236 type: string 237 readOnly: 238 description: ReadOnly controls write access to the 239 volume 240 type: boolean 241 required: 242 - hostPath 243 - mountPath 244 - name 245 type: object 246 type: array 247 type: object 248 dns: 249 description: DNS defines the options for the DNS add-on installed 250 in the cluster. 251 properties: 252 imageRepository: 253 description: ImageRepository sets the container registry 254 to pull images from. if not set, the ImageRepository 255 defined in ClusterConfiguration will be used instead. 256 type: string 257 imageTag: 258 description: ImageTag allows to specify a tag for the 259 image. In case this value is set, kubeadm does not change 260 automatically the version of the above components during 261 upgrades. 262 type: string 263 type: object 264 etcd: 265 description: 'Etcd holds configuration for etcd. NB: This 266 value defaults to a Local (stacked) etcd' 267 properties: 268 external: 269 description: External describes how to connect to an external 270 etcd cluster Local and External are mutually exclusive 271 properties: 272 caFile: 273 description: CAFile is an SSL Certificate Authority 274 file used to secure etcd communication. Required 275 if using a TLS connection. 276 type: string 277 certFile: 278 description: CertFile is an SSL certification file 279 used to secure etcd communication. Required if using 280 a TLS connection. 281 type: string 282 endpoints: 283 description: Endpoints of etcd members. Required for 284 ExternalEtcd. 285 items: 286 type: string 287 type: array 288 keyFile: 289 description: KeyFile is an SSL key file used to secure 290 etcd communication. Required if using a TLS connection. 291 type: string 292 required: 293 - caFile 294 - certFile 295 - endpoints 296 - keyFile 297 type: object 298 local: 299 description: Local provides configuration knobs for configuring 300 the local etcd instance Local and External are mutually 301 exclusive 302 properties: 303 dataDir: 304 description: DataDir is the directory etcd will place 305 its data. Defaults to "/var/lib/etcd". 306 type: string 307 extraArgs: 308 additionalProperties: 309 type: string 310 description: ExtraArgs are extra arguments provided 311 to the etcd binary when run inside a static pod. 312 type: object 313 imageRepository: 314 description: ImageRepository sets the container registry 315 to pull images from. if not set, the ImageRepository 316 defined in ClusterConfiguration will be used instead. 317 type: string 318 imageTag: 319 description: ImageTag allows to specify a tag for 320 the image. In case this value is set, kubeadm does 321 not change automatically the version of the above 322 components during upgrades. 323 type: string 324 peerCertSANs: 325 description: PeerCertSANs sets extra Subject Alternative 326 Names for the etcd peer signing cert. 327 items: 328 type: string 329 type: array 330 serverCertSANs: 331 description: ServerCertSANs sets extra Subject Alternative 332 Names for the etcd server signing cert. 333 items: 334 type: string 335 type: array 336 type: object 337 type: object 338 featureGates: 339 additionalProperties: 340 type: boolean 341 description: FeatureGates enabled by the user. 342 type: object 343 imageRepository: 344 description: 'ImageRepository sets the container registry 345 to pull images from. * If not set, the default registry 346 of kubeadm will be used, i.e. * registry.k8s.io (new registry): 347 >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 * k8s.gcr.io 348 (old registry): all older versions Please note that when 349 imageRepository is not set we don''t allow upgrades to versions 350 >= v1.22.0 which use the old registry (k8s.gcr.io). Please 351 use a newer patch version with the new registry instead 352 (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0). 353 * If the version is a CI build (kubernetes version starts 354 with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` 355 will be used as a default for control plane components and 356 for kube-proxy, while `registry.k8s.io` will be used for 357 all the other images.' 358 type: string 359 kind: 360 description: 'Kind is a string value representing the REST 361 resource this object represents. Servers may infer this 362 from the endpoint the client submits requests to. Cannot 363 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 364 type: string 365 kubernetesVersion: 366 description: 'KubernetesVersion is the target version of the 367 control plane. NB: This value defaults to the Machine object 368 spec.version' 369 type: string 370 networking: 371 description: 'Networking holds configuration for the networking 372 topology of the cluster. NB: This value defaults to the 373 Cluster object spec.clusterNetwork.' 374 properties: 375 dnsDomain: 376 description: DNSDomain is the dns domain used by k8s services. 377 Defaults to "cluster.local". 378 type: string 379 podSubnet: 380 description: PodSubnet is the subnet used by pods. If 381 unset, the API server will not allocate CIDR ranges 382 for every node. Defaults to a comma-delimited string 383 of the Cluster object's spec.clusterNetwork.services.cidrBlocks 384 if that is set 385 type: string 386 serviceSubnet: 387 description: ServiceSubnet is the subnet used by k8s services. 388 Defaults to a comma-delimited string of the Cluster 389 object's spec.clusterNetwork.pods.cidrBlocks, or to 390 "10.96.0.0/12" if that's unset. 391 type: string 392 type: object 393 scheduler: 394 description: Scheduler contains extra settings for the scheduler 395 control plane component 396 properties: 397 extraArgs: 398 additionalProperties: 399 type: string 400 description: 'ExtraArgs is an extra set of flags to pass 401 to the control plane component. TODO: This is temporary 402 and ideally we would like to switch all components to 403 use ComponentConfig + ConfigMaps.' 404 type: object 405 extraVolumes: 406 description: ExtraVolumes is an extra set of host volumes, 407 mounted to the control plane component. 408 items: 409 description: HostPathMount contains elements describing 410 volumes that are mounted from the host. 411 properties: 412 hostPath: 413 description: HostPath is the path in the host that 414 will be mounted inside the pod. 415 type: string 416 mountPath: 417 description: MountPath is the path inside the pod 418 where hostPath will be mounted. 419 type: string 420 name: 421 description: Name of the volume inside the pod template. 422 type: string 423 pathType: 424 description: PathType is the type of the HostPath. 425 type: string 426 readOnly: 427 description: ReadOnly controls write access to the 428 volume 429 type: boolean 430 required: 431 - hostPath 432 - mountPath 433 - name 434 type: object 435 type: array 436 type: object 437 type: object 438 diskSetup: 439 description: DiskSetup specifies options for the creation of partition 440 tables and file systems on devices. 441 properties: 442 filesystems: 443 description: Filesystems specifies the list of file systems 444 to setup. 445 items: 446 description: Filesystem defines the file systems to be created. 447 properties: 448 device: 449 description: Device specifies the device name 450 type: string 451 extraOpts: 452 description: ExtraOpts defined extra options to add 453 to the command for creating the file system. 454 items: 455 type: string 456 type: array 457 filesystem: 458 description: Filesystem specifies the file system type. 459 type: string 460 label: 461 description: Label specifies the file system label to 462 be used. If set to None, no label is used. 463 type: string 464 overwrite: 465 description: Overwrite defines whether or not to overwrite 466 any existing filesystem. If true, any pre-existing 467 file system will be destroyed. Use with Caution. 468 type: boolean 469 partition: 470 description: 'Partition specifies the partition to use. 471 The valid options are: "auto|any", "auto", "any", 472 "none", and <NUM>, where NUM is the actual partition 473 number.' 474 type: string 475 replaceFS: 476 description: 'ReplaceFS is a special directive, used 477 for Microsoft Azure that instructs cloud-init to replace 478 a file system of <FS_TYPE>. NOTE: unless you define 479 a label, this requires the use of the ''any'' partition 480 directive.' 481 type: string 482 required: 483 - device 484 - filesystem 485 - label 486 type: object 487 type: array 488 partitions: 489 description: Partitions specifies the list of the partitions 490 to setup. 491 items: 492 description: Partition defines how to create and layout 493 a partition. 494 properties: 495 device: 496 description: Device is the name of the device. 497 type: string 498 layout: 499 description: Layout specifies the device layout. If 500 it is true, a single partition will be created for 501 the entire device. When layout is false, it means 502 don't partition or ignore existing partitioning. 503 type: boolean 504 overwrite: 505 description: Overwrite describes whether to skip checks 506 and create the partition if a partition or filesystem 507 is found on the device. Use with caution. Default 508 is 'false'. 509 type: boolean 510 tableType: 511 description: 'TableType specifies the tupe of partition 512 table. The following are supported: ''mbr'': default 513 and setups a MS-DOS partition table ''gpt'': setups 514 a GPT partition table' 515 type: string 516 required: 517 - device 518 - layout 519 type: object 520 type: array 521 type: object 522 files: 523 description: Files specifies extra files to be passed to user_data 524 upon creation. 525 items: 526 description: File defines the input for generating write_files 527 in cloud-init. 528 properties: 529 append: 530 description: Append specifies whether to append Content 531 to existing file if Path exists. 532 type: boolean 533 content: 534 description: Content is the actual content of the file. 535 type: string 536 contentFrom: 537 description: ContentFrom is a referenced source of content 538 to populate the file. 539 properties: 540 secret: 541 description: Secret represents a secret that should 542 populate this file. 543 properties: 544 key: 545 description: Key is the key in the secret's data 546 map for this value. 547 type: string 548 name: 549 description: Name of the secret in the KubeadmBootstrapConfig's 550 namespace to use. 551 type: string 552 required: 553 - key 554 - name 555 type: object 556 required: 557 - secret 558 type: object 559 encoding: 560 description: Encoding specifies the encoding of the file 561 contents. 562 enum: 563 - base64 564 - gzip 565 - gzip+base64 566 type: string 567 owner: 568 description: Owner specifies the ownership of the file, 569 e.g. "root:root". 570 type: string 571 path: 572 description: Path specifies the full path on disk where 573 to store the file. 574 type: string 575 permissions: 576 description: Permissions specifies the permissions to assign 577 to the file, e.g. "0640". 578 type: string 579 required: 580 - path 581 type: object 582 type: array 583 format: 584 description: Format specifies the output format of the bootstrap 585 data 586 enum: 587 - cloud-config 588 - ignition 589 type: string 590 ignition: 591 description: Ignition contains Ignition specific configuration. 592 properties: 593 containerLinuxConfig: 594 description: ContainerLinuxConfig contains CLC specific configuration. 595 properties: 596 additionalConfig: 597 description: "AdditionalConfig contains additional configuration 598 to be merged with the Ignition configuration generated 599 by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 600 \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" 601 type: string 602 strict: 603 description: Strict controls if AdditionalConfig should 604 be strictly parsed. If so, warnings are treated as errors. 605 type: boolean 606 type: object 607 type: object 608 imageConfiguration: 609 description: ImageConfiguration contains configuration required 610 for the base image. 611 properties: 612 dependencies: 613 description: Dependencies contains details about dependencies 614 on the image that can be configured at boot time. 615 properties: 616 skipInstall: 617 description: SkipInstall is the flag that can be used 618 to tell the provider to skip install of OCNE dependencies. 619 The value, if set to true, will be used to skip the 620 overrides installation on OCNEConfigSpec. By default, 621 this value is false. 622 type: boolean 623 type: object 624 proxy: 625 description: Proxy contains proxy server info that may be 626 required for installing dependencies. The value, if specified 627 is used in conjunction with preOCNECommands to install and 628 configure repositories. 629 properties: 630 httpProxy: 631 description: HttpProxy contains http proxy server info 632 that may be required for installing dependencies. The 633 value, if specified is used in conjunction with preOCNECommands 634 to install and configure repositories. 635 type: string 636 httpsProxy: 637 description: HttpsProxy contains https proxy server info 638 that may be required for installing dependencies. The 639 value, if specified is used in conjunction with preOCNECommands 640 to install and configure repositories. 641 type: string 642 noProxy: 643 description: NoProxy contains addresses that needs to 644 be skipped when proxy server is being used. The value, 645 if specified is used in conjunction with preOCNECommands 646 to install and configure repositories. 647 type: string 648 type: object 649 type: object 650 initConfiguration: 651 description: InitConfiguration along with ClusterConfiguration 652 are the configurations necessary for the init command 653 properties: 654 apiVersion: 655 description: 'APIVersion defines the versioned schema of this 656 representation of an object. Servers should convert recognized 657 schemas to the latest internal value, and may reject unrecognized 658 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 659 type: string 660 bootstrapTokens: 661 description: BootstrapTokens is respected at `kubeadm init` 662 time and describes a set of Bootstrap Tokens to create. 663 This information IS NOT uploaded to the kubeadm cluster 664 configmap, partly because of its sensitive nature 665 items: 666 description: BootstrapToken describes one bootstrap token, 667 stored as a Secret in the cluster. 668 properties: 669 description: 670 description: Description sets a human-friendly message 671 why this token exists and what it's used for, so other 672 administrators can know its purpose. 673 type: string 674 expires: 675 description: Expires specifies the timestamp when this 676 token expires. Defaults to being set dynamically at 677 runtime based on the TTL. Expires and TTL are mutually 678 exclusive. 679 format: date-time 680 type: string 681 groups: 682 description: Groups specifies the extra groups that 683 this token will authenticate as when/if used for authentication 684 items: 685 type: string 686 type: array 687 token: 688 description: Token is used for establishing bidirectional 689 trust between nodes and control-planes. Used for joining 690 nodes in the cluster. 691 type: string 692 ttl: 693 description: TTL defines the time to live for this token. 694 Defaults to 24h. Expires and TTL are mutually exclusive. 695 type: string 696 usages: 697 description: Usages describes the ways in which this 698 token can be used. Can by default be used for establishing 699 bidirectional trust, but that can be changed here. 700 items: 701 type: string 702 type: array 703 required: 704 - token 705 type: object 706 type: array 707 kind: 708 description: 'Kind is a string value representing the REST 709 resource this object represents. Servers may infer this 710 from the endpoint the client submits requests to. Cannot 711 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 712 type: string 713 localAPIEndpoint: 714 description: LocalAPIEndpoint represents the endpoint of the 715 API server instance that's deployed on this control plane 716 node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 717 in the sense that ControlPlaneEndpoint is the global endpoint 718 for the cluster, which then loadbalances the requests to 719 each individual API server. This configuration object lets 720 you customize what IP/DNS name and port the local API server 721 advertises it's accessible on. By default, kubeadm tries 722 to auto-detect the IP of the default interface and use that, 723 but in case that process fails you may set the desired value 724 here. 725 properties: 726 advertiseAddress: 727 description: AdvertiseAddress sets the IP address for 728 the API server to advertise. 729 type: string 730 bindPort: 731 description: BindPort sets the secure port for the API 732 Server to bind to. Defaults to 6443. 733 format: int32 734 type: integer 735 type: object 736 nodeRegistration: 737 description: NodeRegistration holds fields that relate to 738 registering the new control-plane node to the cluster. When 739 used in the context of control plane nodes, NodeRegistration 740 should remain consistent across both InitConfiguration and 741 JoinConfiguration 742 properties: 743 criSocket: 744 description: CRISocket is used to retrieve container runtime 745 info. This information will be annotated to the Node 746 API object, for later re-use 747 type: string 748 ignorePreflightErrors: 749 description: IgnorePreflightErrors provides a slice of 750 pre-flight errors to be ignored when the current node 751 is registered. 752 items: 753 type: string 754 type: array 755 kubeletExtraArgs: 756 additionalProperties: 757 type: string 758 description: KubeletExtraArgs passes through extra arguments 759 to the kubelet. The arguments here are passed to the 760 kubelet command line via the environment file kubeadm 761 writes at runtime for the kubelet to source. This overrides 762 the generic base-level configuration in the kubelet-config-1.X 763 ConfigMap Flags have higher priority when parsing. These 764 values are local and specific to the node kubeadm is 765 executing on. 766 type: object 767 name: 768 description: Name is the `.Metadata.Name` field of the 769 Node API object that will be created in this `kubeadm 770 init` or `kubeadm join` operation. This field is also 771 used in the CommonName field of the kubelet's client 772 certificate to the API server. Defaults to the hostname 773 of the node if not provided. 774 type: string 775 taints: 776 description: 'Taints specifies the taints the Node API 777 object should be registered with. If this field is unset, 778 i.e. nil, in the `kubeadm init` process it will be defaulted 779 to []v1.Taint{''node-role.kubernetes.io/master=""''}. 780 If you don''t want to taint your control-plane node, 781 set this field to an empty slice, i.e. `taints: []` 782 in the YAML file. This field is solely used for Node 783 registration.' 784 items: 785 description: The node this Taint is attached to has 786 the "effect" on any pod that does not tolerate the 787 Taint. 788 properties: 789 effect: 790 description: Required. The effect of the taint on 791 pods that do not tolerate the taint. Valid effects 792 are NoSchedule, PreferNoSchedule and NoExecute. 793 type: string 794 key: 795 description: Required. The taint key to be applied 796 to a node. 797 type: string 798 timeAdded: 799 description: TimeAdded represents the time at which 800 the taint was added. It is only written for NoExecute 801 taints. 802 format: date-time 803 type: string 804 value: 805 description: The taint value corresponding to the 806 taint key. 807 type: string 808 required: 809 - effect 810 - key 811 type: object 812 type: array 813 type: object 814 patches: 815 description: Patches contains options related to applying 816 patches to components deployed by kubeadm during "kubeadm 817 init". The minimum kubernetes version needed to support 818 Patches is v1.22 819 properties: 820 directory: 821 description: Directory is a path to a directory that contains 822 files named "target[suffix][+patchtype].extension". 823 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". 824 "target" can be one of "kube-apiserver", "kube-controller-manager", 825 "kube-scheduler", "etcd". "patchtype" can be one of 826 "strategic" "merge" or "json" and they match the patch 827 formats supported by kubectl. The default "patchtype" 828 is "strategic". "extension" must be either "json" or 829 "yaml". "suffix" is an optional string that can be used 830 to determine which patches are applied first alpha-numerically. 831 These files can be written into the target directory 832 via OCNEConfig.Files which specifies additional files 833 to be created on the machine, either with content inline 834 or by referencing a secret. 835 type: string 836 type: object 837 skipPhases: 838 description: SkipPhases is a list of phases to skip during 839 command execution. The list of phases can be obtained with 840 the "kubeadm init --help" command. This option takes effect 841 only on Kubernetes >=1.22.0. 842 items: 843 type: string 844 type: array 845 type: object 846 joinConfiguration: 847 description: JoinConfiguration is the kubeadm configuration for 848 the join command 849 properties: 850 apiVersion: 851 description: 'APIVersion defines the versioned schema of this 852 representation of an object. Servers should convert recognized 853 schemas to the latest internal value, and may reject unrecognized 854 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 855 type: string 856 caCertPath: 857 description: 'CACertPath is the path to the SSL certificate 858 authority used to secure comunications between node and 859 control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 860 TODO: revisit when there is defaulting from k/k' 861 type: string 862 controlPlane: 863 description: ControlPlane defines the additional control plane 864 instance to be deployed on the joining node. If nil, no 865 additional control plane instance will be deployed. 866 properties: 867 localAPIEndpoint: 868 description: LocalAPIEndpoint represents the endpoint 869 of the API server instance to be deployed on this node. 870 properties: 871 advertiseAddress: 872 description: AdvertiseAddress sets the IP address 873 for the API server to advertise. 874 type: string 875 bindPort: 876 description: BindPort sets the secure port for the 877 API Server to bind to. Defaults to 6443. 878 format: int32 879 type: integer 880 type: object 881 type: object 882 discovery: 883 description: 'Discovery specifies the options for the kubelet 884 to use during the TLS Bootstrap process TODO: revisit when 885 there is defaulting from k/k' 886 properties: 887 bootstrapToken: 888 description: BootstrapToken is used to set the options 889 for bootstrap token based discovery BootstrapToken and 890 File are mutually exclusive 891 properties: 892 apiServerEndpoint: 893 description: APIServerEndpoint is an IP or domain 894 name to the API server from which info will be fetched. 895 type: string 896 caCertHashes: 897 description: 'CACertHashes specifies a set of public 898 key pins to verify when token-based discovery is 899 used. The root CA found during discovery must match 900 one of these values. Specifying an empty set disables 901 root CA pinning, which can be unsafe. Each hash 902 is specified as "<type>:<value>", where the only 903 currently supported type is "sha256". This is a 904 hex-encoded SHA-256 hash of the Subject Public Key 905 Info (SPKI) object in DER-encoded ASN.1. These hashes 906 can be calculated using, for example, OpenSSL: openssl 907 x509 -pubkey -in ca.crt openssl rsa -pubin -outform 908 der 2>&/dev/null | openssl dgst -sha256 -hex' 909 items: 910 type: string 911 type: array 912 token: 913 description: Token is a token used to validate cluster 914 information fetched from the control-plane. 915 type: string 916 unsafeSkipCAVerification: 917 description: UnsafeSkipCAVerification allows token-based 918 discovery without CA verification via CACertHashes. 919 This can weaken the security of kubeadm since other 920 nodes can impersonate the control-plane. 921 type: boolean 922 required: 923 - token 924 type: object 925 file: 926 description: File is used to specify a file or URL to 927 a kubeconfig file from which to load cluster information 928 BootstrapToken and File are mutually exclusive 929 properties: 930 kubeConfigPath: 931 description: KubeConfigPath is used to specify the 932 actual file path or URL to the kubeconfig file from 933 which to load cluster information 934 type: string 935 required: 936 - kubeConfigPath 937 type: object 938 timeout: 939 description: Timeout modifies the discovery timeout 940 type: string 941 tlsBootstrapToken: 942 description: TLSBootstrapToken is a token used for TLS 943 bootstrapping. If .BootstrapToken is set, this field 944 is defaulted to .BootstrapToken.Token, but can be overridden. 945 If .File is set, this field **must be set** in case 946 the KubeConfigFile does not contain any other authentication 947 information 948 type: string 949 type: object 950 kind: 951 description: 'Kind is a string value representing the REST 952 resource this object represents. Servers may infer this 953 from the endpoint the client submits requests to. Cannot 954 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 955 type: string 956 nodeRegistration: 957 description: NodeRegistration holds fields that relate to 958 registering the new control-plane node to the cluster. When 959 used in the context of control plane nodes, NodeRegistration 960 should remain consistent across both InitConfiguration and 961 JoinConfiguration 962 properties: 963 criSocket: 964 description: CRISocket is used to retrieve container runtime 965 info. This information will be annotated to the Node 966 API object, for later re-use 967 type: string 968 ignorePreflightErrors: 969 description: IgnorePreflightErrors provides a slice of 970 pre-flight errors to be ignored when the current node 971 is registered. 972 items: 973 type: string 974 type: array 975 kubeletExtraArgs: 976 additionalProperties: 977 type: string 978 description: KubeletExtraArgs passes through extra arguments 979 to the kubelet. The arguments here are passed to the 980 kubelet command line via the environment file kubeadm 981 writes at runtime for the kubelet to source. This overrides 982 the generic base-level configuration in the kubelet-config-1.X 983 ConfigMap Flags have higher priority when parsing. These 984 values are local and specific to the node kubeadm is 985 executing on. 986 type: object 987 name: 988 description: Name is the `.Metadata.Name` field of the 989 Node API object that will be created in this `kubeadm 990 init` or `kubeadm join` operation. This field is also 991 used in the CommonName field of the kubelet's client 992 certificate to the API server. Defaults to the hostname 993 of the node if not provided. 994 type: string 995 taints: 996 description: 'Taints specifies the taints the Node API 997 object should be registered with. If this field is unset, 998 i.e. nil, in the `kubeadm init` process it will be defaulted 999 to []v1.Taint{''node-role.kubernetes.io/master=""''}. 1000 If you don''t want to taint your control-plane node, 1001 set this field to an empty slice, i.e. `taints: []` 1002 in the YAML file. This field is solely used for Node 1003 registration.' 1004 items: 1005 description: The node this Taint is attached to has 1006 the "effect" on any pod that does not tolerate the 1007 Taint. 1008 properties: 1009 effect: 1010 description: Required. The effect of the taint on 1011 pods that do not tolerate the taint. Valid effects 1012 are NoSchedule, PreferNoSchedule and NoExecute. 1013 type: string 1014 key: 1015 description: Required. The taint key to be applied 1016 to a node. 1017 type: string 1018 timeAdded: 1019 description: TimeAdded represents the time at which 1020 the taint was added. It is only written for NoExecute 1021 taints. 1022 format: date-time 1023 type: string 1024 value: 1025 description: The taint value corresponding to the 1026 taint key. 1027 type: string 1028 required: 1029 - effect 1030 - key 1031 type: object 1032 type: array 1033 type: object 1034 patches: 1035 description: Patches contains options related to applying 1036 patches to components deployed by kubeadm during "kubeadm 1037 join". The minimum kubernetes version needed to support 1038 Patches is v1.22 1039 properties: 1040 directory: 1041 description: Directory is a path to a directory that contains 1042 files named "target[suffix][+patchtype].extension". 1043 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". 1044 "target" can be one of "kube-apiserver", "kube-controller-manager", 1045 "kube-scheduler", "etcd". "patchtype" can be one of 1046 "strategic" "merge" or "json" and they match the patch 1047 formats supported by kubectl. The default "patchtype" 1048 is "strategic". "extension" must be either "json" or 1049 "yaml". "suffix" is an optional string that can be used 1050 to determine which patches are applied first alpha-numerically. 1051 These files can be written into the target directory 1052 via OCNEConfig.Files which specifies additional files 1053 to be created on the machine, either with content inline 1054 or by referencing a secret. 1055 type: string 1056 type: object 1057 skipPhases: 1058 description: SkipPhases is a list of phases to skip during 1059 command execution. The list of phases can be obtained with 1060 the "kubeadm init --help" command. This option takes effect 1061 only on Kubernetes >=1.22.0. 1062 items: 1063 type: string 1064 type: array 1065 type: object 1066 mounts: 1067 description: Mounts specifies a list of mount points to be setup. 1068 items: 1069 description: MountPoints defines input for generated mounts 1070 in cloud-init. 1071 items: 1072 type: string 1073 type: array 1074 type: array 1075 ntp: 1076 description: NTP specifies NTP configuration 1077 properties: 1078 enabled: 1079 description: Enabled specifies whether NTP should be enabled 1080 type: boolean 1081 servers: 1082 description: Servers specifies which NTP servers to use 1083 items: 1084 type: string 1085 type: array 1086 type: object 1087 postOCNECommands: 1088 description: PostOCNECommands specifies extra commands to run 1089 after kubeadm runs 1090 items: 1091 type: string 1092 type: array 1093 preOCNECommands: 1094 description: PreOCNECommands specifies extra commands to run before 1095 kubeadm runs 1096 items: 1097 type: string 1098 type: array 1099 useExperimentalRetryJoin: 1100 description: "UseExperimentalRetryJoin replaces a basic kubeadm 1101 command with a shell script with retries for joins. \n This 1102 is meant to be an experimental temporary workaround on some 1103 environments where joins fail due to timing (and other issues). 1104 The long term goal is to add retries to kubeadm proper and use 1105 that functionality. \n This will add about 40KB to userdata 1106 \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 1107 \n Deprecated: This experimental fix is no longer needed and 1108 this field will be removed in a future release. When removing 1109 also remove from staticcheck exclude-rules for SA1019 in golangci.yml" 1110 type: boolean 1111 users: 1112 description: Users specifies extra users to add 1113 items: 1114 description: User defines the input for a generated user in 1115 cloud-init. 1116 properties: 1117 gecos: 1118 description: Gecos specifies the gecos to use for the user 1119 type: string 1120 groups: 1121 description: Groups specifies the additional groups for 1122 the user 1123 type: string 1124 homeDir: 1125 description: HomeDir specifies the home directory to use 1126 for the user 1127 type: string 1128 inactive: 1129 description: Inactive specifies whether to mark the user 1130 as inactive 1131 type: boolean 1132 lockPassword: 1133 description: LockPassword specifies if password login should 1134 be disabled 1135 type: boolean 1136 name: 1137 description: Name specifies the user name 1138 type: string 1139 passwd: 1140 description: Passwd specifies a hashed password for the 1141 user 1142 type: string 1143 passwdFrom: 1144 description: PasswdFrom is a referenced source of passwd 1145 to populate the passwd. 1146 properties: 1147 secret: 1148 description: Secret represents a secret that should 1149 populate this password. 1150 properties: 1151 key: 1152 description: Key is the key in the secret's data 1153 map for this value. 1154 type: string 1155 name: 1156 description: Name of the secret in the KubeadmBootstrapConfig's 1157 namespace to use. 1158 type: string 1159 required: 1160 - key 1161 - name 1162 type: object 1163 required: 1164 - secret 1165 type: object 1166 primaryGroup: 1167 description: PrimaryGroup specifies the primary group for 1168 the user 1169 type: string 1170 shell: 1171 description: Shell specifies the user's shell 1172 type: string 1173 sshAuthorizedKeys: 1174 description: SSHAuthorizedKeys specifies a list of ssh authorized 1175 keys for the user 1176 items: 1177 type: string 1178 type: array 1179 sudo: 1180 description: Sudo specifies a sudo role for the user 1181 type: string 1182 required: 1183 - name 1184 type: object 1185 type: array 1186 verbosity: 1187 description: Verbosity is the number for the kubeadm log level 1188 verbosity. It overrides the `--v` flag in kubeadm commands. 1189 format: int32 1190 type: integer 1191 type: object 1192 machineTemplate: 1193 description: MachineTemplate contains information about how machines 1194 should be shaped when creating or updating a control plane. 1195 properties: 1196 infrastructureRef: 1197 description: InfrastructureRef is a required reference to a custom 1198 resource offered by an infrastructure provider. 1199 properties: 1200 apiVersion: 1201 description: API version of the referent. 1202 type: string 1203 fieldPath: 1204 description: 'If referring to a piece of an object instead 1205 of an entire object, this string should contain a valid 1206 JSON/Go field access statement, such as desiredState.manifest.containers[2]. 1207 For example, if the object reference is to a container within 1208 a pod, this would take on a value like: "spec.containers{name}" 1209 (where "name" refers to the name of the container that triggered 1210 the event) or if no container name is specified "spec.containers[2]" 1211 (container with index 2 in this pod). This syntax is chosen 1212 only to have some well-defined way of referencing a part 1213 of an object. TODO: this design is not final and this field 1214 is subject to change in the future.' 1215 type: string 1216 kind: 1217 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1218 type: string 1219 name: 1220 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 1221 type: string 1222 namespace: 1223 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 1224 type: string 1225 resourceVersion: 1226 description: 'Specific resourceVersion to which this reference 1227 is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 1228 type: string 1229 uid: 1230 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 1231 type: string 1232 type: object 1233 x-kubernetes-map-type: atomic 1234 metadata: 1235 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 1236 properties: 1237 annotations: 1238 additionalProperties: 1239 type: string 1240 description: 'Annotations is an unstructured key value map 1241 stored with a resource that may be set by external tools 1242 to store and retrieve arbitrary metadata. They are not queryable 1243 and should be preserved when modifying objects. More info: 1244 http://kubernetes.io/docs/user-guide/annotations' 1245 type: object 1246 labels: 1247 additionalProperties: 1248 type: string 1249 description: 'Map of string keys and values that can be used 1250 to organize and categorize (scope and select) objects. May 1251 match selectors of replication controllers and services. 1252 More info: http://kubernetes.io/docs/user-guide/labels' 1253 type: object 1254 type: object 1255 nodeDeletionTimeout: 1256 description: NodeDeletionTimeout defines how long the machine 1257 controller will attempt to delete the Node that the Machine 1258 hosts after the Machine is marked for deletion. A duration of 1259 0 will retry deletion indefinitely. If no value is provided, 1260 the default value for this property of the Machine resource 1261 will be used. 1262 type: string 1263 nodeDrainTimeout: 1264 description: 'NodeDrainTimeout is the total amount of time that 1265 the controller will spend on draining a controlplane node The 1266 default value is 0, meaning that the node can be drained without 1267 any time limitations. NOTE: NodeDrainTimeout is different from 1268 `kubectl drain --timeout`' 1269 type: string 1270 nodeVolumeDetachTimeout: 1271 description: NodeVolumeDetachTimeout is the total amount of time 1272 that the controller will spend on waiting for all volumes to 1273 be detached. The default value is 0, meaning that the volumes 1274 can be detached without any time limitations. 1275 type: string 1276 required: 1277 - infrastructureRef 1278 type: object 1279 moduleOperator: 1280 description: ModuleOperator deploys the OCNE module operator to the 1281 worker cluster post installation. 1282 properties: 1283 enabled: 1284 description: Enabled sets the operational mode for a specific 1285 module. if not set, the Enabled is set to false. 1286 type: boolean 1287 image: 1288 description: Image is used to set various attributes regarding 1289 a specific module. If not set, they are set as per the ImageMeta 1290 definitions. 1291 properties: 1292 pullPolicy: 1293 description: PullPolicy allows to specify an image pull policy 1294 for the container images. if not set, the PullPolicy is 1295 IfNotPresent. 1296 type: string 1297 repository: 1298 description: Repository sets the container registry to pull 1299 images from. if not set, the Repository defined in OCNEMeta 1300 will be used instead. 1301 type: string 1302 tag: 1303 description: Tag allows to specify a tag for the image. if 1304 not set, the Tag defined in OCNEMeta will be used instead. 1305 type: string 1306 type: object 1307 imagePullSecrets: 1308 description: ImagePullSecrets allows to specify secrets if the 1309 image is being pulled from an authenticated private registry. 1310 if not set, it will be assumed the images are public. 1311 items: 1312 properties: 1313 name: 1314 description: Name is name of the secret to be used as image 1315 pull secret 1316 type: string 1317 type: object 1318 type: array 1319 type: object 1320 replicas: 1321 description: Number of desired machines. Defaults to 1. When stacked 1322 etcd is used only odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). 1323 This is a pointer to distinguish between explicit zero and not specified. 1324 format: int32 1325 type: integer 1326 rolloutAfter: 1327 description: RolloutAfter is a field to indicate a rollout should 1328 be performed after the specified time even if no changes have been 1329 made to the OCNEControlPlane. 1330 format: date-time 1331 type: string 1332 rolloutBefore: 1333 description: RolloutBefore is a field to indicate a rollout should 1334 be performed if the specified criteria is met. 1335 properties: 1336 certificatesExpiryDays: 1337 description: CertificatesExpiryDays indicates a rollout needs 1338 to be performed if the certificates of the machine will expire 1339 within the specified days. 1340 format: int32 1341 type: integer 1342 type: object 1343 rolloutStrategy: 1344 default: 1345 rollingUpdate: 1346 maxSurge: 1 1347 type: RollingUpdate 1348 description: The RolloutStrategy to use to replace control plane machines 1349 with new ones. 1350 properties: 1351 rollingUpdate: 1352 description: Rolling update config params. Present only if RolloutStrategyType 1353 = RollingUpdate. 1354 properties: 1355 maxSurge: 1356 anyOf: 1357 - type: integer 1358 - type: string 1359 description: 'The maximum number of control planes that can 1360 be scheduled above or under the desired number of control 1361 planes. Value can be an absolute number 1 or 0. Defaults 1362 to 1. Example: when this is set to 1, the control plane 1363 can be scaled up immediately when the rolling update starts.' 1364 x-kubernetes-int-or-string: true 1365 type: object 1366 type: 1367 description: Type of rollout. Currently the only supported strategy 1368 is "RollingUpdate". Default is RollingUpdate. 1369 type: string 1370 type: object 1371 verrazzanoPlatformOperator: 1372 description: VerrazzanoPlatformOperator deploys the Verrazzano Platform 1373 operator to the worker cluster post installation. 1374 properties: 1375 enabled: 1376 description: Enabled sets the operational mode for a specific 1377 module. if not set, the Enabled is set to false. 1378 type: boolean 1379 image: 1380 description: Image is used to set various attributes regarding 1381 a specific module. If not set, they are set as per the ImageMeta 1382 definitions. 1383 properties: 1384 pullPolicy: 1385 description: PullPolicy allows to specify an image pull policy 1386 for the container images. if not set, the PullPolicy is 1387 IfNotPresent. 1388 type: string 1389 repository: 1390 description: Repository sets the container registry to pull 1391 images from. if not set, the Repository defined in OCNEMeta 1392 will be used instead. 1393 type: string 1394 tag: 1395 description: Tag allows to specify a tag for the image. if 1396 not set, the Tag defined in OCNEMeta will be used instead. 1397 type: string 1398 type: object 1399 imagePullSecrets: 1400 description: ImagePullSecrets allows to specify secrets if the 1401 image is being pulled from an authenticated private registry. 1402 if not set, it will be assumed the images are public. 1403 items: 1404 properties: 1405 name: 1406 description: Name is name of the secret to be used as image 1407 pull secret 1408 type: string 1409 type: object 1410 type: array 1411 privateRegistry: 1412 description: PrivateRegistry sets the private registry settings 1413 for installing Verrazzano. 1414 properties: 1415 enabled: 1416 description: Enabled sets a flag to determine if a private 1417 registry will be used when installing Verrazzano. if not 1418 set, the Enabled is set to false. 1419 type: boolean 1420 type: object 1421 type: object 1422 version: 1423 description: 'Version defines the desired Kubernetes version. Please 1424 note that if controlPlaneConfig.ClusterConfiguration.imageRepository 1425 is not set we don''t allow upgrades to versions >= v1.22.0 for which 1426 kubeadm uses the old registry (k8s.gcr.io). Please use a newer patch 1427 version with the new registry instead. The default registries of 1428 kubeadm are: * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, 1429 >= v1.24.9, >= v1.25.0 * k8s.gcr.io (old registry): all older versions' 1430 type: string 1431 required: 1432 - controlPlaneConfig 1433 - machineTemplate 1434 - version 1435 type: object 1436 status: 1437 description: OCNEControlPlaneStatus defines the observed state of OCNEControlPlane. 1438 properties: 1439 conditions: 1440 description: Conditions defines current service state of the OCNEControlPlane. 1441 items: 1442 description: Condition defines an observation of a Cluster API resource 1443 operational state. 1444 properties: 1445 lastTransitionTime: 1446 description: Last time the condition transitioned from one status 1447 to another. This should be when the underlying condition changed. 1448 If that is not known, then using the time when the API field 1449 changed is acceptable. 1450 format: date-time 1451 type: string 1452 message: 1453 description: A human readable message indicating details about 1454 the transition. This field may be empty. 1455 type: string 1456 reason: 1457 description: The reason for the condition's last transition 1458 in CamelCase. The specific API may choose whether or not this 1459 field is considered a guaranteed API. This field may not be 1460 empty. 1461 type: string 1462 severity: 1463 description: Severity provides an explicit classification of 1464 Reason code, so the users or machines can immediately understand 1465 the current situation and act accordingly. The Severity field 1466 MUST be set only when Status=False. 1467 type: string 1468 status: 1469 description: Status of the condition, one of True, False, Unknown. 1470 type: string 1471 type: 1472 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 1473 Many .condition.type values are consistent across resources 1474 like Available, but because arbitrary conditions can be useful 1475 (see .node.status.conditions), the ability to deconflict is 1476 important. 1477 type: string 1478 required: 1479 - lastTransitionTime 1480 - status 1481 - type 1482 type: object 1483 type: array 1484 failureMessage: 1485 description: ErrorMessage indicates that there is a terminal problem 1486 reconciling the state, and will be set to a descriptive error message. 1487 type: string 1488 failureReason: 1489 description: FailureReason indicates that there is a terminal problem 1490 reconciling the state, and will be set to a token value suitable 1491 for programmatic interpretation. 1492 type: string 1493 initialized: 1494 description: Initialized denotes whether or not the control plane 1495 has the uploaded kubeadm-config configmap. 1496 type: boolean 1497 observedGeneration: 1498 description: ObservedGeneration is the latest generation observed 1499 by the controller. 1500 format: int64 1501 type: integer 1502 ready: 1503 description: Ready denotes that the OCNEControlPlane API Server is 1504 ready to receive requests. 1505 type: boolean 1506 readyReplicas: 1507 description: Total number of fully running and ready control plane 1508 machines. 1509 format: int32 1510 type: integer 1511 replicas: 1512 description: Total number of non-terminated machines targeted by this 1513 control plane (their labels match the selector). 1514 format: int32 1515 type: integer 1516 selector: 1517 description: 'Selector is the label selector in string format to avoid 1518 introspection by clients, and is used to provide the CRD-based integration 1519 for the scale subresource and additional integrations for things 1520 like kubectl describe.. The string will be in the same format as 1521 the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' 1522 type: string 1523 unavailableReplicas: 1524 description: Total number of unavailable machines targeted by this 1525 control plane. This is the total number of machines that are still 1526 required for the deployment to have 100% available capacity. They 1527 may either be machines that are running but not yet ready or machines 1528 that still have not been created. 1529 format: int32 1530 type: integer 1531 updatedReplicas: 1532 description: Total number of non-terminated machines targeted by this 1533 control plane that have the desired template spec. 1534 format: int32 1535 type: integer 1536 version: 1537 description: Version represents the minimum Kubernetes version for 1538 the control plane machines in the cluster. 1539 type: string 1540 type: object 1541 type: object 1542 served: true 1543 storage: true 1544 subresources: 1545 scale: 1546 labelSelectorPath: .status.selector 1547 specReplicasPath: .spec.replicas 1548 statusReplicasPath: .status.replicas 1549 status: {} 1550 --- 1551 apiVersion: apiextensions.k8s.io/v1 1552 kind: CustomResourceDefinition 1553 metadata: 1554 annotations: 1555 cert-manager.io/inject-ca-from: capi-ocne-control-plane-system/capi-ocne-control-plane-serving-cert 1556 controller-gen.kubebuilder.io/version: v0.10.0 1557 labels: 1558 cluster.x-k8s.io/provider: control-plane-ocne 1559 cluster.x-k8s.io/v1beta1: v1alpha1 1560 name: ocnecontrolplanetemplates.controlplane.cluster.x-k8s.io 1561 spec: 1562 conversion: 1563 strategy: Webhook 1564 webhook: 1565 clientConfig: 1566 caBundle: Cg== 1567 service: 1568 name: capi-ocne-control-plane-webhook-service 1569 namespace: capi-ocne-control-plane-system 1570 path: /convert 1571 conversionReviewVersions: 1572 - v1 1573 - v1beta1 1574 group: controlplane.cluster.x-k8s.io 1575 names: 1576 categories: 1577 - cluster-api 1578 kind: OCNEControlPlaneTemplate 1579 listKind: OCNEControlPlaneTemplateList 1580 plural: ocnecontrolplanetemplates 1581 singular: ocnecontrolplanetemplate 1582 scope: Namespaced 1583 versions: 1584 - additionalPrinterColumns: 1585 - description: Time duration since creation of OCNEControlPlaneTemplate 1586 jsonPath: .metadata.creationTimestamp 1587 name: Age 1588 type: date 1589 name: v1alpha1 1590 schema: 1591 openAPIV3Schema: 1592 description: OCNEControlPlaneTemplate is the Schema for the ocnecontrolplanetemplates 1593 API. 1594 properties: 1595 apiVersion: 1596 description: 'APIVersion defines the versioned schema of this representation 1597 of an object. Servers should convert recognized schemas to the latest 1598 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1599 type: string 1600 kind: 1601 description: 'Kind is a string value representing the REST resource this 1602 object represents. Servers may infer this from the endpoint the client 1603 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1604 type: string 1605 metadata: 1606 type: object 1607 spec: 1608 description: OCNEControlPlaneTemplateSpec defines the desired state of 1609 OCNEControlPlaneTemplate. 1610 properties: 1611 template: 1612 description: OCNEControlPlaneTemplateResource describes the data needed 1613 to create a OCNEControlPlane from a template. 1614 properties: 1615 spec: 1616 description: 'OCNEControlPlaneTemplateResourceSpec defines the 1617 desired state of OCNEControlPlane. NOTE: OCNEControlPlaneTemplateResourceSpec 1618 is similar to OCNEControlPlaneSpec but omits Replicas and Version 1619 fields. These fields do not make sense on the OCNEControlPlaneTemplate, 1620 because they are calculated by the Cluster topology reconciler 1621 during reconciliation and thus cannot be configured on the OCNEControlPlaneTemplate.' 1622 properties: 1623 controlPlaneConfig: 1624 description: OCNEConfigSpec is a OCNEConfigSpec to use for 1625 initializing and joining machines to the control plane. 1626 properties: 1627 clusterConfiguration: 1628 description: ClusterConfiguration along with InitConfiguration 1629 are the configurations necessary for the init command 1630 properties: 1631 apiServer: 1632 description: APIServer contains extra settings for 1633 the API server control plane component 1634 properties: 1635 certSANs: 1636 description: CertSANs sets extra Subject Alternative 1637 Names for the API Server signing cert. 1638 items: 1639 type: string 1640 type: array 1641 extraArgs: 1642 additionalProperties: 1643 type: string 1644 description: 'ExtraArgs is an extra set of flags 1645 to pass to the control plane component. TODO: 1646 This is temporary and ideally we would like 1647 to switch all components to use ComponentConfig 1648 + ConfigMaps.' 1649 type: object 1650 extraVolumes: 1651 description: ExtraVolumes is an extra set of host 1652 volumes, mounted to the control plane component. 1653 items: 1654 description: HostPathMount contains elements 1655 describing volumes that are mounted from the 1656 host. 1657 properties: 1658 hostPath: 1659 description: HostPath is the path in the 1660 host that will be mounted inside the pod. 1661 type: string 1662 mountPath: 1663 description: MountPath is the path inside 1664 the pod where hostPath will be mounted. 1665 type: string 1666 name: 1667 description: Name of the volume inside the 1668 pod template. 1669 type: string 1670 pathType: 1671 description: PathType is the type of the 1672 HostPath. 1673 type: string 1674 readOnly: 1675 description: ReadOnly controls write access 1676 to the volume 1677 type: boolean 1678 required: 1679 - hostPath 1680 - mountPath 1681 - name 1682 type: object 1683 type: array 1684 timeoutForControlPlane: 1685 description: TimeoutForControlPlane controls the 1686 timeout that we use for API server to appear 1687 type: string 1688 type: object 1689 apiVersion: 1690 description: 'APIVersion defines the versioned schema 1691 of this representation of an object. Servers should 1692 convert recognized schemas to the latest internal 1693 value, and may reject unrecognized values. More 1694 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1695 type: string 1696 certificatesDir: 1697 description: 'CertificatesDir specifies where to store 1698 or look for all required certificates. NB: if not 1699 provided, this will default to `/etc/kubernetes/pki`' 1700 type: string 1701 clusterName: 1702 description: The cluster name 1703 type: string 1704 controlPlaneEndpoint: 1705 description: 'ControlPlaneEndpoint sets a stable IP 1706 address or DNS name for the control plane; it can 1707 be a valid IP address or a RFC-1123 DNS subdomain, 1708 both with optional TCP port. In case the ControlPlaneEndpoint 1709 is not specified, the AdvertiseAddress + BindPort 1710 are used; in case the ControlPlaneEndpoint is specified 1711 but without a TCP port, the BindPort is used. Possible 1712 usages are: e.g. In a cluster with more than one 1713 control plane instances, this field should be assigned 1714 the address of the external load balancer in front 1715 of the control plane instances. e.g. in environments 1716 with enforced node recycling, the ControlPlaneEndpoint 1717 could be used for assigning a stable DNS to the 1718 control plane. NB: This value defaults to the first 1719 value in the Cluster object status.apiEndpoints 1720 array.' 1721 type: string 1722 controllerManager: 1723 description: ControllerManager contains extra settings 1724 for the controller manager control plane component 1725 properties: 1726 extraArgs: 1727 additionalProperties: 1728 type: string 1729 description: 'ExtraArgs is an extra set of flags 1730 to pass to the control plane component. TODO: 1731 This is temporary and ideally we would like 1732 to switch all components to use ComponentConfig 1733 + ConfigMaps.' 1734 type: object 1735 extraVolumes: 1736 description: ExtraVolumes is an extra set of host 1737 volumes, mounted to the control plane component. 1738 items: 1739 description: HostPathMount contains elements 1740 describing volumes that are mounted from the 1741 host. 1742 properties: 1743 hostPath: 1744 description: HostPath is the path in the 1745 host that will be mounted inside the pod. 1746 type: string 1747 mountPath: 1748 description: MountPath is the path inside 1749 the pod where hostPath will be mounted. 1750 type: string 1751 name: 1752 description: Name of the volume inside the 1753 pod template. 1754 type: string 1755 pathType: 1756 description: PathType is the type of the 1757 HostPath. 1758 type: string 1759 readOnly: 1760 description: ReadOnly controls write access 1761 to the volume 1762 type: boolean 1763 required: 1764 - hostPath 1765 - mountPath 1766 - name 1767 type: object 1768 type: array 1769 type: object 1770 dns: 1771 description: DNS defines the options for the DNS add-on 1772 installed in the cluster. 1773 properties: 1774 imageRepository: 1775 description: ImageRepository sets the container 1776 registry to pull images from. if not set, the 1777 ImageRepository defined in ClusterConfiguration 1778 will be used instead. 1779 type: string 1780 imageTag: 1781 description: ImageTag allows to specify a tag 1782 for the image. In case this value is set, kubeadm 1783 does not change automatically the version of 1784 the above components during upgrades. 1785 type: string 1786 type: object 1787 etcd: 1788 description: 'Etcd holds configuration for etcd. NB: 1789 This value defaults to a Local (stacked) etcd' 1790 properties: 1791 external: 1792 description: External describes how to connect 1793 to an external etcd cluster Local and External 1794 are mutually exclusive 1795 properties: 1796 caFile: 1797 description: CAFile is an SSL Certificate 1798 Authority file used to secure etcd communication. 1799 Required if using a TLS connection. 1800 type: string 1801 certFile: 1802 description: CertFile is an SSL certification 1803 file used to secure etcd communication. 1804 Required if using a TLS connection. 1805 type: string 1806 endpoints: 1807 description: Endpoints of etcd members. Required 1808 for ExternalEtcd. 1809 items: 1810 type: string 1811 type: array 1812 keyFile: 1813 description: KeyFile is an SSL key file used 1814 to secure etcd communication. Required if 1815 using a TLS connection. 1816 type: string 1817 required: 1818 - caFile 1819 - certFile 1820 - endpoints 1821 - keyFile 1822 type: object 1823 local: 1824 description: Local provides configuration knobs 1825 for configuring the local etcd instance Local 1826 and External are mutually exclusive 1827 properties: 1828 dataDir: 1829 description: DataDir is the directory etcd 1830 will place its data. Defaults to "/var/lib/etcd". 1831 type: string 1832 extraArgs: 1833 additionalProperties: 1834 type: string 1835 description: ExtraArgs are extra arguments 1836 provided to the etcd binary when run inside 1837 a static pod. 1838 type: object 1839 imageRepository: 1840 description: ImageRepository sets the container 1841 registry to pull images from. if not set, 1842 the ImageRepository defined in ClusterConfiguration 1843 will be used instead. 1844 type: string 1845 imageTag: 1846 description: ImageTag allows to specify a 1847 tag for the image. In case this value is 1848 set, kubeadm does not change automatically 1849 the version of the above components during 1850 upgrades. 1851 type: string 1852 peerCertSANs: 1853 description: PeerCertSANs sets extra Subject 1854 Alternative Names for the etcd peer signing 1855 cert. 1856 items: 1857 type: string 1858 type: array 1859 serverCertSANs: 1860 description: ServerCertSANs sets extra Subject 1861 Alternative Names for the etcd server signing 1862 cert. 1863 items: 1864 type: string 1865 type: array 1866 type: object 1867 type: object 1868 featureGates: 1869 additionalProperties: 1870 type: boolean 1871 description: FeatureGates enabled by the user. 1872 type: object 1873 imageRepository: 1874 description: 'ImageRepository sets the container registry 1875 to pull images from. * If not set, the default registry 1876 of kubeadm will be used, i.e. * registry.k8s.io 1877 (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, 1878 >= v1.25.0 * k8s.gcr.io (old registry): all older 1879 versions Please note that when imageRepository is 1880 not set we don''t allow upgrades to versions >= 1881 v1.22.0 which use the old registry (k8s.gcr.io). 1882 Please use a newer patch version with the new registry 1883 instead (i.e. >= v1.22.17, >= v1.23.15, >= v1.24.9, 1884 >= v1.25.0). * If the version is a CI build (kubernetes 1885 version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` 1886 will be used as a default for control plane components 1887 and for kube-proxy, while `registry.k8s.io` will 1888 be used for all the other images.' 1889 type: string 1890 kind: 1891 description: 'Kind is a string value representing 1892 the REST resource this object represents. Servers 1893 may infer this from the endpoint the client submits 1894 requests to. Cannot be updated. In CamelCase. More 1895 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1896 type: string 1897 kubernetesVersion: 1898 description: 'KubernetesVersion is the target version 1899 of the control plane. NB: This value defaults to 1900 the Machine object spec.version' 1901 type: string 1902 networking: 1903 description: 'Networking holds configuration for the 1904 networking topology of the cluster. NB: This value 1905 defaults to the Cluster object spec.clusterNetwork.' 1906 properties: 1907 dnsDomain: 1908 description: DNSDomain is the dns domain used 1909 by k8s services. Defaults to "cluster.local". 1910 type: string 1911 podSubnet: 1912 description: PodSubnet is the subnet used by pods. 1913 If unset, the API server will not allocate CIDR 1914 ranges for every node. Defaults to a comma-delimited 1915 string of the Cluster object's spec.clusterNetwork.services.cidrBlocks 1916 if that is set 1917 type: string 1918 serviceSubnet: 1919 description: ServiceSubnet is the subnet used 1920 by k8s services. Defaults to a comma-delimited 1921 string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, 1922 or to "10.96.0.0/12" if that's unset. 1923 type: string 1924 type: object 1925 scheduler: 1926 description: Scheduler contains extra settings for 1927 the scheduler control plane component 1928 properties: 1929 extraArgs: 1930 additionalProperties: 1931 type: string 1932 description: 'ExtraArgs is an extra set of flags 1933 to pass to the control plane component. TODO: 1934 This is temporary and ideally we would like 1935 to switch all components to use ComponentConfig 1936 + ConfigMaps.' 1937 type: object 1938 extraVolumes: 1939 description: ExtraVolumes is an extra set of host 1940 volumes, mounted to the control plane component. 1941 items: 1942 description: HostPathMount contains elements 1943 describing volumes that are mounted from the 1944 host. 1945 properties: 1946 hostPath: 1947 description: HostPath is the path in the 1948 host that will be mounted inside the pod. 1949 type: string 1950 mountPath: 1951 description: MountPath is the path inside 1952 the pod where hostPath will be mounted. 1953 type: string 1954 name: 1955 description: Name of the volume inside the 1956 pod template. 1957 type: string 1958 pathType: 1959 description: PathType is the type of the 1960 HostPath. 1961 type: string 1962 readOnly: 1963 description: ReadOnly controls write access 1964 to the volume 1965 type: boolean 1966 required: 1967 - hostPath 1968 - mountPath 1969 - name 1970 type: object 1971 type: array 1972 type: object 1973 type: object 1974 diskSetup: 1975 description: DiskSetup specifies options for the creation 1976 of partition tables and file systems on devices. 1977 properties: 1978 filesystems: 1979 description: Filesystems specifies the list of file 1980 systems to setup. 1981 items: 1982 description: Filesystem defines the file systems 1983 to be created. 1984 properties: 1985 device: 1986 description: Device specifies the device name 1987 type: string 1988 extraOpts: 1989 description: ExtraOpts defined extra options 1990 to add to the command for creating the file 1991 system. 1992 items: 1993 type: string 1994 type: array 1995 filesystem: 1996 description: Filesystem specifies the file system 1997 type. 1998 type: string 1999 label: 2000 description: Label specifies the file system 2001 label to be used. If set to None, no label 2002 is used. 2003 type: string 2004 overwrite: 2005 description: Overwrite defines whether or not 2006 to overwrite any existing filesystem. If true, 2007 any pre-existing file system will be destroyed. 2008 Use with Caution. 2009 type: boolean 2010 partition: 2011 description: 'Partition specifies the partition 2012 to use. The valid options are: "auto|any", 2013 "auto", "any", "none", and <NUM>, where NUM 2014 is the actual partition number.' 2015 type: string 2016 replaceFS: 2017 description: 'ReplaceFS is a special directive, 2018 used for Microsoft Azure that instructs cloud-init 2019 to replace a file system of <FS_TYPE>. NOTE: 2020 unless you define a label, this requires the 2021 use of the ''any'' partition directive.' 2022 type: string 2023 required: 2024 - device 2025 - filesystem 2026 - label 2027 type: object 2028 type: array 2029 partitions: 2030 description: Partitions specifies the list of the 2031 partitions to setup. 2032 items: 2033 description: Partition defines how to create and 2034 layout a partition. 2035 properties: 2036 device: 2037 description: Device is the name of the device. 2038 type: string 2039 layout: 2040 description: Layout specifies the device layout. 2041 If it is true, a single partition will be 2042 created for the entire device. When layout 2043 is false, it means don't partition or ignore 2044 existing partitioning. 2045 type: boolean 2046 overwrite: 2047 description: Overwrite describes whether to 2048 skip checks and create the partition if a 2049 partition or filesystem is found on the device. 2050 Use with caution. Default is 'false'. 2051 type: boolean 2052 tableType: 2053 description: 'TableType specifies the tupe of 2054 partition table. The following are supported: 2055 ''mbr'': default and setups a MS-DOS partition 2056 table ''gpt'': setups a GPT partition table' 2057 type: string 2058 required: 2059 - device 2060 - layout 2061 type: object 2062 type: array 2063 type: object 2064 files: 2065 description: Files specifies extra files to be passed 2066 to user_data upon creation. 2067 items: 2068 description: File defines the input for generating write_files 2069 in cloud-init. 2070 properties: 2071 append: 2072 description: Append specifies whether to append 2073 Content to existing file if Path exists. 2074 type: boolean 2075 content: 2076 description: Content is the actual content of the 2077 file. 2078 type: string 2079 contentFrom: 2080 description: ContentFrom is a referenced source 2081 of content to populate the file. 2082 properties: 2083 secret: 2084 description: Secret represents a secret that 2085 should populate this file. 2086 properties: 2087 key: 2088 description: Key is the key in the secret's 2089 data map for this value. 2090 type: string 2091 name: 2092 description: Name of the secret in the KubeadmBootstrapConfig's 2093 namespace to use. 2094 type: string 2095 required: 2096 - key 2097 - name 2098 type: object 2099 required: 2100 - secret 2101 type: object 2102 encoding: 2103 description: Encoding specifies the encoding of 2104 the file contents. 2105 enum: 2106 - base64 2107 - gzip 2108 - gzip+base64 2109 type: string 2110 owner: 2111 description: Owner specifies the ownership of the 2112 file, e.g. "root:root". 2113 type: string 2114 path: 2115 description: Path specifies the full path on disk 2116 where to store the file. 2117 type: string 2118 permissions: 2119 description: Permissions specifies the permissions 2120 to assign to the file, e.g. "0640". 2121 type: string 2122 required: 2123 - path 2124 type: object 2125 type: array 2126 format: 2127 description: Format specifies the output format of the 2128 bootstrap data 2129 enum: 2130 - cloud-config 2131 - ignition 2132 type: string 2133 ignition: 2134 description: Ignition contains Ignition specific configuration. 2135 properties: 2136 containerLinuxConfig: 2137 description: ContainerLinuxConfig contains CLC specific 2138 configuration. 2139 properties: 2140 additionalConfig: 2141 description: "AdditionalConfig contains additional 2142 configuration to be merged with the Ignition 2143 configuration generated by the bootstrapper 2144 controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 2145 \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" 2146 type: string 2147 strict: 2148 description: Strict controls if AdditionalConfig 2149 should be strictly parsed. If so, warnings are 2150 treated as errors. 2151 type: boolean 2152 type: object 2153 type: object 2154 imageConfiguration: 2155 description: ImageConfiguration contains configuration 2156 required for the base image. 2157 properties: 2158 dependencies: 2159 description: Dependencies contains details about dependencies 2160 on the image that can be configured at boot time. 2161 properties: 2162 skipInstall: 2163 description: SkipInstall is the flag that can 2164 be used to tell the provider to skip install 2165 of OCNE dependencies. The value, if set to true, 2166 will be used to skip the overrides installation 2167 on OCNEConfigSpec. By default, this value is 2168 false. 2169 type: boolean 2170 type: object 2171 proxy: 2172 description: Proxy contains proxy server info that 2173 may be required for installing dependencies. The 2174 value, if specified is used in conjunction with 2175 preOCNECommands to install and configure repositories. 2176 properties: 2177 httpProxy: 2178 description: HttpProxy contains http proxy server 2179 info that may be required for installing dependencies. 2180 The value, if specified is used in conjunction 2181 with preOCNECommands to install and configure 2182 repositories. 2183 type: string 2184 httpsProxy: 2185 description: HttpsProxy contains https proxy server 2186 info that may be required for installing dependencies. 2187 The value, if specified is used in conjunction 2188 with preOCNECommands to install and configure 2189 repositories. 2190 type: string 2191 noProxy: 2192 description: NoProxy contains addresses that needs 2193 to be skipped when proxy server is being used. 2194 The value, if specified is used in conjunction 2195 with preOCNECommands to install and configure 2196 repositories. 2197 type: string 2198 type: object 2199 type: object 2200 initConfiguration: 2201 description: InitConfiguration along with ClusterConfiguration 2202 are the configurations necessary for the init command 2203 properties: 2204 apiVersion: 2205 description: 'APIVersion defines the versioned schema 2206 of this representation of an object. Servers should 2207 convert recognized schemas to the latest internal 2208 value, and may reject unrecognized values. More 2209 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2210 type: string 2211 bootstrapTokens: 2212 description: BootstrapTokens is respected at `kubeadm 2213 init` time and describes a set of Bootstrap Tokens 2214 to create. This information IS NOT uploaded to the 2215 kubeadm cluster configmap, partly because of its 2216 sensitive nature 2217 items: 2218 description: BootstrapToken describes one bootstrap 2219 token, stored as a Secret in the cluster. 2220 properties: 2221 description: 2222 description: Description sets a human-friendly 2223 message why this token exists and what it's 2224 used for, so other administrators can know 2225 its purpose. 2226 type: string 2227 expires: 2228 description: Expires specifies the timestamp 2229 when this token expires. Defaults to being 2230 set dynamically at runtime based on the TTL. 2231 Expires and TTL are mutually exclusive. 2232 format: date-time 2233 type: string 2234 groups: 2235 description: Groups specifies the extra groups 2236 that this token will authenticate as when/if 2237 used for authentication 2238 items: 2239 type: string 2240 type: array 2241 token: 2242 description: Token is used for establishing 2243 bidirectional trust between nodes and control-planes. 2244 Used for joining nodes in the cluster. 2245 type: string 2246 ttl: 2247 description: TTL defines the time to live for 2248 this token. Defaults to 24h. Expires and TTL 2249 are mutually exclusive. 2250 type: string 2251 usages: 2252 description: Usages describes the ways in which 2253 this token can be used. Can by default be 2254 used for establishing bidirectional trust, 2255 but that can be changed here. 2256 items: 2257 type: string 2258 type: array 2259 required: 2260 - token 2261 type: object 2262 type: array 2263 kind: 2264 description: 'Kind is a string value representing 2265 the REST resource this object represents. Servers 2266 may infer this from the endpoint the client submits 2267 requests to. Cannot be updated. In CamelCase. More 2268 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2269 type: string 2270 localAPIEndpoint: 2271 description: LocalAPIEndpoint represents the endpoint 2272 of the API server instance that's deployed on this 2273 control plane node In HA setups, this differs from 2274 ClusterConfiguration.ControlPlaneEndpoint in the 2275 sense that ControlPlaneEndpoint is the global endpoint 2276 for the cluster, which then loadbalances the requests 2277 to each individual API server. This configuration 2278 object lets you customize what IP/DNS name and port 2279 the local API server advertises it's accessible 2280 on. By default, kubeadm tries to auto-detect the 2281 IP of the default interface and use that, but in 2282 case that process fails you may set the desired 2283 value here. 2284 properties: 2285 advertiseAddress: 2286 description: AdvertiseAddress sets the IP address 2287 for the API server to advertise. 2288 type: string 2289 bindPort: 2290 description: BindPort sets the secure port for 2291 the API Server to bind to. Defaults to 6443. 2292 format: int32 2293 type: integer 2294 type: object 2295 nodeRegistration: 2296 description: NodeRegistration holds fields that relate 2297 to registering the new control-plane node to the 2298 cluster. When used in the context of control plane 2299 nodes, NodeRegistration should remain consistent 2300 across both InitConfiguration and JoinConfiguration 2301 properties: 2302 criSocket: 2303 description: CRISocket is used to retrieve container 2304 runtime info. This information will be annotated 2305 to the Node API object, for later re-use 2306 type: string 2307 ignorePreflightErrors: 2308 description: IgnorePreflightErrors provides a 2309 slice of pre-flight errors to be ignored when 2310 the current node is registered. 2311 items: 2312 type: string 2313 type: array 2314 kubeletExtraArgs: 2315 additionalProperties: 2316 type: string 2317 description: KubeletExtraArgs passes through extra 2318 arguments to the kubelet. The arguments here 2319 are passed to the kubelet command line via the 2320 environment file kubeadm writes at runtime for 2321 the kubelet to source. This overrides the generic 2322 base-level configuration in the kubelet-config-1.X 2323 ConfigMap Flags have higher priority when parsing. 2324 These values are local and specific to the node 2325 kubeadm is executing on. 2326 type: object 2327 name: 2328 description: Name is the `.Metadata.Name` field 2329 of the Node API object that will be created 2330 in this `kubeadm init` or `kubeadm join` operation. 2331 This field is also used in the CommonName field 2332 of the kubelet's client certificate to the API 2333 server. Defaults to the hostname of the node 2334 if not provided. 2335 type: string 2336 taints: 2337 description: 'Taints specifies the taints the 2338 Node API object should be registered with. If 2339 this field is unset, i.e. nil, in the `kubeadm 2340 init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 2341 If you don''t want to taint your control-plane 2342 node, set this field to an empty slice, i.e. 2343 `taints: []` in the YAML file. This field is 2344 solely used for Node registration.' 2345 items: 2346 description: The node this Taint is attached 2347 to has the "effect" on any pod that does not 2348 tolerate the Taint. 2349 properties: 2350 effect: 2351 description: Required. The effect of the 2352 taint on pods that do not tolerate the 2353 taint. Valid effects are NoSchedule, PreferNoSchedule 2354 and NoExecute. 2355 type: string 2356 key: 2357 description: Required. The taint key to 2358 be applied to a node. 2359 type: string 2360 timeAdded: 2361 description: TimeAdded represents the time 2362 at which the taint was added. It is only 2363 written for NoExecute taints. 2364 format: date-time 2365 type: string 2366 value: 2367 description: The taint value corresponding 2368 to the taint key. 2369 type: string 2370 required: 2371 - effect 2372 - key 2373 type: object 2374 type: array 2375 type: object 2376 patches: 2377 description: Patches contains options related to applying 2378 patches to components deployed by kubeadm during 2379 "kubeadm init". The minimum kubernetes version needed 2380 to support Patches is v1.22 2381 properties: 2382 directory: 2383 description: Directory is a path to a directory 2384 that contains files named "target[suffix][+patchtype].extension". 2385 For example, "kube-apiserver0+merge.yaml" or 2386 just "etcd.json". "target" can be one of "kube-apiserver", 2387 "kube-controller-manager", "kube-scheduler", 2388 "etcd". "patchtype" can be one of "strategic" 2389 "merge" or "json" and they match the patch formats 2390 supported by kubectl. The default "patchtype" 2391 is "strategic". "extension" must be either "json" 2392 or "yaml". "suffix" is an optional string that 2393 can be used to determine which patches are applied 2394 first alpha-numerically. These files can be 2395 written into the target directory via OCNEConfig.Files 2396 which specifies additional files to be created 2397 on the machine, either with content inline or 2398 by referencing a secret. 2399 type: string 2400 type: object 2401 skipPhases: 2402 description: SkipPhases is a list of phases to skip 2403 during command execution. The list of phases can 2404 be obtained with the "kubeadm init --help" command. 2405 This option takes effect only on Kubernetes >=1.22.0. 2406 items: 2407 type: string 2408 type: array 2409 type: object 2410 joinConfiguration: 2411 description: JoinConfiguration is the kubeadm configuration 2412 for the join command 2413 properties: 2414 apiVersion: 2415 description: 'APIVersion defines the versioned schema 2416 of this representation of an object. Servers should 2417 convert recognized schemas to the latest internal 2418 value, and may reject unrecognized values. More 2419 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2420 type: string 2421 caCertPath: 2422 description: 'CACertPath is the path to the SSL certificate 2423 authority used to secure comunications between node 2424 and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 2425 TODO: revisit when there is defaulting from k/k' 2426 type: string 2427 controlPlane: 2428 description: ControlPlane defines the additional control 2429 plane instance to be deployed on the joining node. 2430 If nil, no additional control plane instance will 2431 be deployed. 2432 properties: 2433 localAPIEndpoint: 2434 description: LocalAPIEndpoint represents the endpoint 2435 of the API server instance to be deployed on 2436 this node. 2437 properties: 2438 advertiseAddress: 2439 description: AdvertiseAddress sets the IP 2440 address for the API server to advertise. 2441 type: string 2442 bindPort: 2443 description: BindPort sets the secure port 2444 for the API Server to bind to. Defaults 2445 to 6443. 2446 format: int32 2447 type: integer 2448 type: object 2449 type: object 2450 discovery: 2451 description: 'Discovery specifies the options for 2452 the kubelet to use during the TLS Bootstrap process 2453 TODO: revisit when there is defaulting from k/k' 2454 properties: 2455 bootstrapToken: 2456 description: BootstrapToken is used to set the 2457 options for bootstrap token based discovery 2458 BootstrapToken and File are mutually exclusive 2459 properties: 2460 apiServerEndpoint: 2461 description: APIServerEndpoint is an IP or 2462 domain name to the API server from which 2463 info will be fetched. 2464 type: string 2465 caCertHashes: 2466 description: 'CACertHashes specifies a set 2467 of public key pins to verify when token-based 2468 discovery is used. The root CA found during 2469 discovery must match one of these values. 2470 Specifying an empty set disables root CA 2471 pinning, which can be unsafe. Each hash 2472 is specified as "<type>:<value>", where 2473 the only currently supported type is "sha256". 2474 This is a hex-encoded SHA-256 hash of the 2475 Subject Public Key Info (SPKI) object in 2476 DER-encoded ASN.1. These hashes can be calculated 2477 using, for example, OpenSSL: openssl x509 2478 -pubkey -in ca.crt openssl rsa -pubin -outform 2479 der 2>&/dev/null | openssl dgst -sha256 2480 -hex' 2481 items: 2482 type: string 2483 type: array 2484 token: 2485 description: Token is a token used to validate 2486 cluster information fetched from the control-plane. 2487 type: string 2488 unsafeSkipCAVerification: 2489 description: UnsafeSkipCAVerification allows 2490 token-based discovery without CA verification 2491 via CACertHashes. This can weaken the security 2492 of kubeadm since other nodes can impersonate 2493 the control-plane. 2494 type: boolean 2495 required: 2496 - token 2497 type: object 2498 file: 2499 description: File is used to specify a file or 2500 URL to a kubeconfig file from which to load 2501 cluster information BootstrapToken and File 2502 are mutually exclusive 2503 properties: 2504 kubeConfigPath: 2505 description: KubeConfigPath is used to specify 2506 the actual file path or URL to the kubeconfig 2507 file from which to load cluster information 2508 type: string 2509 required: 2510 - kubeConfigPath 2511 type: object 2512 timeout: 2513 description: Timeout modifies the discovery timeout 2514 type: string 2515 tlsBootstrapToken: 2516 description: TLSBootstrapToken is a token used 2517 for TLS bootstrapping. If .BootstrapToken is 2518 set, this field is defaulted to .BootstrapToken.Token, 2519 but can be overridden. If .File is set, this 2520 field **must be set** in case the KubeConfigFile 2521 does not contain any other authentication information 2522 type: string 2523 type: object 2524 kind: 2525 description: 'Kind is a string value representing 2526 the REST resource this object represents. Servers 2527 may infer this from the endpoint the client submits 2528 requests to. Cannot be updated. In CamelCase. More 2529 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2530 type: string 2531 nodeRegistration: 2532 description: NodeRegistration holds fields that relate 2533 to registering the new control-plane node to the 2534 cluster. When used in the context of control plane 2535 nodes, NodeRegistration should remain consistent 2536 across both InitConfiguration and JoinConfiguration 2537 properties: 2538 criSocket: 2539 description: CRISocket is used to retrieve container 2540 runtime info. This information will be annotated 2541 to the Node API object, for later re-use 2542 type: string 2543 ignorePreflightErrors: 2544 description: IgnorePreflightErrors provides a 2545 slice of pre-flight errors to be ignored when 2546 the current node is registered. 2547 items: 2548 type: string 2549 type: array 2550 kubeletExtraArgs: 2551 additionalProperties: 2552 type: string 2553 description: KubeletExtraArgs passes through extra 2554 arguments to the kubelet. The arguments here 2555 are passed to the kubelet command line via the 2556 environment file kubeadm writes at runtime for 2557 the kubelet to source. This overrides the generic 2558 base-level configuration in the kubelet-config-1.X 2559 ConfigMap Flags have higher priority when parsing. 2560 These values are local and specific to the node 2561 kubeadm is executing on. 2562 type: object 2563 name: 2564 description: Name is the `.Metadata.Name` field 2565 of the Node API object that will be created 2566 in this `kubeadm init` or `kubeadm join` operation. 2567 This field is also used in the CommonName field 2568 of the kubelet's client certificate to the API 2569 server. Defaults to the hostname of the node 2570 if not provided. 2571 type: string 2572 taints: 2573 description: 'Taints specifies the taints the 2574 Node API object should be registered with. If 2575 this field is unset, i.e. nil, in the `kubeadm 2576 init` process it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 2577 If you don''t want to taint your control-plane 2578 node, set this field to an empty slice, i.e. 2579 `taints: []` in the YAML file. This field is 2580 solely used for Node registration.' 2581 items: 2582 description: The node this Taint is attached 2583 to has the "effect" on any pod that does not 2584 tolerate the Taint. 2585 properties: 2586 effect: 2587 description: Required. The effect of the 2588 taint on pods that do not tolerate the 2589 taint. Valid effects are NoSchedule, PreferNoSchedule 2590 and NoExecute. 2591 type: string 2592 key: 2593 description: Required. The taint key to 2594 be applied to a node. 2595 type: string 2596 timeAdded: 2597 description: TimeAdded represents the time 2598 at which the taint was added. It is only 2599 written for NoExecute taints. 2600 format: date-time 2601 type: string 2602 value: 2603 description: The taint value corresponding 2604 to the taint key. 2605 type: string 2606 required: 2607 - effect 2608 - key 2609 type: object 2610 type: array 2611 type: object 2612 patches: 2613 description: Patches contains options related to applying 2614 patches to components deployed by kubeadm during 2615 "kubeadm join". The minimum kubernetes version needed 2616 to support Patches is v1.22 2617 properties: 2618 directory: 2619 description: Directory is a path to a directory 2620 that contains files named "target[suffix][+patchtype].extension". 2621 For example, "kube-apiserver0+merge.yaml" or 2622 just "etcd.json". "target" can be one of "kube-apiserver", 2623 "kube-controller-manager", "kube-scheduler", 2624 "etcd". "patchtype" can be one of "strategic" 2625 "merge" or "json" and they match the patch formats 2626 supported by kubectl. The default "patchtype" 2627 is "strategic". "extension" must be either "json" 2628 or "yaml". "suffix" is an optional string that 2629 can be used to determine which patches are applied 2630 first alpha-numerically. These files can be 2631 written into the target directory via OCNEConfig.Files 2632 which specifies additional files to be created 2633 on the machine, either with content inline or 2634 by referencing a secret. 2635 type: string 2636 type: object 2637 skipPhases: 2638 description: SkipPhases is a list of phases to skip 2639 during command execution. The list of phases can 2640 be obtained with the "kubeadm init --help" command. 2641 This option takes effect only on Kubernetes >=1.22.0. 2642 items: 2643 type: string 2644 type: array 2645 type: object 2646 mounts: 2647 description: Mounts specifies a list of mount points to 2648 be setup. 2649 items: 2650 description: MountPoints defines input for generated 2651 mounts in cloud-init. 2652 items: 2653 type: string 2654 type: array 2655 type: array 2656 ntp: 2657 description: NTP specifies NTP configuration 2658 properties: 2659 enabled: 2660 description: Enabled specifies whether NTP should 2661 be enabled 2662 type: boolean 2663 servers: 2664 description: Servers specifies which NTP servers to 2665 use 2666 items: 2667 type: string 2668 type: array 2669 type: object 2670 postOCNECommands: 2671 description: PostOCNECommands specifies extra commands 2672 to run after kubeadm runs 2673 items: 2674 type: string 2675 type: array 2676 preOCNECommands: 2677 description: PreOCNECommands specifies extra commands 2678 to run before kubeadm runs 2679 items: 2680 type: string 2681 type: array 2682 useExperimentalRetryJoin: 2683 description: "UseExperimentalRetryJoin replaces a basic 2684 kubeadm command with a shell script with retries for 2685 joins. \n This is meant to be an experimental temporary 2686 workaround on some environments where joins fail due 2687 to timing (and other issues). The long term goal is 2688 to add retries to kubeadm proper and use that functionality. 2689 \n This will add about 40KB to userdata \n For more 2690 information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 2691 \n Deprecated: This experimental fix is no longer needed 2692 and this field will be removed in a future release. 2693 When removing also remove from staticcheck exclude-rules 2694 for SA1019 in golangci.yml" 2695 type: boolean 2696 users: 2697 description: Users specifies extra users to add 2698 items: 2699 description: User defines the input for a generated 2700 user in cloud-init. 2701 properties: 2702 gecos: 2703 description: Gecos specifies the gecos to use for 2704 the user 2705 type: string 2706 groups: 2707 description: Groups specifies the additional groups 2708 for the user 2709 type: string 2710 homeDir: 2711 description: HomeDir specifies the home directory 2712 to use for the user 2713 type: string 2714 inactive: 2715 description: Inactive specifies whether to mark 2716 the user as inactive 2717 type: boolean 2718 lockPassword: 2719 description: LockPassword specifies if password 2720 login should be disabled 2721 type: boolean 2722 name: 2723 description: Name specifies the user name 2724 type: string 2725 passwd: 2726 description: Passwd specifies a hashed password 2727 for the user 2728 type: string 2729 passwdFrom: 2730 description: PasswdFrom is a referenced source of 2731 passwd to populate the passwd. 2732 properties: 2733 secret: 2734 description: Secret represents a secret that 2735 should populate this password. 2736 properties: 2737 key: 2738 description: Key is the key in the secret's 2739 data map for this value. 2740 type: string 2741 name: 2742 description: Name of the secret in the KubeadmBootstrapConfig's 2743 namespace to use. 2744 type: string 2745 required: 2746 - key 2747 - name 2748 type: object 2749 required: 2750 - secret 2751 type: object 2752 primaryGroup: 2753 description: PrimaryGroup specifies the primary 2754 group for the user 2755 type: string 2756 shell: 2757 description: Shell specifies the user's shell 2758 type: string 2759 sshAuthorizedKeys: 2760 description: SSHAuthorizedKeys specifies a list 2761 of ssh authorized keys for the user 2762 items: 2763 type: string 2764 type: array 2765 sudo: 2766 description: Sudo specifies a sudo role for the 2767 user 2768 type: string 2769 required: 2770 - name 2771 type: object 2772 type: array 2773 verbosity: 2774 description: Verbosity is the number for the kubeadm log 2775 level verbosity. It overrides the `--v` flag in kubeadm 2776 commands. 2777 format: int32 2778 type: integer 2779 type: object 2780 machineTemplate: 2781 description: MachineTemplate contains information about how 2782 machines should be shaped when creating or updating a control 2783 plane. 2784 properties: 2785 nodeDeletionTimeout: 2786 description: NodeDeletionTimeout defines how long the 2787 machine controller will attempt to delete the Node that 2788 the Machine hosts after the Machine is marked for deletion. 2789 A duration of 0 will retry deletion indefinitely. If 2790 no value is provided, the default value for this property 2791 of the Machine resource will be used. 2792 type: string 2793 nodeDrainTimeout: 2794 description: 'NodeDrainTimeout is the total amount of 2795 time that the controller will spend on draining a controlplane 2796 node The default value is 0, meaning that the node can 2797 be drained without any time limitations. NOTE: NodeDrainTimeout 2798 is different from `kubectl drain --timeout`' 2799 type: string 2800 nodeVolumeDetachTimeout: 2801 description: NodeVolumeDetachTimeout is the total amount 2802 of time that the controller will spend on waiting for 2803 all volumes to be detached. The default value is 0, 2804 meaning that the volumes can be detached without any 2805 time limitations. 2806 type: string 2807 type: object 2808 moduleOperator: 2809 description: ModuleOperator deploys the OCNE module operator 2810 to the worker cluster post installation. 2811 properties: 2812 enabled: 2813 description: Enabled sets the operational mode for a specific 2814 module. if not set, the Enabled is set to false. 2815 type: boolean 2816 image: 2817 description: Image is used to set various attributes regarding 2818 a specific module. If not set, they are set as per the 2819 ImageMeta definitions. 2820 properties: 2821 pullPolicy: 2822 description: PullPolicy allows to specify an image 2823 pull policy for the container images. if not set, 2824 the PullPolicy is IfNotPresent. 2825 type: string 2826 repository: 2827 description: Repository sets the container registry 2828 to pull images from. if not set, the Repository 2829 defined in OCNEMeta will be used instead. 2830 type: string 2831 tag: 2832 description: Tag allows to specify a tag for the image. 2833 if not set, the Tag defined in OCNEMeta will be 2834 used instead. 2835 type: string 2836 type: object 2837 imagePullSecrets: 2838 description: ImagePullSecrets allows to specify secrets 2839 if the image is being pulled from an authenticated private 2840 registry. if not set, it will be assumed the images 2841 are public. 2842 items: 2843 properties: 2844 name: 2845 description: Name is name of the secret to be used 2846 as image pull secret 2847 type: string 2848 type: object 2849 type: array 2850 type: object 2851 rolloutAfter: 2852 description: RolloutAfter is a field to indicate a rollout 2853 should be performed after the specified time even if no 2854 changes have been made to the OCNEControlPlane. 2855 format: date-time 2856 type: string 2857 rolloutBefore: 2858 description: RolloutBefore is a field to indicate a rollout 2859 should be performed if the specified criteria is met. 2860 properties: 2861 certificatesExpiryDays: 2862 description: CertificatesExpiryDays indicates a rollout 2863 needs to be performed if the certificates of the machine 2864 will expire within the specified days. 2865 format: int32 2866 type: integer 2867 type: object 2868 rolloutStrategy: 2869 default: 2870 rollingUpdate: 2871 maxSurge: 1 2872 type: RollingUpdate 2873 description: The RolloutStrategy to use to replace control 2874 plane machines with new ones. 2875 properties: 2876 rollingUpdate: 2877 description: Rolling update config params. Present only 2878 if RolloutStrategyType = RollingUpdate. 2879 properties: 2880 maxSurge: 2881 anyOf: 2882 - type: integer 2883 - type: string 2884 description: 'The maximum number of control planes 2885 that can be scheduled above or under the desired 2886 number of control planes. Value can be an absolute 2887 number 1 or 0. Defaults to 1. Example: when this 2888 is set to 1, the control plane can be scaled up 2889 immediately when the rolling update starts.' 2890 x-kubernetes-int-or-string: true 2891 type: object 2892 type: 2893 description: Type of rollout. Currently the only supported 2894 strategy is "RollingUpdate". Default is RollingUpdate. 2895 type: string 2896 type: object 2897 verrazzanoPlatformOperator: 2898 description: VerrazzanoPlatformOperator deploys the Verrazzano 2899 Platform operator to the worker cluster post installation. 2900 properties: 2901 enabled: 2902 description: Enabled sets the operational mode for a specific 2903 module. if not set, the Enabled is set to false. 2904 type: boolean 2905 image: 2906 description: Image is used to set various attributes regarding 2907 a specific module. If not set, they are set as per the 2908 ImageMeta definitions. 2909 properties: 2910 pullPolicy: 2911 description: PullPolicy allows to specify an image 2912 pull policy for the container images. if not set, 2913 the PullPolicy is IfNotPresent. 2914 type: string 2915 repository: 2916 description: Repository sets the container registry 2917 to pull images from. if not set, the Repository 2918 defined in OCNEMeta will be used instead. 2919 type: string 2920 tag: 2921 description: Tag allows to specify a tag for the image. 2922 if not set, the Tag defined in OCNEMeta will be 2923 used instead. 2924 type: string 2925 type: object 2926 imagePullSecrets: 2927 description: ImagePullSecrets allows to specify secrets 2928 if the image is being pulled from an authenticated private 2929 registry. if not set, it will be assumed the images 2930 are public. 2931 items: 2932 properties: 2933 name: 2934 description: Name is name of the secret to be used 2935 as image pull secret 2936 type: string 2937 type: object 2938 type: array 2939 privateRegistry: 2940 description: PrivateRegistry sets the private registry 2941 settings for installing Verrazzano. 2942 properties: 2943 enabled: 2944 description: Enabled sets a flag to determine if a 2945 private registry will be used when installing Verrazzano. 2946 if not set, the Enabled is set to false. 2947 type: boolean 2948 type: object 2949 type: object 2950 required: 2951 - controlPlaneConfig 2952 type: object 2953 required: 2954 - spec 2955 type: object 2956 required: 2957 - template 2958 type: object 2959 type: object 2960 served: true 2961 storage: true 2962 subresources: {} 2963 --- 2964 apiVersion: v1 2965 kind: ServiceAccount 2966 metadata: 2967 labels: 2968 cluster.x-k8s.io/provider: control-plane-ocne 2969 name: capi-ocne-control-plane-manager 2970 namespace: capi-ocne-control-plane-system 2971 --- 2972 apiVersion: rbac.authorization.k8s.io/v1 2973 kind: Role 2974 metadata: 2975 labels: 2976 cluster.x-k8s.io/provider: control-plane-ocne 2977 name: capi-ocne-control-plane-leader-election-role 2978 namespace: capi-ocne-control-plane-system 2979 rules: 2980 - apiGroups: 2981 - "" 2982 resources: 2983 - events 2984 verbs: 2985 - create 2986 - apiGroups: 2987 - coordination.k8s.io 2988 resources: 2989 - leases 2990 verbs: 2991 - get 2992 - list 2993 - watch 2994 - create 2995 - update 2996 - patch 2997 - delete 2998 --- 2999 aggregationRule: 3000 clusterRoleSelectors: 3001 - matchLabels: 3002 ocne.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" 3003 apiVersion: rbac.authorization.k8s.io/v1 3004 kind: ClusterRole 3005 metadata: 3006 labels: 3007 cluster.x-k8s.io/provider: control-plane-ocne 3008 name: capi-ocne-control-plane-aggregated-manager-role 3009 rules: [] 3010 --- 3011 apiVersion: rbac.authorization.k8s.io/v1 3012 kind: ClusterRole 3013 metadata: 3014 labels: 3015 cluster.x-k8s.io/provider: control-plane-ocne 3016 ocne.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" 3017 name: capi-ocne-control-plane-manager-role 3018 rules: 3019 - apiGroups: 3020 - apiextensions.k8s.io 3021 resources: 3022 - customresourcedefinitions 3023 verbs: 3024 - get 3025 - list 3026 - watch 3027 - apiGroups: 3028 - bootstrap.cluster.x-k8s.io 3029 - controlplane.cluster.x-k8s.io 3030 - infrastructure.cluster.x-k8s.io 3031 resources: 3032 - '*' 3033 verbs: 3034 - create 3035 - delete 3036 - get 3037 - list 3038 - patch 3039 - update 3040 - watch 3041 - apiGroups: 3042 - cluster.x-k8s.io 3043 resources: 3044 - clusters 3045 - clusters/status 3046 verbs: 3047 - get 3048 - list 3049 - watch 3050 - apiGroups: 3051 - cluster.x-k8s.io 3052 resources: 3053 - machines 3054 - machines/status 3055 verbs: 3056 - create 3057 - delete 3058 - get 3059 - list 3060 - patch 3061 - update 3062 - watch 3063 - apiGroups: 3064 - "" 3065 resources: 3066 - configmaps 3067 verbs: 3068 - create 3069 - get 3070 - list 3071 - patch 3072 - update 3073 - watch 3074 - apiGroups: 3075 - "" 3076 resources: 3077 - events 3078 verbs: 3079 - create 3080 - get 3081 - list 3082 - patch 3083 - watch 3084 - apiGroups: 3085 - "" 3086 resources: 3087 - secrets 3088 verbs: 3089 - create 3090 - get 3091 - list 3092 - patch 3093 - update 3094 - watch 3095 --- 3096 apiVersion: rbac.authorization.k8s.io/v1 3097 kind: RoleBinding 3098 metadata: 3099 labels: 3100 cluster.x-k8s.io/provider: control-plane-ocne 3101 name: capi-ocne-control-plane-leader-election-rolebinding 3102 namespace: capi-ocne-control-plane-system 3103 roleRef: 3104 apiGroup: rbac.authorization.k8s.io 3105 kind: Role 3106 name: capi-ocne-control-plane-leader-election-role 3107 subjects: 3108 - kind: ServiceAccount 3109 name: capi-ocne-control-plane-manager 3110 namespace: capi-ocne-control-plane-system 3111 --- 3112 apiVersion: rbac.authorization.k8s.io/v1 3113 kind: ClusterRoleBinding 3114 metadata: 3115 labels: 3116 cluster.x-k8s.io/provider: control-plane-ocne 3117 name: capi-ocne-control-plane-manager-rolebinding 3118 roleRef: 3119 apiGroup: rbac.authorization.k8s.io 3120 kind: ClusterRole 3121 name: capi-ocne-control-plane-aggregated-manager-role 3122 subjects: 3123 - kind: ServiceAccount 3124 name: capi-ocne-control-plane-manager 3125 namespace: capi-ocne-control-plane-system 3126 --- 3127 apiVersion: v1 3128 kind: Service 3129 metadata: 3130 labels: 3131 cluster.x-k8s.io/provider: control-plane-ocne 3132 name: capi-ocne-control-plane-webhook-service 3133 namespace: capi-ocne-control-plane-system 3134 spec: 3135 ports: 3136 - port: 443 3137 targetPort: webhook-server 3138 selector: 3139 cluster.x-k8s.io/provider: control-plane-ocne 3140 --- 3141 apiVersion: apps/v1 3142 kind: Deployment 3143 metadata: 3144 labels: 3145 cluster.x-k8s.io/provider: control-plane-ocne 3146 control-plane: controller-manager 3147 name: capi-ocne-control-plane-controller-manager 3148 namespace: capi-ocne-control-plane-system 3149 spec: 3150 replicas: 1 3151 selector: 3152 matchLabels: 3153 cluster.x-k8s.io/provider: control-plane-ocne 3154 control-plane: controller-manager 3155 template: 3156 metadata: 3157 labels: 3158 cluster.x-k8s.io/provider: control-plane-ocne 3159 control-plane: controller-manager 3160 spec: 3161 containers: 3162 - args: 3163 - --leader-elect 3164 - --metrics-bind-addr=localhost:8080 3165 - --feature-gates=ClusterTopology=${CLUSTER_TOPOLOGY:=false},KubeadmBootstrapFormatIgnition=${EXP_KUBEADM_BOOTSTRAP_FORMAT_IGNITION:=false} 3166 command: 3167 - /manager 3168 env: 3169 - name: POD_NAMESPACE 3170 valueFrom: 3171 fieldRef: 3172 fieldPath: metadata.namespace 3173 - name: POD_NAME 3174 valueFrom: 3175 fieldRef: 3176 fieldPath: metadata.name 3177 - name: POD_UID 3178 valueFrom: 3179 fieldRef: 3180 fieldPath: metadata.uid 3181 image: ghcr.io/verrazzano/cluster-api-ocne-control-plane-controller:v1.7.0-20230815141941-9a36ded 3182 imagePullPolicy: IfNotPresent 3183 livenessProbe: 3184 httpGet: 3185 path: /healthz 3186 port: healthz 3187 name: manager 3188 ports: 3189 - containerPort: 9443 3190 name: webhook-server 3191 protocol: TCP 3192 - containerPort: 9440 3193 name: healthz 3194 protocol: TCP 3195 readinessProbe: 3196 httpGet: 3197 path: /readyz 3198 port: healthz 3199 volumeMounts: 3200 - mountPath: /tmp/k8s-webhook-server/serving-certs 3201 name: cert 3202 readOnly: true 3203 serviceAccountName: capi-ocne-control-plane-manager 3204 terminationGracePeriodSeconds: 10 3205 tolerations: 3206 - effect: NoSchedule 3207 key: node-role.kubernetes.io/master 3208 - effect: NoSchedule 3209 key: node-role.kubernetes.io/control-plane 3210 volumes: 3211 - name: cert 3212 secret: 3213 secretName: capi-ocne-control-plane-webhook-service-cert 3214 --- 3215 apiVersion: cert-manager.io/v1 3216 kind: Certificate 3217 metadata: 3218 labels: 3219 cluster.x-k8s.io/provider: control-plane-ocne 3220 name: capi-ocne-control-plane-serving-cert 3221 namespace: capi-ocne-control-plane-system 3222 spec: 3223 dnsNames: 3224 - capi-ocne-control-plane-webhook-service.capi-ocne-control-plane-system.svc 3225 - capi-ocne-control-plane-webhook-service.capi-ocne-control-plane-system.svc.cluster.local 3226 issuerRef: 3227 kind: Issuer 3228 name: capi-ocne-control-plane-selfsigned-issuer 3229 secretName: capi-ocne-control-plane-webhook-service-cert 3230 subject: 3231 organizations: 3232 - k8s-sig-cluster-lifecycle 3233 --- 3234 apiVersion: cert-manager.io/v1 3235 kind: Issuer 3236 metadata: 3237 labels: 3238 cluster.x-k8s.io/provider: control-plane-ocne 3239 name: capi-ocne-control-plane-selfsigned-issuer 3240 namespace: capi-ocne-control-plane-system 3241 spec: 3242 selfSigned: {} 3243 --- 3244 apiVersion: admissionregistration.k8s.io/v1 3245 kind: MutatingWebhookConfiguration 3246 metadata: 3247 annotations: 3248 cert-manager.io/inject-ca-from: capi-ocne-control-plane-system/capi-ocne-control-plane-serving-cert 3249 labels: 3250 cluster.x-k8s.io/provider: control-plane-ocne 3251 name: capi-ocne-control-plane-mutating-webhook-configuration 3252 webhooks: 3253 - admissionReviewVersions: 3254 - v1 3255 - v1alpha1 3256 clientConfig: 3257 service: 3258 name: capi-ocne-control-plane-webhook-service 3259 namespace: capi-ocne-control-plane-system 3260 path: /mutate-controlplane-cluster-x-k8s-io-v1alpha1-ocnecontrolplane 3261 failurePolicy: Fail 3262 matchPolicy: Equivalent 3263 name: default.ocnecontrolplane.controlplane.cluster.x-k8s.io 3264 rules: 3265 - apiGroups: 3266 - controlplane.cluster.x-k8s.io 3267 apiVersions: 3268 - v1alpha1 3269 operations: 3270 - CREATE 3271 - UPDATE 3272 resources: 3273 - ocnecontrolplanes 3274 sideEffects: None 3275 - admissionReviewVersions: 3276 - v1 3277 - v1alpha1 3278 clientConfig: 3279 service: 3280 name: capi-ocne-control-plane-webhook-service 3281 namespace: capi-ocne-control-plane-system 3282 path: /mutate-controlplane-cluster-x-k8s-io-v1alpha1-ocnecontrolplanetemplate 3283 failurePolicy: Fail 3284 name: default.ocnecontrolplanetemplate.controlplane.cluster.x-k8s.io 3285 rules: 3286 - apiGroups: 3287 - controlplane.cluster.x-k8s.io 3288 apiVersions: 3289 - v1alpha1 3290 operations: 3291 - CREATE 3292 - UPDATE 3293 resources: 3294 - ocnecontrolplanetemplates 3295 sideEffects: None 3296 --- 3297 apiVersion: admissionregistration.k8s.io/v1 3298 kind: ValidatingWebhookConfiguration 3299 metadata: 3300 annotations: 3301 cert-manager.io/inject-ca-from: capi-ocne-control-plane-system/capi-ocne-control-plane-serving-cert 3302 labels: 3303 cluster.x-k8s.io/provider: control-plane-ocne 3304 name: capi-ocne-control-plane-validating-webhook-configuration 3305 webhooks: 3306 - admissionReviewVersions: 3307 - v1 3308 - v1alpha1 3309 clientConfig: 3310 service: 3311 name: capi-ocne-control-plane-webhook-service 3312 namespace: capi-ocne-control-plane-system 3313 path: /validate-controlplane-cluster-x-k8s-io-v1alpha1-ocnecontrolplane 3314 failurePolicy: Fail 3315 matchPolicy: Equivalent 3316 name: validation.ocnecontrolplane.controlplane.cluster.x-k8s.io 3317 rules: 3318 - apiGroups: 3319 - controlplane.cluster.x-k8s.io 3320 apiVersions: 3321 - v1alpha1 3322 operations: 3323 - CREATE 3324 - UPDATE 3325 resources: 3326 - ocnecontrolplanes 3327 sideEffects: None 3328 - admissionReviewVersions: 3329 - v1 3330 - v1alpha1 3331 clientConfig: 3332 service: 3333 name: capi-ocne-control-plane-webhook-service 3334 namespace: capi-ocne-control-plane-system 3335 path: /validate-controlplane-cluster-x-k8s-io-v1alpha1-ocnecontrolplanetemplate 3336 failurePolicy: Fail 3337 name: validation.ocnecontrolplanetemplate.controlplane.cluster.x-k8s.io 3338 rules: 3339 - apiGroups: 3340 - controlplane.cluster.x-k8s.io 3341 apiVersions: 3342 - v1alpha1 3343 operations: 3344 - CREATE 3345 - UPDATE 3346 resources: 3347 - ocnecontrolplanetemplates 3348 sideEffects: None 3349 - admissionReviewVersions: 3350 - v1 3351 - v1beta1 3352 clientConfig: 3353 service: 3354 name: capi-ocne-control-plane-webhook-service 3355 namespace: capi-ocne-control-plane-system 3356 path: /validate-scale-controlplane-cluster-x-k8s-io-v1beta1-ocnecontrolplane 3357 failurePolicy: Fail 3358 matchPolicy: Equivalent 3359 name: validation-scale.ocnecontrolplane.controlplane.cluster.x-k8s.io 3360 rules: 3361 - apiGroups: 3362 - controlplane.cluster.x-k8s.io 3363 apiVersions: 3364 - v1beta1 3365 operations: 3366 - UPDATE 3367 resources: 3368 - ocnecontrolplanes/scale 3369 sideEffects: None