k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/crd/community/kubermatic.k8c.io_clusters.yaml (about) 1 # This file has been generated by hack/update-codegen.sh, DO NOT EDIT. 2 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.12.0 8 name: clusters.kubermatic.k8c.io 9 spec: 10 group: kubermatic.k8c.io 11 names: 12 kind: Cluster 13 listKind: ClusterList 14 plural: clusters 15 singular: cluster 16 scope: Cluster 17 versions: 18 - additionalPrinterColumns: 19 - jsonPath: .spec.humanReadableName 20 name: HumanReadableName 21 type: string 22 - jsonPath: .status.userEmail 23 name: Owner 24 type: string 25 - jsonPath: .spec.version 26 name: Version 27 type: string 28 - jsonPath: .spec.cloud.providerName 29 name: Provider 30 type: string 31 - jsonPath: .spec.cloud.datacenter 32 name: Datacenter 33 type: string 34 - jsonPath: .status.phase 35 name: Phase 36 type: string 37 - jsonPath: .spec.pause 38 name: Paused 39 type: boolean 40 - jsonPath: .metadata.creationTimestamp 41 name: Age 42 type: date 43 name: v1 44 schema: 45 openAPIV3Schema: 46 description: Cluster represents a Kubermatic Kubernetes Platform user cluster. Cluster objects exist on Seed clusters and each user cluster consists of a namespace containing the Kubernetes control plane and additional pods (like Prometheus or the machine-controller). 47 properties: 48 apiVersion: 49 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 50 type: string 51 kind: 52 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 53 type: string 54 metadata: 55 type: object 56 spec: 57 description: Spec describes the desired cluster state. 58 properties: 59 admissionPlugins: 60 description: A list of arbitrary admission plugin names that are passed to kube-apiserver. Must not include admission plugins that can be enabled via a separate setting. 61 items: 62 type: string 63 type: array 64 apiServerAllowedIPRanges: 65 description: 'Optional: APIServerAllowedIPRanges is a list of IP ranges allowed to access the API server. Applicable only if the expose strategy of the cluster is LoadBalancer. If not configured, access to the API server is unrestricted.' 66 properties: 67 cidrBlocks: 68 items: 69 type: string 70 type: array 71 type: object 72 applicationSettings: 73 description: 'Optional: ApplicationSettings contains the settings relative to the application feature.' 74 properties: 75 cacheSize: 76 anyOf: 77 - type: integer 78 - type: string 79 description: CacheSize is the size of the cache used to download application's sources. 80 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 81 x-kubernetes-int-or-string: true 82 type: object 83 cloud: 84 description: Cloud contains information regarding the cloud provider that is responsible for hosting the cluster's workload. 85 properties: 86 alibaba: 87 description: AlibabaCloudSpec specifies the access data to Alibaba. 88 properties: 89 accessKeyID: 90 type: string 91 accessKeySecret: 92 type: string 93 credentialsReference: 94 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 95 properties: 96 apiVersion: 97 description: API version of the referent. 98 type: string 99 fieldPath: 100 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 101 type: string 102 key: 103 type: string 104 kind: 105 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 106 type: string 107 name: 108 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 109 type: string 110 namespace: 111 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 112 type: string 113 resourceVersion: 114 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 115 type: string 116 uid: 117 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 118 type: string 119 type: object 120 x-kubernetes-map-type: atomic 121 type: object 122 anexia: 123 description: AnexiaCloudSpec specifies the access data to Anexia. 124 properties: 125 credentialsReference: 126 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 127 properties: 128 apiVersion: 129 description: API version of the referent. 130 type: string 131 fieldPath: 132 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 133 type: string 134 key: 135 type: string 136 kind: 137 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 138 type: string 139 name: 140 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 141 type: string 142 namespace: 143 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 144 type: string 145 resourceVersion: 146 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 147 type: string 148 uid: 149 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 150 type: string 151 type: object 152 x-kubernetes-map-type: atomic 153 token: 154 type: string 155 type: object 156 aws: 157 description: AWSCloudSpec specifies access data to Amazon Web Services. 158 properties: 159 accessKeyID: 160 type: string 161 assumeRoleARN: 162 type: string 163 assumeRoleExternalID: 164 type: string 165 credentialsReference: 166 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 167 properties: 168 apiVersion: 169 description: API version of the referent. 170 type: string 171 fieldPath: 172 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 173 type: string 174 key: 175 type: string 176 kind: 177 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 178 type: string 179 name: 180 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 181 type: string 182 namespace: 183 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 184 type: string 185 resourceVersion: 186 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 187 type: string 188 uid: 189 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 190 type: string 191 type: object 192 x-kubernetes-map-type: atomic 193 disableIAMReconciling: 194 description: DisableIAMReconciling is used to disable reconciliation for IAM related configuration. This is useful in air-gapped setups where access to IAM service is not possible. 195 type: boolean 196 instanceProfileName: 197 type: string 198 nodePortsAllowedIPRange: 199 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 200 type: string 201 nodePortsAllowedIPRanges: 202 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 203 properties: 204 cidrBlocks: 205 items: 206 type: string 207 type: array 208 type: object 209 roleARN: 210 description: The IAM role, the control plane will use. The control plane will perform an assume-role 211 type: string 212 routeTableID: 213 type: string 214 secretAccessKey: 215 type: string 216 securityGroupID: 217 type: string 218 vpcID: 219 type: string 220 required: 221 - instanceProfileName 222 - roleARN 223 - routeTableID 224 - securityGroupID 225 - vpcID 226 type: object 227 azure: 228 description: AzureCloudSpec defines cloud resource references for Microsoft Azure. 229 properties: 230 assignAvailabilitySet: 231 description: 'Optional: AssignAvailabilitySet determines whether KKP creates and assigns an AvailabilitySet to machines. Defaults to `true` internally if not set.' 232 type: boolean 233 availabilitySet: 234 description: An availability set that will be associated with nodes created for this cluster. If this field is set to empty string at cluster creation and `AssignAvailabilitySet` is set to `true`, a new availability set will be created and this field will be updated to the generated availability set's name. 235 type: string 236 clientID: 237 description: ClientID is the service principal used to access Azure. Can be read from `credentialsReference` instead. 238 type: string 239 clientSecret: 240 description: ClientSecret is the client secret corresponding to the given service principal. Can be read from `credentialsReference` instead. 241 type: string 242 credentialsReference: 243 description: CredentialsReference allows referencing a `Secret` resource instead of passing secret data in this spec. 244 properties: 245 apiVersion: 246 description: API version of the referent. 247 type: string 248 fieldPath: 249 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 250 type: string 251 key: 252 type: string 253 kind: 254 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 255 type: string 256 name: 257 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 258 type: string 259 namespace: 260 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 261 type: string 262 resourceVersion: 263 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 264 type: string 265 uid: 266 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 267 type: string 268 type: object 269 x-kubernetes-map-type: atomic 270 loadBalancerSKU: 271 description: Azure SKU for Load Balancers. Possible values are `basic` and `standard`. 272 enum: 273 - standard 274 - basic 275 type: string 276 nodePortsAllowedIPRange: 277 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 278 type: string 279 nodePortsAllowedIPRanges: 280 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 281 properties: 282 cidrBlocks: 283 items: 284 type: string 285 type: array 286 type: object 287 resourceGroup: 288 description: The resource group that will be used to look up and create resources for the cluster in. If set to empty string at cluster creation, a new resource group will be created and this field will be updated to the generated resource group's name. 289 type: string 290 routeTable: 291 description: The name of a route table associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new route table will be created and this field will be updated to the generated route table's name. If no subnet is defined at cluster creation, this field should be empty as well. 292 type: string 293 securityGroup: 294 description: The name of a security group associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new security group will be created and this field will be updated to the generated security group's name. If no subnet is defined at cluster creation, this field should be empty as well. 295 type: string 296 subnet: 297 description: The name of a subnet in the VNet referenced by `vnet`. If set to empty string at cluster creation, a new subnet will be created and this field will be updated to the generated subnet's name. If no VNet is defined at cluster creation, this field should be empty as well. 298 type: string 299 subscriptionID: 300 description: SubscriptionID is the Azure Subscription used for this cluster. Can be read from `credentialsReference` instead. 301 type: string 302 tenantID: 303 description: TenantID is the Azure Active Directory Tenant used for this cluster. Can be read from `credentialsReference` instead. 304 type: string 305 vnet: 306 description: The name of the VNet resource used for setting up networking in. If set to empty string at cluster creation, a new VNet will be created and this field will be updated to the generated VNet's name. 307 type: string 308 vnetResourceGroup: 309 description: 'Optional: VNetResourceGroup optionally defines a second resource group that will be used for VNet related resources instead. If left empty, NO additional resource group will be created and all VNet related resources use the resource group defined by `resourceGroup`.' 310 type: string 311 required: 312 - availabilitySet 313 - loadBalancerSKU 314 - resourceGroup 315 - routeTable 316 - securityGroup 317 - subnet 318 - vnet 319 - vnetResourceGroup 320 type: object 321 bringyourown: 322 description: BringYourOwnCloudSpec specifies access data for a bring your own cluster. 323 type: object 324 datacenter: 325 description: DatacenterName states the name of a cloud provider "datacenter" (defined in `Seed` resources) this cluster should be deployed into. 326 type: string 327 digitalocean: 328 description: DigitaloceanCloudSpec specifies access data to DigitalOcean. 329 properties: 330 credentialsReference: 331 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 332 properties: 333 apiVersion: 334 description: API version of the referent. 335 type: string 336 fieldPath: 337 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 338 type: string 339 key: 340 type: string 341 kind: 342 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 343 type: string 344 name: 345 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 346 type: string 347 namespace: 348 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 349 type: string 350 resourceVersion: 351 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 352 type: string 353 uid: 354 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 355 type: string 356 type: object 357 x-kubernetes-map-type: atomic 358 token: 359 type: string 360 type: object 361 fake: 362 description: FakeCloudSpec specifies access data for a fake cloud. 363 properties: 364 token: 365 type: string 366 type: object 367 gcp: 368 description: GCPCloudSpec specifies access data to GCP. 369 properties: 370 credentialsReference: 371 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 372 properties: 373 apiVersion: 374 description: API version of the referent. 375 type: string 376 fieldPath: 377 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 378 type: string 379 key: 380 type: string 381 kind: 382 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 383 type: string 384 name: 385 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 386 type: string 387 namespace: 388 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 389 type: string 390 resourceVersion: 391 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 392 type: string 393 uid: 394 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 395 type: string 396 type: object 397 x-kubernetes-map-type: atomic 398 network: 399 type: string 400 nodePortsAllowedIPRange: 401 description: A CIDR range that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 402 type: string 403 nodePortsAllowedIPRanges: 404 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 405 properties: 406 cidrBlocks: 407 items: 408 type: string 409 type: array 410 type: object 411 serviceAccount: 412 description: The Google Service Account (JSON format), encoded with base64. 413 type: string 414 subnetwork: 415 type: string 416 required: 417 - network 418 - subnetwork 419 type: object 420 hetzner: 421 description: HetznerCloudSpec specifies access data to hetzner cloud. 422 properties: 423 credentialsReference: 424 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 425 properties: 426 apiVersion: 427 description: API version of the referent. 428 type: string 429 fieldPath: 430 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 431 type: string 432 key: 433 type: string 434 kind: 435 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 436 type: string 437 name: 438 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 439 type: string 440 namespace: 441 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 442 type: string 443 resourceVersion: 444 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 445 type: string 446 uid: 447 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 448 type: string 449 type: object 450 x-kubernetes-map-type: atomic 451 network: 452 description: Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work. If this is empty, the network configured on the datacenter will be used. 453 type: string 454 token: 455 description: Token is used to authenticate with the Hetzner cloud API. 456 type: string 457 type: object 458 kubevirt: 459 description: KubeVirtCloudSpec specifies the access data to KubeVirt. 460 properties: 461 credentialsReference: 462 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 463 properties: 464 apiVersion: 465 description: API version of the referent. 466 type: string 467 fieldPath: 468 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 469 type: string 470 key: 471 type: string 472 kind: 473 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 474 type: string 475 name: 476 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 477 type: string 478 namespace: 479 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 480 type: string 481 resourceVersion: 482 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 483 type: string 484 uid: 485 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 486 type: string 487 type: object 488 x-kubernetes-map-type: atomic 489 csiKubeconfig: 490 type: string 491 imageCloningEnabled: 492 description: ImageCloningEnabled flag enable/disable cloning for a cluster. 493 type: boolean 494 infraStorageClasses: 495 description: 'Deprecated: in favor of StorageClasses. InfraStorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks)' 496 items: 497 type: string 498 type: array 499 kubeconfig: 500 description: The cluster's kubeconfig file, encoded with base64. 501 type: string 502 preAllocatedDataVolumes: 503 description: Custom Images are a good example of this use case. 504 items: 505 properties: 506 annotations: 507 additionalProperties: 508 type: string 509 type: object 510 name: 511 type: string 512 size: 513 type: string 514 storageClass: 515 type: string 516 url: 517 type: string 518 required: 519 - name 520 - size 521 - storageClass 522 - url 523 type: object 524 type: array 525 storageClasses: 526 description: StorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks. It contains also some flag specifying which one is the default one. 527 items: 528 properties: 529 isDefaultClass: 530 description: 'Optional: IsDefaultClass. If true, the created StorageClass in the tenant cluster will be annotated with: storageclass.kubernetes.io/is-default-class : true If missing or false, annotation will be: storageclass.kubernetes.io/is-default-class : false' 531 type: boolean 532 name: 533 type: string 534 required: 535 - name 536 type: object 537 type: array 538 type: object 539 nutanix: 540 description: NutanixCloudSpec specifies the access data to Nutanix. 541 properties: 542 clusterName: 543 description: ClusterName is the Nutanix cluster that this user cluster will be deployed to. 544 type: string 545 credentialsReference: 546 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 547 properties: 548 apiVersion: 549 description: API version of the referent. 550 type: string 551 fieldPath: 552 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 553 type: string 554 key: 555 type: string 556 kind: 557 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 558 type: string 559 name: 560 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 561 type: string 562 namespace: 563 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 564 type: string 565 resourceVersion: 566 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 567 type: string 568 uid: 569 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 570 type: string 571 type: object 572 x-kubernetes-map-type: atomic 573 csi: 574 description: NutanixCSIConfig for csi driver that connects to a prism element 575 properties: 576 endpoint: 577 description: Prism Element Endpoint to access Nutanix Prism Element for csi driver 578 type: string 579 fstype: 580 description: 'Optional: defaults to "xfs"' 581 type: string 582 password: 583 description: Prism Element Password for csi driver 584 type: string 585 port: 586 description: 'Optional: Port to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440)' 587 format: int32 588 type: integer 589 ssSegmentedIscsiNetwork: 590 description: 'Optional: defaults to "false"' 591 type: boolean 592 storageContainer: 593 description: 'Optional: defaults to "SelfServiceContainer"' 594 type: string 595 username: 596 description: Prism Element Username for csi driver 597 type: string 598 required: 599 - endpoint 600 type: object 601 password: 602 type: string 603 projectName: 604 description: ProjectName is the project that this cluster is deployed into. If none is given, no project will be used. 605 type: string 606 proxyURL: 607 type: string 608 username: 609 type: string 610 required: 611 - clusterName 612 type: object 613 openstack: 614 description: OpenStackCloudSpec specifies access data to an OpenStack cloud. 615 properties: 616 applicationCredentialID: 617 type: string 618 applicationCredentialSecret: 619 type: string 620 credentialsReference: 621 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 622 properties: 623 apiVersion: 624 description: API version of the referent. 625 type: string 626 fieldPath: 627 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 628 type: string 629 key: 630 type: string 631 kind: 632 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 633 type: string 634 name: 635 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 636 type: string 637 namespace: 638 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 639 type: string 640 resourceVersion: 641 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 642 type: string 643 uid: 644 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 645 type: string 646 type: object 647 x-kubernetes-map-type: atomic 648 domain: 649 type: string 650 enableIngressHostname: 651 description: Enable the `enable-ingress-hostname` cloud provider option on the OpenStack CCM. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround for the PROXY protocol to preserve client IPs. 652 type: boolean 653 floatingIPPool: 654 description: "FloatingIPPool holds the name of the public network The public network is reachable from the outside world and should provide the pool of IP addresses to choose from. \n When specified, all worker nodes will receive a public ip from this floating ip pool \n Note that the network is external if the \"External\" field is set to true" 655 type: string 656 ingressHostnameSuffix: 657 description: Set a specific suffix for the hostnames used for the PROXY protocol workaround that is enabled by EnableIngressHostname. The suffix is set to `nip.io` by default. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround only. 658 type: string 659 ipv6SubnetID: 660 description: IPv6SubnetID holds the ID of the subnet used for IPv6 networking. If not provided, a new subnet will be created if IPv6 is enabled. 661 type: string 662 ipv6SubnetPool: 663 description: IPv6SubnetPool holds the name of the subnet pool used for creating new IPv6 subnets. If not provided, the default IPv6 subnet pool will be used. 664 type: string 665 network: 666 description: "Network holds the name of the internal network When specified, all worker nodes will be attached to this network. If not specified, a network, subnet & router will be created \n Note that the network is internal if the \"External\" field is set to false" 667 type: string 668 nodePortsAllowedIPRange: 669 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 670 type: string 671 nodePortsAllowedIPRanges: 672 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 673 properties: 674 cidrBlocks: 675 items: 676 type: string 677 type: array 678 type: object 679 password: 680 type: string 681 project: 682 description: project, formally known as tenant. 683 type: string 684 projectID: 685 description: project id, formally known as tenantID. 686 type: string 687 routerID: 688 type: string 689 securityGroups: 690 type: string 691 subnetID: 692 type: string 693 token: 694 description: Used internally during cluster creation 695 type: string 696 useOctavia: 697 description: "Whether or not to use Octavia for LoadBalancer type of Service implementation instead of using Neutron-LBaaS. Attention:OpenStack CCM use Octavia as default load balancer implementation since v1.17.0 \n Takes precedence over the 'use_octavia' flag provided at datacenter level if both are specified." 698 type: boolean 699 useToken: 700 type: boolean 701 username: 702 type: string 703 required: 704 - floatingIPPool 705 - network 706 - routerID 707 - securityGroups 708 - subnetID 709 type: object 710 packet: 711 description: PacketCloudSpec specifies access data to a Packet cloud. 712 properties: 713 apiKey: 714 type: string 715 billingCycle: 716 type: string 717 credentialsReference: 718 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 719 properties: 720 apiVersion: 721 description: API version of the referent. 722 type: string 723 fieldPath: 724 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 725 type: string 726 key: 727 type: string 728 kind: 729 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 730 type: string 731 name: 732 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 733 type: string 734 namespace: 735 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 736 type: string 737 resourceVersion: 738 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 739 type: string 740 uid: 741 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 742 type: string 743 type: object 744 x-kubernetes-map-type: atomic 745 projectID: 746 type: string 747 required: 748 - billingCycle 749 type: object 750 providerName: 751 description: ProviderName is the name of the cloud provider used for this cluster. This must match the given provider spec (e.g. if the providerName is "aws", then the `aws` field must be set). 752 enum: 753 - alibaba 754 - anexia 755 - aws 756 - azure 757 - bringyourown 758 - digitalocean 759 - gcp 760 - hetzner 761 - kubevirt 762 - nutanix 763 - openstack 764 - packet 765 - vmwareclouddirector 766 - vsphere 767 type: string 768 vmwareclouddirector: 769 description: VMwareCloudDirectorCloudSpec specifies access data to VMware Cloud Director cloud. 770 properties: 771 apiToken: 772 description: APIToken is the VMware Cloud Director API token. 773 type: string 774 credentialsReference: 775 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 776 properties: 777 apiVersion: 778 description: API version of the referent. 779 type: string 780 fieldPath: 781 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 782 type: string 783 key: 784 type: string 785 kind: 786 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 787 type: string 788 name: 789 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 790 type: string 791 namespace: 792 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 793 type: string 794 resourceVersion: 795 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 796 type: string 797 uid: 798 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 799 type: string 800 type: object 801 x-kubernetes-map-type: atomic 802 csi: 803 description: Config for CSI driver 804 properties: 805 filesystem: 806 description: Filesystem to use for named disks, defaults to "ext4" 807 type: string 808 storageProfile: 809 description: The name of the storage profile to use for disks created by CSI driver 810 type: string 811 required: 812 - storageProfile 813 type: object 814 organization: 815 description: Organization is the name of organization to use. 816 type: string 817 ovdcNetwork: 818 description: Network is the name of organizational virtual data center network that will be associated with the VMs and vApp. 819 type: string 820 password: 821 description: Password is the VMware Cloud Director user password. 822 type: string 823 username: 824 description: Username is the VMware Cloud Director user name. 825 type: string 826 vapp: 827 description: VApp used for isolation of VMs and their associated network 828 type: string 829 vdc: 830 description: VDC is the organizational virtual data center. 831 type: string 832 required: 833 - csi 834 - ovdcNetwork 835 type: object 836 vsphere: 837 description: VSphereCloudSpec specifies access data to VSphere cloud. 838 properties: 839 credentialsReference: 840 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 841 properties: 842 apiVersion: 843 description: API version of the referent. 844 type: string 845 fieldPath: 846 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 847 type: string 848 key: 849 type: string 850 kind: 851 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 852 type: string 853 name: 854 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 855 type: string 856 namespace: 857 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 858 type: string 859 resourceVersion: 860 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 861 type: string 862 uid: 863 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 864 type: string 865 type: object 866 x-kubernetes-map-type: atomic 867 datastore: 868 description: Datastore to be used for storing virtual machines and as a default for dynamic volume provisioning, it is mutually exclusive with DatastoreCluster. 869 type: string 870 datastoreCluster: 871 description: DatastoreCluster to be used for storing virtual machines, it is mutually exclusive with Datastore. 872 type: string 873 folder: 874 description: Folder is the folder to be used to group the provisioned virtual machines. 875 type: string 876 infraManagementUser: 877 description: This user will be used for everything except cloud provider functionality 878 properties: 879 password: 880 type: string 881 username: 882 type: string 883 type: object 884 password: 885 description: Password is the vSphere user password. 886 type: string 887 resourcePool: 888 description: ResourcePool is used to manage resources such as cpu and memory for vSphere virtual machines. The resource pool should be defined on vSphere cluster level. 889 type: string 890 storagePolicy: 891 description: StoragePolicy to be used for storage provisioning 892 type: string 893 tags: 894 description: Tags represents the tags that are attached or created on the cluster level, that are then propagated down to the MachineDeployments. In order to attach tags on MachineDeployment, users must create the tag on a cluster level first then attach that tag on the MachineDeployment. 895 properties: 896 categoryID: 897 description: CategoryID is the id of the vsphere category that the tag belongs to. If the category id is left empty, the default category id for the cluster will be used. 898 type: string 899 tags: 900 description: Tags represents the name of the created tags. 901 items: 902 type: string 903 type: array 904 required: 905 - tags 906 type: object 907 username: 908 description: Username is the vSphere user name. 909 type: string 910 vmNetName: 911 description: VMNetName is the name of the vSphere network. 912 type: string 913 required: 914 - infraManagementUser 915 - storagePolicy 916 - vmNetName 917 type: object 918 required: 919 - datacenter 920 - providerName 921 type: object 922 clusterNetwork: 923 description: ClusterNetworkingConfig specifies the different networking parameters for a cluster. 924 properties: 925 coreDNSReplicas: 926 description: CoreDNSReplicas is the number of desired pods of user cluster coredns deployment. 927 format: int32 928 type: integer 929 dnsDomain: 930 description: Domain name for services. 931 type: string 932 ipFamily: 933 description: 'Optional: IP family used for cluster networking. Supported values are "", "IPv4" or "IPv4+IPv6". Can be omitted / empty if pods and services network ranges are specified. In that case it defaults according to the IP families of the provided network ranges. If neither ipFamily nor pods & services network ranges are specified, defaults to "IPv4".' 934 enum: 935 - "" 936 - IPv4 937 - IPv4+IPv6 938 type: string 939 ipvs: 940 description: IPVS defines kube-proxy ipvs configuration options 941 properties: 942 strictArp: 943 default: true 944 description: StrictArp configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface. defaults to true. 945 type: boolean 946 type: object 947 konnectivityEnabled: 948 description: KonnectivityEnabled enables konnectivity for controlplane to node network communication. 949 type: boolean 950 nodeCidrMaskSizeIPv4: 951 description: NodeCIDRMaskSizeIPv4 is the mask size used to address the nodes within provided IPv4 Pods CIDR. It has to be larger than the provided IPv4 Pods CIDR. Defaults to 24. 952 format: int32 953 type: integer 954 nodeCidrMaskSizeIPv6: 955 description: NodeCIDRMaskSizeIPv6 is the mask size used to address the nodes within provided IPv6 Pods CIDR. It has to be larger than the provided IPv6 Pods CIDR. Defaults to 64. 956 format: int32 957 type: integer 958 nodeLocalDNSCacheEnabled: 959 default: true 960 description: NodeLocalDNSCacheEnabled controls whether the NodeLocal DNS Cache feature is enabled. Defaults to true. 961 type: boolean 962 pods: 963 description: The network ranges from which POD networks are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 964 properties: 965 cidrBlocks: 966 items: 967 type: string 968 type: array 969 type: object 970 proxyMode: 971 default: ipvs 972 description: ProxyMode defines the kube-proxy mode ("ipvs" / "iptables" / "ebpf"). Defaults to "ipvs". "ebpf" disables kube-proxy and requires CNI support. 973 enum: 974 - ipvs 975 - iptables 976 - ebpf 977 type: string 978 services: 979 description: The network ranges from which service VIPs are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 980 properties: 981 cidrBlocks: 982 items: 983 type: string 984 type: array 985 type: object 986 tunnelingAgentIP: 987 description: TunnelingAgentIP is the address used by the tunneling agents 988 type: string 989 required: 990 - dnsDomain 991 - pods 992 - proxyMode 993 - services 994 type: object 995 cniPlugin: 996 description: CNIPluginSettings contains the spec of the CNI plugin used by the Cluster. 997 properties: 998 type: 999 description: Type is the CNI plugin type to be used. 1000 enum: 1001 - canal 1002 - cilium 1003 - none 1004 type: string 1005 version: 1006 description: Version defines the CNI plugin version to be used. This varies by chosen CNI plugin type. 1007 type: string 1008 required: 1009 - type 1010 - version 1011 type: object 1012 componentsOverride: 1013 description: Component specific overrides that allow customization of control plane components. 1014 properties: 1015 apiserver: 1016 description: Apiserver configures kube-apiserver settings. 1017 properties: 1018 endpointReconcilingDisabled: 1019 type: boolean 1020 nodePortRange: 1021 type: string 1022 replicas: 1023 format: int32 1024 type: integer 1025 resources: 1026 description: ResourceRequirements describes the compute resource requirements. 1027 properties: 1028 claims: 1029 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1030 items: 1031 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1032 properties: 1033 name: 1034 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1035 type: string 1036 required: 1037 - name 1038 type: object 1039 type: array 1040 x-kubernetes-list-map-keys: 1041 - name 1042 x-kubernetes-list-type: map 1043 limits: 1044 additionalProperties: 1045 anyOf: 1046 - type: integer 1047 - type: string 1048 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1049 x-kubernetes-int-or-string: true 1050 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1051 type: object 1052 requests: 1053 additionalProperties: 1054 anyOf: 1055 - type: integer 1056 - type: string 1057 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1058 x-kubernetes-int-or-string: true 1059 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1060 type: object 1061 type: object 1062 tolerations: 1063 items: 1064 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1065 properties: 1066 effect: 1067 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1068 type: string 1069 key: 1070 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1071 type: string 1072 operator: 1073 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1074 type: string 1075 tolerationSeconds: 1076 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1077 format: int64 1078 type: integer 1079 value: 1080 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1081 type: string 1082 type: object 1083 type: array 1084 type: object 1085 controllerManager: 1086 description: ControllerManager configures kube-controller-manager settings. 1087 properties: 1088 leaderElection: 1089 properties: 1090 leaseDurationSeconds: 1091 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1092 format: int32 1093 type: integer 1094 renewDeadlineSeconds: 1095 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1096 format: int32 1097 type: integer 1098 retryPeriodSeconds: 1099 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1100 format: int32 1101 type: integer 1102 type: object 1103 replicas: 1104 format: int32 1105 type: integer 1106 resources: 1107 description: ResourceRequirements describes the compute resource requirements. 1108 properties: 1109 claims: 1110 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1111 items: 1112 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1113 properties: 1114 name: 1115 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1116 type: string 1117 required: 1118 - name 1119 type: object 1120 type: array 1121 x-kubernetes-list-map-keys: 1122 - name 1123 x-kubernetes-list-type: map 1124 limits: 1125 additionalProperties: 1126 anyOf: 1127 - type: integer 1128 - type: string 1129 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1130 x-kubernetes-int-or-string: true 1131 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1132 type: object 1133 requests: 1134 additionalProperties: 1135 anyOf: 1136 - type: integer 1137 - type: string 1138 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1139 x-kubernetes-int-or-string: true 1140 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1141 type: object 1142 type: object 1143 tolerations: 1144 items: 1145 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1146 properties: 1147 effect: 1148 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1149 type: string 1150 key: 1151 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1152 type: string 1153 operator: 1154 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1155 type: string 1156 tolerationSeconds: 1157 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1158 format: int64 1159 type: integer 1160 value: 1161 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1162 type: string 1163 type: object 1164 type: array 1165 type: object 1166 etcd: 1167 description: Etcd configures the etcd ring used to store Kubernetes data. 1168 properties: 1169 clusterSize: 1170 description: ClusterSize is the number of replicas created for etcd. This should be an odd number to guarantee consensus, e.g. 3, 5 or 7. 1171 format: int32 1172 type: integer 1173 diskSize: 1174 anyOf: 1175 - type: integer 1176 - type: string 1177 description: DiskSize is the volume size used when creating persistent storage from the configured StorageClass. This is inherited from KubermaticConfiguration if not set. Defaults to 5Gi. 1178 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1179 x-kubernetes-int-or-string: true 1180 hostAntiAffinity: 1181 description: HostAntiAffinity allows to enforce a certain type of host anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1182 enum: 1183 - preferred 1184 - required 1185 type: string 1186 resources: 1187 description: Resources allows to override the resource requirements for etcd Pods. 1188 properties: 1189 claims: 1190 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1191 items: 1192 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1193 properties: 1194 name: 1195 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1196 type: string 1197 required: 1198 - name 1199 type: object 1200 type: array 1201 x-kubernetes-list-map-keys: 1202 - name 1203 x-kubernetes-list-type: map 1204 limits: 1205 additionalProperties: 1206 anyOf: 1207 - type: integer 1208 - type: string 1209 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1210 x-kubernetes-int-or-string: true 1211 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1212 type: object 1213 requests: 1214 additionalProperties: 1215 anyOf: 1216 - type: integer 1217 - type: string 1218 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1219 x-kubernetes-int-or-string: true 1220 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1221 type: object 1222 type: object 1223 storageClass: 1224 description: StorageClass is the Kubernetes StorageClass used for persistent storage which stores the etcd WAL and other data persisted across restarts. Defaults to `kubermatic-fast` (the global default). 1225 type: string 1226 tolerations: 1227 description: Tolerations allows to override the scheduling tolerations for etcd Pods. 1228 items: 1229 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1230 properties: 1231 effect: 1232 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1233 type: string 1234 key: 1235 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1236 type: string 1237 operator: 1238 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1239 type: string 1240 tolerationSeconds: 1241 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1242 format: int64 1243 type: integer 1244 value: 1245 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1246 type: string 1247 type: object 1248 type: array 1249 zoneAntiAffinity: 1250 description: ZoneAntiAffinity allows to enforce a certain type of availability zone anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1251 enum: 1252 - preferred 1253 - required 1254 type: string 1255 type: object 1256 konnectivityProxy: 1257 description: KonnectivityProxy configures konnectivity-server and konnectivity-agent components. 1258 properties: 1259 keepaliveTime: 1260 description: KeepaliveTime represents a duration of time to check if the transport is still alive. The option is propagated to agents and server. Defaults to 1m. 1261 type: string 1262 resources: 1263 description: Resources configure limits/requests for Konnectivity components. 1264 properties: 1265 claims: 1266 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1267 items: 1268 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1269 properties: 1270 name: 1271 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1272 type: string 1273 required: 1274 - name 1275 type: object 1276 type: array 1277 x-kubernetes-list-map-keys: 1278 - name 1279 x-kubernetes-list-type: map 1280 limits: 1281 additionalProperties: 1282 anyOf: 1283 - type: integer 1284 - type: string 1285 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1286 x-kubernetes-int-or-string: true 1287 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1288 type: object 1289 requests: 1290 additionalProperties: 1291 anyOf: 1292 - type: integer 1293 - type: string 1294 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1295 x-kubernetes-int-or-string: true 1296 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1297 type: object 1298 type: object 1299 type: object 1300 nodePortProxyEnvoy: 1301 description: NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if the `LoadBalancer` expose strategy is used. This is not effective if a different expose strategy is configured. 1302 properties: 1303 dockerRepository: 1304 description: DockerRepository is the repository containing the component's image. 1305 type: string 1306 resources: 1307 description: Resources describes the requested and maximum allowed CPU/memory usage. 1308 properties: 1309 claims: 1310 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1311 items: 1312 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1313 properties: 1314 name: 1315 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1316 type: string 1317 required: 1318 - name 1319 type: object 1320 type: array 1321 x-kubernetes-list-map-keys: 1322 - name 1323 x-kubernetes-list-type: map 1324 limits: 1325 additionalProperties: 1326 anyOf: 1327 - type: integer 1328 - type: string 1329 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1330 x-kubernetes-int-or-string: true 1331 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1332 type: object 1333 requests: 1334 additionalProperties: 1335 anyOf: 1336 - type: integer 1337 - type: string 1338 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1339 x-kubernetes-int-or-string: true 1340 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1341 type: object 1342 type: object 1343 type: object 1344 prometheus: 1345 description: Prometheus configures the Prometheus instance deployed into the cluster control plane. 1346 properties: 1347 resources: 1348 description: ResourceRequirements describes the compute resource requirements. 1349 properties: 1350 claims: 1351 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1352 items: 1353 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1354 properties: 1355 name: 1356 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1357 type: string 1358 required: 1359 - name 1360 type: object 1361 type: array 1362 x-kubernetes-list-map-keys: 1363 - name 1364 x-kubernetes-list-type: map 1365 limits: 1366 additionalProperties: 1367 anyOf: 1368 - type: integer 1369 - type: string 1370 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1371 x-kubernetes-int-or-string: true 1372 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1373 type: object 1374 requests: 1375 additionalProperties: 1376 anyOf: 1377 - type: integer 1378 - type: string 1379 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1380 x-kubernetes-int-or-string: true 1381 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1382 type: object 1383 type: object 1384 type: object 1385 scheduler: 1386 description: Scheduler configures kube-scheduler settings. 1387 properties: 1388 leaderElection: 1389 properties: 1390 leaseDurationSeconds: 1391 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1392 format: int32 1393 type: integer 1394 renewDeadlineSeconds: 1395 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1396 format: int32 1397 type: integer 1398 retryPeriodSeconds: 1399 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1400 format: int32 1401 type: integer 1402 type: object 1403 replicas: 1404 format: int32 1405 type: integer 1406 resources: 1407 description: ResourceRequirements describes the compute resource requirements. 1408 properties: 1409 claims: 1410 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1411 items: 1412 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1413 properties: 1414 name: 1415 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1416 type: string 1417 required: 1418 - name 1419 type: object 1420 type: array 1421 x-kubernetes-list-map-keys: 1422 - name 1423 x-kubernetes-list-type: map 1424 limits: 1425 additionalProperties: 1426 anyOf: 1427 - type: integer 1428 - type: string 1429 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1430 x-kubernetes-int-or-string: true 1431 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1432 type: object 1433 requests: 1434 additionalProperties: 1435 anyOf: 1436 - type: integer 1437 - type: string 1438 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1439 x-kubernetes-int-or-string: true 1440 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1441 type: object 1442 type: object 1443 tolerations: 1444 items: 1445 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1446 properties: 1447 effect: 1448 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1449 type: string 1450 key: 1451 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1452 type: string 1453 operator: 1454 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1455 type: string 1456 tolerationSeconds: 1457 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1458 format: int64 1459 type: integer 1460 value: 1461 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1462 type: string 1463 type: object 1464 type: array 1465 type: object 1466 userClusterController: 1467 description: UserClusterController configures the KKP usercluster-controller deployed as part of the cluster control plane. 1468 properties: 1469 leaderElection: 1470 properties: 1471 leaseDurationSeconds: 1472 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1473 format: int32 1474 type: integer 1475 renewDeadlineSeconds: 1476 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1477 format: int32 1478 type: integer 1479 retryPeriodSeconds: 1480 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1481 format: int32 1482 type: integer 1483 type: object 1484 replicas: 1485 format: int32 1486 type: integer 1487 resources: 1488 description: ResourceRequirements describes the compute resource requirements. 1489 properties: 1490 claims: 1491 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1492 items: 1493 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1494 properties: 1495 name: 1496 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1497 type: string 1498 required: 1499 - name 1500 type: object 1501 type: array 1502 x-kubernetes-list-map-keys: 1503 - name 1504 x-kubernetes-list-type: map 1505 limits: 1506 additionalProperties: 1507 anyOf: 1508 - type: integer 1509 - type: string 1510 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1511 x-kubernetes-int-or-string: true 1512 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1513 type: object 1514 requests: 1515 additionalProperties: 1516 anyOf: 1517 - type: integer 1518 - type: string 1519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1520 x-kubernetes-int-or-string: true 1521 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1522 type: object 1523 type: object 1524 tolerations: 1525 items: 1526 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1527 properties: 1528 effect: 1529 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1530 type: string 1531 key: 1532 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1533 type: string 1534 operator: 1535 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1536 type: string 1537 tolerationSeconds: 1538 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1539 format: int64 1540 type: integer 1541 value: 1542 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1543 type: string 1544 type: object 1545 type: array 1546 type: object 1547 required: 1548 - apiserver 1549 - controllerManager 1550 - etcd 1551 - scheduler 1552 type: object 1553 containerRuntime: 1554 default: containerd 1555 description: ContainerRuntime to use, i.e. `docker` or `containerd`. By default `containerd` will be used. 1556 enum: 1557 - docker 1558 - containerd 1559 type: string 1560 debugLog: 1561 description: Enables more verbose logging in KKP's user-cluster-controller-manager. 1562 type: boolean 1563 enableOperatingSystemManager: 1564 description: 'Optional: Enables operating-system-manager (OSM), which is responsible for creating and managing worker node configuration. This field is enabled(true) by default.' 1565 type: boolean 1566 eventRateLimitConfig: 1567 description: 'Optional: Configures the EventRateLimit admission plugin (if enabled via `useEventRateLimitAdmissionPlugin`) to create limits on Kubernetes event generation. The EventRateLimit plugin is capable of comparing and rate limiting incoming `Events` based on several configured buckets.' 1568 properties: 1569 namespace: 1570 properties: 1571 burst: 1572 format: int32 1573 type: integer 1574 cacheSize: 1575 format: int32 1576 type: integer 1577 qps: 1578 format: int32 1579 type: integer 1580 required: 1581 - burst 1582 - qps 1583 type: object 1584 server: 1585 properties: 1586 burst: 1587 format: int32 1588 type: integer 1589 cacheSize: 1590 format: int32 1591 type: integer 1592 qps: 1593 format: int32 1594 type: integer 1595 required: 1596 - burst 1597 - qps 1598 type: object 1599 sourceAndObject: 1600 properties: 1601 burst: 1602 format: int32 1603 type: integer 1604 cacheSize: 1605 format: int32 1606 type: integer 1607 qps: 1608 format: int32 1609 type: integer 1610 required: 1611 - burst 1612 - qps 1613 type: object 1614 user: 1615 properties: 1616 burst: 1617 format: int32 1618 type: integer 1619 cacheSize: 1620 format: int32 1621 type: integer 1622 qps: 1623 format: int32 1624 type: integer 1625 required: 1626 - burst 1627 - qps 1628 type: object 1629 type: object 1630 exposeStrategy: 1631 description: ExposeStrategy is the strategy used to expose a cluster control plane. 1632 enum: 1633 - NodePort 1634 - LoadBalancer 1635 - Tunneling 1636 type: string 1637 features: 1638 additionalProperties: 1639 type: boolean 1640 description: A map of optional or early-stage features that can be enabled for the user cluster. Some feature gates cannot be disabled after being enabled. The available feature gates vary based on KKP version, Kubernetes version and Seed configuration. Please consult the KKP documentation for specific feature gates. 1641 type: object 1642 humanReadableName: 1643 description: HumanReadableName is the cluster name provided by the user. 1644 type: string 1645 imagePullSecret: 1646 description: 'Optional: ImagePullSecret references a secret with container registry credentials. This is passed to the machine-controller which sets the registry credentials on node level.' 1647 properties: 1648 name: 1649 description: name is unique within a namespace to reference a secret resource. 1650 type: string 1651 namespace: 1652 description: namespace defines the space within which the secret name must be unique. 1653 type: string 1654 type: object 1655 x-kubernetes-map-type: atomic 1656 kubernetesDashboard: 1657 description: KubernetesDashboard holds the configuration for the kubernetes-dashboard component. 1658 properties: 1659 enabled: 1660 description: Controls whether kubernetes-dashboard is deployed to the user cluster or not. Enabled by default. 1661 type: boolean 1662 type: object 1663 machineNetworks: 1664 items: 1665 description: MachineNetworkingConfig specifies the networking parameters used for IPAM. 1666 properties: 1667 cidr: 1668 type: string 1669 dnsServers: 1670 items: 1671 type: string 1672 type: array 1673 gateway: 1674 type: string 1675 required: 1676 - cidr 1677 - dnsServers 1678 - gateway 1679 type: object 1680 type: array 1681 mla: 1682 description: 'Optional: MLA contains monitoring, logging and alerting related settings for the user cluster.' 1683 properties: 1684 loggingEnabled: 1685 description: LoggingEnabled is the flag for enabling logging in user cluster. 1686 type: boolean 1687 loggingResources: 1688 description: LoggingResources is the resource requirements for user cluster promtail. 1689 properties: 1690 claims: 1691 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1692 items: 1693 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1694 properties: 1695 name: 1696 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1697 type: string 1698 required: 1699 - name 1700 type: object 1701 type: array 1702 x-kubernetes-list-map-keys: 1703 - name 1704 x-kubernetes-list-type: map 1705 limits: 1706 additionalProperties: 1707 anyOf: 1708 - type: integer 1709 - type: string 1710 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1711 x-kubernetes-int-or-string: true 1712 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1713 type: object 1714 requests: 1715 additionalProperties: 1716 anyOf: 1717 - type: integer 1718 - type: string 1719 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1720 x-kubernetes-int-or-string: true 1721 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1722 type: object 1723 type: object 1724 monitoringEnabled: 1725 description: MonitoringEnabled is the flag for enabling monitoring in user cluster. 1726 type: boolean 1727 monitoringReplicas: 1728 description: MonitoringReplicas is the number of desired pods of user cluster prometheus deployment. 1729 format: int32 1730 type: integer 1731 monitoringResources: 1732 description: MonitoringResources is the resource requirements for user cluster prometheus. 1733 properties: 1734 claims: 1735 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1736 items: 1737 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1738 properties: 1739 name: 1740 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1741 type: string 1742 required: 1743 - name 1744 type: object 1745 type: array 1746 x-kubernetes-list-map-keys: 1747 - name 1748 x-kubernetes-list-type: map 1749 limits: 1750 additionalProperties: 1751 anyOf: 1752 - type: integer 1753 - type: string 1754 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1755 x-kubernetes-int-or-string: true 1756 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1757 type: object 1758 requests: 1759 additionalProperties: 1760 anyOf: 1761 - type: integer 1762 - type: string 1763 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1764 x-kubernetes-int-or-string: true 1765 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1766 type: object 1767 type: object 1768 type: object 1769 oidc: 1770 properties: 1771 clientID: 1772 type: string 1773 clientSecret: 1774 type: string 1775 extraScopes: 1776 type: string 1777 groupsClaim: 1778 type: string 1779 issuerURL: 1780 type: string 1781 requiredClaim: 1782 type: string 1783 usernameClaim: 1784 type: string 1785 type: object 1786 opaIntegration: 1787 description: 'Optional: OPAIntegration is a preview feature that enables OPA integration for the cluster. Enabling it causes OPA Gatekeeper and its resources to be deployed on the user cluster. By default it is disabled.' 1788 properties: 1789 auditResources: 1790 description: 'Optional: AuditResources is the resource requirements for user cluster gatekeeper audit.' 1791 properties: 1792 claims: 1793 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1794 items: 1795 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1796 properties: 1797 name: 1798 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1799 type: string 1800 required: 1801 - name 1802 type: object 1803 type: array 1804 x-kubernetes-list-map-keys: 1805 - name 1806 x-kubernetes-list-type: map 1807 limits: 1808 additionalProperties: 1809 anyOf: 1810 - type: integer 1811 - type: string 1812 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1813 x-kubernetes-int-or-string: true 1814 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1815 type: object 1816 requests: 1817 additionalProperties: 1818 anyOf: 1819 - type: integer 1820 - type: string 1821 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1822 x-kubernetes-int-or-string: true 1823 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1824 type: object 1825 type: object 1826 controllerResources: 1827 description: 'Optional: ControllerResources is the resource requirements for user cluster gatekeeper controller.' 1828 properties: 1829 claims: 1830 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1831 items: 1832 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1833 properties: 1834 name: 1835 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1836 type: string 1837 required: 1838 - name 1839 type: object 1840 type: array 1841 x-kubernetes-list-map-keys: 1842 - name 1843 x-kubernetes-list-type: map 1844 limits: 1845 additionalProperties: 1846 anyOf: 1847 - type: integer 1848 - type: string 1849 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1850 x-kubernetes-int-or-string: true 1851 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1852 type: object 1853 requests: 1854 additionalProperties: 1855 anyOf: 1856 - type: integer 1857 - type: string 1858 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1859 x-kubernetes-int-or-string: true 1860 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1861 type: object 1862 type: object 1863 enabled: 1864 description: Enables OPA Gatekeeper integration. 1865 type: boolean 1866 experimentalEnableMutation: 1867 description: 'Optional: Enables experimental mutation in Gatekeeper.' 1868 type: boolean 1869 webhookTimeoutSeconds: 1870 default: 10 1871 description: The timeout in seconds that is set for the Gatekeeper validating webhook admission review calls. Defaults to `10` (seconds). 1872 format: int32 1873 type: integer 1874 type: object 1875 pause: 1876 default: false 1877 description: If this is set to true, the cluster will not be reconciled by KKP. This indicates that the user needs to do some action to resolve the pause. 1878 type: boolean 1879 pauseReason: 1880 description: PauseReason is the reason why the cluster is not being managed. This field is for informational purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster. 1881 type: string 1882 podNodeSelectorAdmissionPluginConfig: 1883 additionalProperties: 1884 type: string 1885 description: 'Optional: Provides configuration for the PodNodeSelector admission plugin (needs plugin enabled via `usePodNodeSelectorAdmissionPlugin`). It''s used by the backend to create a configuration file for this plugin. The key:value from this map is converted to <namespace>:<node-selectors-labels> in the file. Use `clusterDefaultNodeSelector` as key to configure a default node selector.' 1886 type: object 1887 serviceAccount: 1888 description: 'Optional: ServiceAccount contains service account related settings for the user cluster''s kube-apiserver.' 1889 properties: 1890 apiAudiences: 1891 description: APIAudiences are the Identifiers of the API If this is not specified, it will be set to a single element list containing the issuer URL 1892 items: 1893 type: string 1894 type: array 1895 issuer: 1896 description: Issuer is the identifier of the service account token issuer If this is not specified, it will be set to the URL of apiserver by default 1897 type: string 1898 tokenVolumeProjectionEnabled: 1899 type: boolean 1900 type: object 1901 updateWindow: 1902 description: 'Optional: UpdateWindow configures automatic update systems to respect a maintenance window for applying OS updates to nodes. This is only respected on Flatcar nodes currently.' 1903 properties: 1904 length: 1905 description: Sets the length of the update window beginning with the start time. This needs to be a valid duration as parsed by Go's time.ParseDuration (https://pkg.go.dev/time#ParseDuration), e.g. `2h`. 1906 type: string 1907 start: 1908 description: Sets the start time of the update window. This can be a time of day in 24h format, e.g. `22:30`, or a day of week plus a time of day, for example `Mon 21:00`. Only short names for week days are supported, i.e. `Mon`, `Tue`, `Wed`, `Thu`, `Fri`, `Sat` and `Sun`. 1909 type: string 1910 type: object 1911 useEventRateLimitAdmissionPlugin: 1912 description: Enables the admission plugin `EventRateLimit`. Needs additional configuration via the `eventRateLimitConfig` field. This plugin is considered "alpha" by Kubernetes. 1913 type: boolean 1914 usePodNodeSelectorAdmissionPlugin: 1915 description: Enables the admission plugin `PodNodeSelector`. Needs additional configuration via the `podNodeSelectorAdmissionPluginConfig` field. 1916 type: boolean 1917 usePodSecurityPolicyAdmissionPlugin: 1918 description: Enables the admission plugin `PodSecurityPolicy`. This plugin is deprecated by Kubernetes. 1919 type: boolean 1920 version: 1921 description: Version defines the wanted version of the control plane. 1922 type: string 1923 required: 1924 - cloud 1925 - clusterNetwork 1926 - exposeStrategy 1927 - humanReadableName 1928 - version 1929 type: object 1930 status: 1931 description: Status contains reconciliation information for the cluster. 1932 properties: 1933 address: 1934 description: Address contains the IPs/URLs to access the cluster control plane. 1935 properties: 1936 adminToken: 1937 description: AdminToken is the token for the kubeconfig, the user can download 1938 type: string 1939 externalName: 1940 description: ExternalName is the DNS name for this cluster 1941 type: string 1942 internalURL: 1943 description: InternalName is the seed cluster internal absolute DNS name to the API server 1944 type: string 1945 ip: 1946 description: IP is the external IP under which the apiserver is available 1947 type: string 1948 port: 1949 description: Port is the port the API server listens on 1950 format: int32 1951 type: integer 1952 url: 1953 description: URL under which the Apiserver is available 1954 type: string 1955 type: object 1956 conditions: 1957 additionalProperties: 1958 properties: 1959 kubermaticVersion: 1960 description: KubermaticVersion current kubermatic version. 1961 type: string 1962 lastHeartbeatTime: 1963 description: Last time we got an update on a given condition. 1964 format: date-time 1965 type: string 1966 lastTransitionTime: 1967 description: Last time the condition transit from one status to another. 1968 format: date-time 1969 type: string 1970 message: 1971 description: Human readable message indicating details about last transition. 1972 type: string 1973 reason: 1974 description: (brief) reason for the condition's last transition. 1975 type: string 1976 status: 1977 description: Status of the condition, one of True, False, Unknown. 1978 type: string 1979 required: 1980 - kubermaticVersion 1981 - lastHeartbeatTime 1982 - status 1983 type: object 1984 description: Conditions contains conditions the cluster is in, its primary use case is status signaling between controllers or between controllers and the API. 1985 type: object 1986 errorMessage: 1987 description: ErrorMessage contains a default error message in case the controller encountered an error. Will be reset if the error was resolved. 1988 type: string 1989 errorReason: 1990 description: ErrorReason contains a error reason in case the controller encountered an error. Will be reset if the error was resolved. 1991 enum: 1992 - InvalidConfiguration 1993 - UnsupportedChange 1994 - ReconcileError 1995 type: string 1996 extendedHealth: 1997 description: ExtendedHealth exposes information about the current health state. Extends standard health status for new states. 1998 properties: 1999 alertmanagerConfig: 2000 enum: 2001 - HealthStatusDown 2002 - HealthStatusUp 2003 - HealthStatusProvisioning 2004 type: string 2005 applicationController: 2006 enum: 2007 - HealthStatusDown 2008 - HealthStatusUp 2009 - HealthStatusProvisioning 2010 type: string 2011 cloudProviderInfrastructure: 2012 enum: 2013 - HealthStatusDown 2014 - HealthStatusUp 2015 - HealthStatusProvisioning 2016 type: string 2017 etcd: 2018 enum: 2019 - HealthStatusDown 2020 - HealthStatusUp 2021 - HealthStatusProvisioning 2022 type: string 2023 gatekeeperAudit: 2024 enum: 2025 - HealthStatusDown 2026 - HealthStatusUp 2027 - HealthStatusProvisioning 2028 type: string 2029 gatekeeperController: 2030 enum: 2031 - HealthStatusDown 2032 - HealthStatusUp 2033 - HealthStatusProvisioning 2034 type: string 2035 konnectivity: 2036 enum: 2037 - HealthStatusDown 2038 - HealthStatusUp 2039 - HealthStatusProvisioning 2040 type: string 2041 kubernetesApiserver: 2042 enum: 2043 - HealthStatusDown 2044 - HealthStatusUp 2045 - HealthStatusProvisioning 2046 type: string 2047 kubernetesControllerManager: 2048 enum: 2049 - HealthStatusDown 2050 - HealthStatusUp 2051 - HealthStatusProvisioning 2052 type: string 2053 kubernetesDashboard: 2054 enum: 2055 - HealthStatusDown 2056 - HealthStatusUp 2057 - HealthStatusProvisioning 2058 type: string 2059 kubernetesScheduler: 2060 enum: 2061 - HealthStatusDown 2062 - HealthStatusUp 2063 - HealthStatusProvisioning 2064 type: string 2065 logging: 2066 enum: 2067 - HealthStatusDown 2068 - HealthStatusUp 2069 - HealthStatusProvisioning 2070 type: string 2071 machineController: 2072 enum: 2073 - HealthStatusDown 2074 - HealthStatusUp 2075 - HealthStatusProvisioning 2076 type: string 2077 mlaGateway: 2078 enum: 2079 - HealthStatusDown 2080 - HealthStatusUp 2081 - HealthStatusProvisioning 2082 type: string 2083 monitoring: 2084 enum: 2085 - HealthStatusDown 2086 - HealthStatusUp 2087 - HealthStatusProvisioning 2088 type: string 2089 openvpn: 2090 enum: 2091 - HealthStatusDown 2092 - HealthStatusUp 2093 - HealthStatusProvisioning 2094 type: string 2095 operatingSystemManager: 2096 enum: 2097 - HealthStatusDown 2098 - HealthStatusUp 2099 - HealthStatusProvisioning 2100 type: string 2101 userClusterControllerManager: 2102 enum: 2103 - HealthStatusDown 2104 - HealthStatusUp 2105 - HealthStatusProvisioning 2106 type: string 2107 type: object 2108 inheritedLabels: 2109 additionalProperties: 2110 type: string 2111 description: InheritedLabels are labels the cluster inherited from the project. They are read-only for users. 2112 type: object 2113 lastProviderReconciliation: 2114 description: LastProviderReconciliation is the time when the cloud provider resources were last fully reconciled (during normal cluster reconciliation, KKP does not re-check things like security groups, networks etc.). 2115 format: date-time 2116 type: string 2117 lastUpdated: 2118 format: date-time 2119 type: string 2120 namespaceName: 2121 description: NamespaceName defines the namespace the control plane of this cluster is deployed in. 2122 type: string 2123 phase: 2124 description: Phase is a description of the current cluster status, summarizing the various conditions, possible active updates etc. This field is for informational purpose only and no logic should be tied to the phase. 2125 enum: 2126 - Creating 2127 - Updating 2128 - Running 2129 - Terminating 2130 type: string 2131 userEmail: 2132 description: UserEmail contains the email of the owner of this cluster. During cluster creation only, this field will be used to bind the `cluster-admin` `ClusterRole` to a cluster owner. 2133 type: string 2134 userName: 2135 description: 'Deprecated: UserName contains the name of the owner of this cluster. This field is not actively used and will be removed in the future.' 2136 type: string 2137 versions: 2138 description: Versions contains information regarding the current and desired versions of the cluster control plane and worker nodes. 2139 properties: 2140 apiserver: 2141 description: Apiserver is the currently desired version of the kube-apiserver. During upgrades across multiple minor versions (e.g. from 1.20 to 1.23), this will gradually be increased by the update-controller until the desired cluster version (spec.version) is reached. 2142 type: string 2143 controlPlane: 2144 description: ControlPlane is the currently active cluster version. This can lag behind the apiserver version if an update is currently rolling out. 2145 type: string 2146 controllerManager: 2147 description: ControllerManager is the currently desired version of the kube-controller-manager. This field behaves the same as the apiserver field. 2148 type: string 2149 oldestNodeVersion: 2150 description: OldestNodeVersion is the oldest node version currently in use inside the cluster. This can be nil if there are no nodes. This field is primarily for speeding up reconciling, so that the controller doesn't have to re-fetch to the usercluster and query its node on every reconciliation. 2151 type: string 2152 scheduler: 2153 description: Scheduler is the currently desired version of the kube-scheduler. This field behaves the same as the apiserver field. 2154 type: string 2155 required: 2156 - apiserver 2157 - controlPlane 2158 - controllerManager 2159 - scheduler 2160 type: object 2161 type: object 2162 type: object 2163 served: true 2164 storage: true 2165 subresources: 2166 status: {}