k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/crd/community/kubermatic.k8c.io_clustertemplates.yaml (about) 1 # This file has been generated by hack/update-codegen.sh, DO NOT EDIT. 2 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.12.0 8 name: clustertemplates.kubermatic.k8c.io 9 spec: 10 group: kubermatic.k8c.io 11 names: 12 kind: ClusterTemplate 13 listKind: ClusterTemplateList 14 plural: clustertemplates 15 singular: clustertemplate 16 scope: Cluster 17 versions: 18 - additionalPrinterColumns: 19 - jsonPath: .spec.humanReadableName 20 name: HumanReadableName 21 type: string 22 - jsonPath: .spec.version 23 name: Version 24 type: string 25 - jsonPath: .metadata.creationTimestamp 26 name: Age 27 type: date 28 name: v1 29 schema: 30 openAPIV3Schema: 31 description: ClusterTemplate is the object representing a cluster template. 32 properties: 33 apiVersion: 34 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 35 type: string 36 clusterLabels: 37 additionalProperties: 38 type: string 39 type: object 40 credential: 41 type: string 42 inheritedClusterLabels: 43 additionalProperties: 44 type: string 45 type: object 46 kind: 47 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: ClusterSpec describes the desired state of a user cluster. 53 properties: 54 admissionPlugins: 55 description: A list of arbitrary admission plugin names that are passed to kube-apiserver. Must not include admission plugins that can be enabled via a separate setting. 56 items: 57 type: string 58 type: array 59 apiServerAllowedIPRanges: 60 description: 'Optional: APIServerAllowedIPRanges is a list of IP ranges allowed to access the API server. Applicable only if the expose strategy of the cluster is LoadBalancer. If not configured, access to the API server is unrestricted.' 61 properties: 62 cidrBlocks: 63 items: 64 type: string 65 type: array 66 type: object 67 applicationSettings: 68 description: 'Optional: ApplicationSettings contains the settings relative to the application feature.' 69 properties: 70 cacheSize: 71 anyOf: 72 - type: integer 73 - type: string 74 description: CacheSize is the size of the cache used to download application's sources. 75 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 76 x-kubernetes-int-or-string: true 77 type: object 78 cloud: 79 description: Cloud contains information regarding the cloud provider that is responsible for hosting the cluster's workload. 80 properties: 81 alibaba: 82 description: AlibabaCloudSpec specifies the access data to Alibaba. 83 properties: 84 accessKeyID: 85 type: string 86 accessKeySecret: 87 type: string 88 credentialsReference: 89 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 90 properties: 91 apiVersion: 92 description: API version of the referent. 93 type: string 94 fieldPath: 95 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 96 type: string 97 key: 98 type: string 99 kind: 100 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 101 type: string 102 name: 103 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 104 type: string 105 namespace: 106 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 107 type: string 108 resourceVersion: 109 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 110 type: string 111 uid: 112 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 113 type: string 114 type: object 115 x-kubernetes-map-type: atomic 116 type: object 117 anexia: 118 description: AnexiaCloudSpec specifies the access data to Anexia. 119 properties: 120 credentialsReference: 121 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 122 properties: 123 apiVersion: 124 description: API version of the referent. 125 type: string 126 fieldPath: 127 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 128 type: string 129 key: 130 type: string 131 kind: 132 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 133 type: string 134 name: 135 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 136 type: string 137 namespace: 138 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 139 type: string 140 resourceVersion: 141 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 142 type: string 143 uid: 144 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 145 type: string 146 type: object 147 x-kubernetes-map-type: atomic 148 token: 149 type: string 150 type: object 151 aws: 152 description: AWSCloudSpec specifies access data to Amazon Web Services. 153 properties: 154 accessKeyID: 155 type: string 156 assumeRoleARN: 157 type: string 158 assumeRoleExternalID: 159 type: string 160 credentialsReference: 161 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 162 properties: 163 apiVersion: 164 description: API version of the referent. 165 type: string 166 fieldPath: 167 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 168 type: string 169 key: 170 type: string 171 kind: 172 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 173 type: string 174 name: 175 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 176 type: string 177 namespace: 178 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 179 type: string 180 resourceVersion: 181 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 182 type: string 183 uid: 184 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 185 type: string 186 type: object 187 x-kubernetes-map-type: atomic 188 disableIAMReconciling: 189 description: DisableIAMReconciling is used to disable reconciliation for IAM related configuration. This is useful in air-gapped setups where access to IAM service is not possible. 190 type: boolean 191 instanceProfileName: 192 type: string 193 nodePortsAllowedIPRange: 194 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 195 type: string 196 nodePortsAllowedIPRanges: 197 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 198 properties: 199 cidrBlocks: 200 items: 201 type: string 202 type: array 203 type: object 204 roleARN: 205 description: The IAM role, the control plane will use. The control plane will perform an assume-role 206 type: string 207 routeTableID: 208 type: string 209 secretAccessKey: 210 type: string 211 securityGroupID: 212 type: string 213 vpcID: 214 type: string 215 required: 216 - instanceProfileName 217 - roleARN 218 - routeTableID 219 - securityGroupID 220 - vpcID 221 type: object 222 azure: 223 description: AzureCloudSpec defines cloud resource references for Microsoft Azure. 224 properties: 225 assignAvailabilitySet: 226 description: 'Optional: AssignAvailabilitySet determines whether KKP creates and assigns an AvailabilitySet to machines. Defaults to `true` internally if not set.' 227 type: boolean 228 availabilitySet: 229 description: An availability set that will be associated with nodes created for this cluster. If this field is set to empty string at cluster creation and `AssignAvailabilitySet` is set to `true`, a new availability set will be created and this field will be updated to the generated availability set's name. 230 type: string 231 clientID: 232 description: ClientID is the service principal used to access Azure. Can be read from `credentialsReference` instead. 233 type: string 234 clientSecret: 235 description: ClientSecret is the client secret corresponding to the given service principal. Can be read from `credentialsReference` instead. 236 type: string 237 credentialsReference: 238 description: CredentialsReference allows referencing a `Secret` resource instead of passing secret data in this spec. 239 properties: 240 apiVersion: 241 description: API version of the referent. 242 type: string 243 fieldPath: 244 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 245 type: string 246 key: 247 type: string 248 kind: 249 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 250 type: string 251 name: 252 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 253 type: string 254 namespace: 255 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 256 type: string 257 resourceVersion: 258 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 259 type: string 260 uid: 261 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 262 type: string 263 type: object 264 x-kubernetes-map-type: atomic 265 loadBalancerSKU: 266 description: Azure SKU for Load Balancers. Possible values are `basic` and `standard`. 267 enum: 268 - standard 269 - basic 270 type: string 271 nodePortsAllowedIPRange: 272 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 273 type: string 274 nodePortsAllowedIPRanges: 275 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 276 properties: 277 cidrBlocks: 278 items: 279 type: string 280 type: array 281 type: object 282 resourceGroup: 283 description: The resource group that will be used to look up and create resources for the cluster in. If set to empty string at cluster creation, a new resource group will be created and this field will be updated to the generated resource group's name. 284 type: string 285 routeTable: 286 description: The name of a route table associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new route table will be created and this field will be updated to the generated route table's name. If no subnet is defined at cluster creation, this field should be empty as well. 287 type: string 288 securityGroup: 289 description: The name of a security group associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new security group will be created and this field will be updated to the generated security group's name. If no subnet is defined at cluster creation, this field should be empty as well. 290 type: string 291 subnet: 292 description: The name of a subnet in the VNet referenced by `vnet`. If set to empty string at cluster creation, a new subnet will be created and this field will be updated to the generated subnet's name. If no VNet is defined at cluster creation, this field should be empty as well. 293 type: string 294 subscriptionID: 295 description: SubscriptionID is the Azure Subscription used for this cluster. Can be read from `credentialsReference` instead. 296 type: string 297 tenantID: 298 description: TenantID is the Azure Active Directory Tenant used for this cluster. Can be read from `credentialsReference` instead. 299 type: string 300 vnet: 301 description: The name of the VNet resource used for setting up networking in. If set to empty string at cluster creation, a new VNet will be created and this field will be updated to the generated VNet's name. 302 type: string 303 vnetResourceGroup: 304 description: 'Optional: VNetResourceGroup optionally defines a second resource group that will be used for VNet related resources instead. If left empty, NO additional resource group will be created and all VNet related resources use the resource group defined by `resourceGroup`.' 305 type: string 306 required: 307 - availabilitySet 308 - loadBalancerSKU 309 - resourceGroup 310 - routeTable 311 - securityGroup 312 - subnet 313 - vnet 314 - vnetResourceGroup 315 type: object 316 bringyourown: 317 description: BringYourOwnCloudSpec specifies access data for a bring your own cluster. 318 type: object 319 datacenter: 320 description: DatacenterName states the name of a cloud provider "datacenter" (defined in `Seed` resources) this cluster should be deployed into. 321 type: string 322 digitalocean: 323 description: DigitaloceanCloudSpec specifies access data to DigitalOcean. 324 properties: 325 credentialsReference: 326 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 327 properties: 328 apiVersion: 329 description: API version of the referent. 330 type: string 331 fieldPath: 332 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 333 type: string 334 key: 335 type: string 336 kind: 337 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 338 type: string 339 name: 340 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 341 type: string 342 namespace: 343 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 344 type: string 345 resourceVersion: 346 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 347 type: string 348 uid: 349 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 350 type: string 351 type: object 352 x-kubernetes-map-type: atomic 353 token: 354 type: string 355 type: object 356 fake: 357 description: FakeCloudSpec specifies access data for a fake cloud. 358 properties: 359 token: 360 type: string 361 type: object 362 gcp: 363 description: GCPCloudSpec specifies access data to GCP. 364 properties: 365 credentialsReference: 366 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 367 properties: 368 apiVersion: 369 description: API version of the referent. 370 type: string 371 fieldPath: 372 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 373 type: string 374 key: 375 type: string 376 kind: 377 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 378 type: string 379 name: 380 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 381 type: string 382 namespace: 383 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 384 type: string 385 resourceVersion: 386 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 387 type: string 388 uid: 389 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 390 type: string 391 type: object 392 x-kubernetes-map-type: atomic 393 network: 394 type: string 395 nodePortsAllowedIPRange: 396 description: A CIDR range that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 397 type: string 398 nodePortsAllowedIPRanges: 399 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 400 properties: 401 cidrBlocks: 402 items: 403 type: string 404 type: array 405 type: object 406 serviceAccount: 407 description: The Google Service Account (JSON format), encoded with base64. 408 type: string 409 subnetwork: 410 type: string 411 required: 412 - network 413 - subnetwork 414 type: object 415 hetzner: 416 description: HetznerCloudSpec specifies access data to hetzner cloud. 417 properties: 418 credentialsReference: 419 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 420 properties: 421 apiVersion: 422 description: API version of the referent. 423 type: string 424 fieldPath: 425 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 426 type: string 427 key: 428 type: string 429 kind: 430 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 431 type: string 432 name: 433 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 434 type: string 435 namespace: 436 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 437 type: string 438 resourceVersion: 439 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 440 type: string 441 uid: 442 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 443 type: string 444 type: object 445 x-kubernetes-map-type: atomic 446 network: 447 description: Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work. If this is empty, the network configured on the datacenter will be used. 448 type: string 449 token: 450 description: Token is used to authenticate with the Hetzner cloud API. 451 type: string 452 type: object 453 kubevirt: 454 description: KubeVirtCloudSpec specifies the access data to KubeVirt. 455 properties: 456 credentialsReference: 457 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 458 properties: 459 apiVersion: 460 description: API version of the referent. 461 type: string 462 fieldPath: 463 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 464 type: string 465 key: 466 type: string 467 kind: 468 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 469 type: string 470 name: 471 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 472 type: string 473 namespace: 474 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 475 type: string 476 resourceVersion: 477 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 478 type: string 479 uid: 480 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 481 type: string 482 type: object 483 x-kubernetes-map-type: atomic 484 csiKubeconfig: 485 type: string 486 imageCloningEnabled: 487 description: ImageCloningEnabled flag enable/disable cloning for a cluster. 488 type: boolean 489 infraStorageClasses: 490 description: 'Deprecated: in favor of StorageClasses. InfraStorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks)' 491 items: 492 type: string 493 type: array 494 kubeconfig: 495 description: The cluster's kubeconfig file, encoded with base64. 496 type: string 497 preAllocatedDataVolumes: 498 description: Custom Images are a good example of this use case. 499 items: 500 properties: 501 annotations: 502 additionalProperties: 503 type: string 504 type: object 505 name: 506 type: string 507 size: 508 type: string 509 storageClass: 510 type: string 511 url: 512 type: string 513 required: 514 - name 515 - size 516 - storageClass 517 - url 518 type: object 519 type: array 520 storageClasses: 521 description: StorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks. It contains also some flag specifying which one is the default one. 522 items: 523 properties: 524 isDefaultClass: 525 description: 'Optional: IsDefaultClass. If true, the created StorageClass in the tenant cluster will be annotated with: storageclass.kubernetes.io/is-default-class : true If missing or false, annotation will be: storageclass.kubernetes.io/is-default-class : false' 526 type: boolean 527 name: 528 type: string 529 required: 530 - name 531 type: object 532 type: array 533 type: object 534 nutanix: 535 description: NutanixCloudSpec specifies the access data to Nutanix. 536 properties: 537 clusterName: 538 description: ClusterName is the Nutanix cluster that this user cluster will be deployed to. 539 type: string 540 credentialsReference: 541 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 542 properties: 543 apiVersion: 544 description: API version of the referent. 545 type: string 546 fieldPath: 547 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 548 type: string 549 key: 550 type: string 551 kind: 552 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 553 type: string 554 name: 555 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 556 type: string 557 namespace: 558 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 559 type: string 560 resourceVersion: 561 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 562 type: string 563 uid: 564 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 565 type: string 566 type: object 567 x-kubernetes-map-type: atomic 568 csi: 569 description: NutanixCSIConfig for csi driver that connects to a prism element 570 properties: 571 endpoint: 572 description: Prism Element Endpoint to access Nutanix Prism Element for csi driver 573 type: string 574 fstype: 575 description: 'Optional: defaults to "xfs"' 576 type: string 577 password: 578 description: Prism Element Password for csi driver 579 type: string 580 port: 581 description: 'Optional: Port to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440)' 582 format: int32 583 type: integer 584 ssSegmentedIscsiNetwork: 585 description: 'Optional: defaults to "false"' 586 type: boolean 587 storageContainer: 588 description: 'Optional: defaults to "SelfServiceContainer"' 589 type: string 590 username: 591 description: Prism Element Username for csi driver 592 type: string 593 required: 594 - endpoint 595 type: object 596 password: 597 type: string 598 projectName: 599 description: ProjectName is the project that this cluster is deployed into. If none is given, no project will be used. 600 type: string 601 proxyURL: 602 type: string 603 username: 604 type: string 605 required: 606 - clusterName 607 type: object 608 openstack: 609 description: OpenStackCloudSpec specifies access data to an OpenStack cloud. 610 properties: 611 applicationCredentialID: 612 type: string 613 applicationCredentialSecret: 614 type: string 615 credentialsReference: 616 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 617 properties: 618 apiVersion: 619 description: API version of the referent. 620 type: string 621 fieldPath: 622 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 623 type: string 624 key: 625 type: string 626 kind: 627 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 628 type: string 629 name: 630 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 631 type: string 632 namespace: 633 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 634 type: string 635 resourceVersion: 636 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 637 type: string 638 uid: 639 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 640 type: string 641 type: object 642 x-kubernetes-map-type: atomic 643 domain: 644 type: string 645 enableIngressHostname: 646 description: Enable the `enable-ingress-hostname` cloud provider option on the OpenStack CCM. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround for the PROXY protocol to preserve client IPs. 647 type: boolean 648 floatingIPPool: 649 description: "FloatingIPPool holds the name of the public network The public network is reachable from the outside world and should provide the pool of IP addresses to choose from. \n When specified, all worker nodes will receive a public ip from this floating ip pool \n Note that the network is external if the \"External\" field is set to true" 650 type: string 651 ingressHostnameSuffix: 652 description: Set a specific suffix for the hostnames used for the PROXY protocol workaround that is enabled by EnableIngressHostname. The suffix is set to `nip.io` by default. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround only. 653 type: string 654 ipv6SubnetID: 655 description: IPv6SubnetID holds the ID of the subnet used for IPv6 networking. If not provided, a new subnet will be created if IPv6 is enabled. 656 type: string 657 ipv6SubnetPool: 658 description: IPv6SubnetPool holds the name of the subnet pool used for creating new IPv6 subnets. If not provided, the default IPv6 subnet pool will be used. 659 type: string 660 network: 661 description: "Network holds the name of the internal network When specified, all worker nodes will be attached to this network. If not specified, a network, subnet & router will be created \n Note that the network is internal if the \"External\" field is set to false" 662 type: string 663 nodePortsAllowedIPRange: 664 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 665 type: string 666 nodePortsAllowedIPRanges: 667 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 668 properties: 669 cidrBlocks: 670 items: 671 type: string 672 type: array 673 type: object 674 password: 675 type: string 676 project: 677 description: project, formally known as tenant. 678 type: string 679 projectID: 680 description: project id, formally known as tenantID. 681 type: string 682 routerID: 683 type: string 684 securityGroups: 685 type: string 686 subnetID: 687 type: string 688 token: 689 description: Used internally during cluster creation 690 type: string 691 useOctavia: 692 description: "Whether or not to use Octavia for LoadBalancer type of Service implementation instead of using Neutron-LBaaS. Attention:OpenStack CCM use Octavia as default load balancer implementation since v1.17.0 \n Takes precedence over the 'use_octavia' flag provided at datacenter level if both are specified." 693 type: boolean 694 useToken: 695 type: boolean 696 username: 697 type: string 698 required: 699 - floatingIPPool 700 - network 701 - routerID 702 - securityGroups 703 - subnetID 704 type: object 705 packet: 706 description: PacketCloudSpec specifies access data to a Packet cloud. 707 properties: 708 apiKey: 709 type: string 710 billingCycle: 711 type: string 712 credentialsReference: 713 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 714 properties: 715 apiVersion: 716 description: API version of the referent. 717 type: string 718 fieldPath: 719 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 720 type: string 721 key: 722 type: string 723 kind: 724 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 725 type: string 726 name: 727 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 728 type: string 729 namespace: 730 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 731 type: string 732 resourceVersion: 733 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 734 type: string 735 uid: 736 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 737 type: string 738 type: object 739 x-kubernetes-map-type: atomic 740 projectID: 741 type: string 742 required: 743 - billingCycle 744 type: object 745 providerName: 746 description: ProviderName is the name of the cloud provider used for this cluster. This must match the given provider spec (e.g. if the providerName is "aws", then the `aws` field must be set). 747 enum: 748 - alibaba 749 - anexia 750 - aws 751 - azure 752 - bringyourown 753 - digitalocean 754 - gcp 755 - hetzner 756 - kubevirt 757 - nutanix 758 - openstack 759 - packet 760 - vmwareclouddirector 761 - vsphere 762 type: string 763 vmwareclouddirector: 764 description: VMwareCloudDirectorCloudSpec specifies access data to VMware Cloud Director cloud. 765 properties: 766 apiToken: 767 description: APIToken is the VMware Cloud Director API token. 768 type: string 769 credentialsReference: 770 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 771 properties: 772 apiVersion: 773 description: API version of the referent. 774 type: string 775 fieldPath: 776 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 777 type: string 778 key: 779 type: string 780 kind: 781 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 782 type: string 783 name: 784 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 785 type: string 786 namespace: 787 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 788 type: string 789 resourceVersion: 790 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 791 type: string 792 uid: 793 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 794 type: string 795 type: object 796 x-kubernetes-map-type: atomic 797 csi: 798 description: Config for CSI driver 799 properties: 800 filesystem: 801 description: Filesystem to use for named disks, defaults to "ext4" 802 type: string 803 storageProfile: 804 description: The name of the storage profile to use for disks created by CSI driver 805 type: string 806 required: 807 - storageProfile 808 type: object 809 organization: 810 description: Organization is the name of organization to use. 811 type: string 812 ovdcNetwork: 813 description: Network is the name of organizational virtual data center network that will be associated with the VMs and vApp. 814 type: string 815 password: 816 description: Password is the VMware Cloud Director user password. 817 type: string 818 username: 819 description: Username is the VMware Cloud Director user name. 820 type: string 821 vapp: 822 description: VApp used for isolation of VMs and their associated network 823 type: string 824 vdc: 825 description: VDC is the organizational virtual data center. 826 type: string 827 required: 828 - csi 829 - ovdcNetwork 830 type: object 831 vsphere: 832 description: VSphereCloudSpec specifies access data to VSphere cloud. 833 properties: 834 credentialsReference: 835 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 836 properties: 837 apiVersion: 838 description: API version of the referent. 839 type: string 840 fieldPath: 841 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 842 type: string 843 key: 844 type: string 845 kind: 846 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 847 type: string 848 name: 849 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 850 type: string 851 namespace: 852 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 853 type: string 854 resourceVersion: 855 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 856 type: string 857 uid: 858 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 859 type: string 860 type: object 861 x-kubernetes-map-type: atomic 862 datastore: 863 description: Datastore to be used for storing virtual machines and as a default for dynamic volume provisioning, it is mutually exclusive with DatastoreCluster. 864 type: string 865 datastoreCluster: 866 description: DatastoreCluster to be used for storing virtual machines, it is mutually exclusive with Datastore. 867 type: string 868 folder: 869 description: Folder is the folder to be used to group the provisioned virtual machines. 870 type: string 871 infraManagementUser: 872 description: This user will be used for everything except cloud provider functionality 873 properties: 874 password: 875 type: string 876 username: 877 type: string 878 type: object 879 password: 880 description: Password is the vSphere user password. 881 type: string 882 resourcePool: 883 description: ResourcePool is used to manage resources such as cpu and memory for vSphere virtual machines. The resource pool should be defined on vSphere cluster level. 884 type: string 885 storagePolicy: 886 description: StoragePolicy to be used for storage provisioning 887 type: string 888 tags: 889 description: Tags represents the tags that are attached or created on the cluster level, that are then propagated down to the MachineDeployments. In order to attach tags on MachineDeployment, users must create the tag on a cluster level first then attach that tag on the MachineDeployment. 890 properties: 891 categoryID: 892 description: CategoryID is the id of the vsphere category that the tag belongs to. If the category id is left empty, the default category id for the cluster will be used. 893 type: string 894 tags: 895 description: Tags represents the name of the created tags. 896 items: 897 type: string 898 type: array 899 required: 900 - tags 901 type: object 902 username: 903 description: Username is the vSphere user name. 904 type: string 905 vmNetName: 906 description: VMNetName is the name of the vSphere network. 907 type: string 908 required: 909 - infraManagementUser 910 - storagePolicy 911 - vmNetName 912 type: object 913 required: 914 - datacenter 915 - providerName 916 type: object 917 clusterNetwork: 918 description: ClusterNetworkingConfig specifies the different networking parameters for a cluster. 919 properties: 920 coreDNSReplicas: 921 description: CoreDNSReplicas is the number of desired pods of user cluster coredns deployment. 922 format: int32 923 type: integer 924 dnsDomain: 925 description: Domain name for services. 926 type: string 927 ipFamily: 928 description: 'Optional: IP family used for cluster networking. Supported values are "", "IPv4" or "IPv4+IPv6". Can be omitted / empty if pods and services network ranges are specified. In that case it defaults according to the IP families of the provided network ranges. If neither ipFamily nor pods & services network ranges are specified, defaults to "IPv4".' 929 enum: 930 - "" 931 - IPv4 932 - IPv4+IPv6 933 type: string 934 ipvs: 935 description: IPVS defines kube-proxy ipvs configuration options 936 properties: 937 strictArp: 938 default: true 939 description: StrictArp configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface. defaults to true. 940 type: boolean 941 type: object 942 konnectivityEnabled: 943 description: KonnectivityEnabled enables konnectivity for controlplane to node network communication. 944 type: boolean 945 nodeCidrMaskSizeIPv4: 946 description: NodeCIDRMaskSizeIPv4 is the mask size used to address the nodes within provided IPv4 Pods CIDR. It has to be larger than the provided IPv4 Pods CIDR. Defaults to 24. 947 format: int32 948 type: integer 949 nodeCidrMaskSizeIPv6: 950 description: NodeCIDRMaskSizeIPv6 is the mask size used to address the nodes within provided IPv6 Pods CIDR. It has to be larger than the provided IPv6 Pods CIDR. Defaults to 64. 951 format: int32 952 type: integer 953 nodeLocalDNSCacheEnabled: 954 default: true 955 description: NodeLocalDNSCacheEnabled controls whether the NodeLocal DNS Cache feature is enabled. Defaults to true. 956 type: boolean 957 pods: 958 description: The network ranges from which POD networks are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 959 properties: 960 cidrBlocks: 961 items: 962 type: string 963 type: array 964 type: object 965 proxyMode: 966 default: ipvs 967 description: ProxyMode defines the kube-proxy mode ("ipvs" / "iptables" / "ebpf"). Defaults to "ipvs". "ebpf" disables kube-proxy and requires CNI support. 968 enum: 969 - ipvs 970 - iptables 971 - ebpf 972 type: string 973 services: 974 description: The network ranges from which service VIPs are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 975 properties: 976 cidrBlocks: 977 items: 978 type: string 979 type: array 980 type: object 981 tunnelingAgentIP: 982 description: TunnelingAgentIP is the address used by the tunneling agents 983 type: string 984 required: 985 - dnsDomain 986 - pods 987 - proxyMode 988 - services 989 type: object 990 cniPlugin: 991 description: CNIPluginSettings contains the spec of the CNI plugin used by the Cluster. 992 properties: 993 type: 994 description: Type is the CNI plugin type to be used. 995 enum: 996 - canal 997 - cilium 998 - none 999 type: string 1000 version: 1001 description: Version defines the CNI plugin version to be used. This varies by chosen CNI plugin type. 1002 type: string 1003 required: 1004 - type 1005 - version 1006 type: object 1007 componentsOverride: 1008 description: Component specific overrides that allow customization of control plane components. 1009 properties: 1010 apiserver: 1011 description: Apiserver configures kube-apiserver settings. 1012 properties: 1013 endpointReconcilingDisabled: 1014 type: boolean 1015 nodePortRange: 1016 type: string 1017 replicas: 1018 format: int32 1019 type: integer 1020 resources: 1021 description: ResourceRequirements describes the compute resource requirements. 1022 properties: 1023 claims: 1024 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1025 items: 1026 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1027 properties: 1028 name: 1029 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1030 type: string 1031 required: 1032 - name 1033 type: object 1034 type: array 1035 x-kubernetes-list-map-keys: 1036 - name 1037 x-kubernetes-list-type: map 1038 limits: 1039 additionalProperties: 1040 anyOf: 1041 - type: integer 1042 - type: string 1043 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1044 x-kubernetes-int-or-string: true 1045 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1046 type: object 1047 requests: 1048 additionalProperties: 1049 anyOf: 1050 - type: integer 1051 - type: string 1052 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1053 x-kubernetes-int-or-string: true 1054 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1055 type: object 1056 type: object 1057 tolerations: 1058 items: 1059 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1060 properties: 1061 effect: 1062 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1063 type: string 1064 key: 1065 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1066 type: string 1067 operator: 1068 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1069 type: string 1070 tolerationSeconds: 1071 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1072 format: int64 1073 type: integer 1074 value: 1075 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1076 type: string 1077 type: object 1078 type: array 1079 type: object 1080 controllerManager: 1081 description: ControllerManager configures kube-controller-manager settings. 1082 properties: 1083 leaderElection: 1084 properties: 1085 leaseDurationSeconds: 1086 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1087 format: int32 1088 type: integer 1089 renewDeadlineSeconds: 1090 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1091 format: int32 1092 type: integer 1093 retryPeriodSeconds: 1094 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1095 format: int32 1096 type: integer 1097 type: object 1098 replicas: 1099 format: int32 1100 type: integer 1101 resources: 1102 description: ResourceRequirements describes the compute resource requirements. 1103 properties: 1104 claims: 1105 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1106 items: 1107 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1108 properties: 1109 name: 1110 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1111 type: string 1112 required: 1113 - name 1114 type: object 1115 type: array 1116 x-kubernetes-list-map-keys: 1117 - name 1118 x-kubernetes-list-type: map 1119 limits: 1120 additionalProperties: 1121 anyOf: 1122 - type: integer 1123 - type: string 1124 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1125 x-kubernetes-int-or-string: true 1126 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1127 type: object 1128 requests: 1129 additionalProperties: 1130 anyOf: 1131 - type: integer 1132 - type: string 1133 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1134 x-kubernetes-int-or-string: true 1135 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1136 type: object 1137 type: object 1138 tolerations: 1139 items: 1140 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1141 properties: 1142 effect: 1143 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1144 type: string 1145 key: 1146 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1147 type: string 1148 operator: 1149 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1150 type: string 1151 tolerationSeconds: 1152 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1153 format: int64 1154 type: integer 1155 value: 1156 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1157 type: string 1158 type: object 1159 type: array 1160 type: object 1161 etcd: 1162 description: Etcd configures the etcd ring used to store Kubernetes data. 1163 properties: 1164 clusterSize: 1165 description: ClusterSize is the number of replicas created for etcd. This should be an odd number to guarantee consensus, e.g. 3, 5 or 7. 1166 format: int32 1167 type: integer 1168 diskSize: 1169 anyOf: 1170 - type: integer 1171 - type: string 1172 description: DiskSize is the volume size used when creating persistent storage from the configured StorageClass. This is inherited from KubermaticConfiguration if not set. Defaults to 5Gi. 1173 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1174 x-kubernetes-int-or-string: true 1175 hostAntiAffinity: 1176 description: HostAntiAffinity allows to enforce a certain type of host anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1177 enum: 1178 - preferred 1179 - required 1180 type: string 1181 resources: 1182 description: Resources allows to override the resource requirements for etcd Pods. 1183 properties: 1184 claims: 1185 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1186 items: 1187 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1188 properties: 1189 name: 1190 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1191 type: string 1192 required: 1193 - name 1194 type: object 1195 type: array 1196 x-kubernetes-list-map-keys: 1197 - name 1198 x-kubernetes-list-type: map 1199 limits: 1200 additionalProperties: 1201 anyOf: 1202 - type: integer 1203 - type: string 1204 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1205 x-kubernetes-int-or-string: true 1206 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1207 type: object 1208 requests: 1209 additionalProperties: 1210 anyOf: 1211 - type: integer 1212 - type: string 1213 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1214 x-kubernetes-int-or-string: true 1215 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1216 type: object 1217 type: object 1218 storageClass: 1219 description: StorageClass is the Kubernetes StorageClass used for persistent storage which stores the etcd WAL and other data persisted across restarts. Defaults to `kubermatic-fast` (the global default). 1220 type: string 1221 tolerations: 1222 description: Tolerations allows to override the scheduling tolerations for etcd Pods. 1223 items: 1224 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1225 properties: 1226 effect: 1227 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1228 type: string 1229 key: 1230 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1231 type: string 1232 operator: 1233 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1234 type: string 1235 tolerationSeconds: 1236 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1237 format: int64 1238 type: integer 1239 value: 1240 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1241 type: string 1242 type: object 1243 type: array 1244 zoneAntiAffinity: 1245 description: ZoneAntiAffinity allows to enforce a certain type of availability zone anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1246 enum: 1247 - preferred 1248 - required 1249 type: string 1250 type: object 1251 konnectivityProxy: 1252 description: KonnectivityProxy configures konnectivity-server and konnectivity-agent components. 1253 properties: 1254 keepaliveTime: 1255 description: KeepaliveTime represents a duration of time to check if the transport is still alive. The option is propagated to agents and server. Defaults to 1m. 1256 type: string 1257 resources: 1258 description: Resources configure limits/requests for Konnectivity components. 1259 properties: 1260 claims: 1261 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1262 items: 1263 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1264 properties: 1265 name: 1266 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1267 type: string 1268 required: 1269 - name 1270 type: object 1271 type: array 1272 x-kubernetes-list-map-keys: 1273 - name 1274 x-kubernetes-list-type: map 1275 limits: 1276 additionalProperties: 1277 anyOf: 1278 - type: integer 1279 - type: string 1280 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1281 x-kubernetes-int-or-string: true 1282 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1283 type: object 1284 requests: 1285 additionalProperties: 1286 anyOf: 1287 - type: integer 1288 - type: string 1289 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1290 x-kubernetes-int-or-string: true 1291 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1292 type: object 1293 type: object 1294 type: object 1295 nodePortProxyEnvoy: 1296 description: NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if the `LoadBalancer` expose strategy is used. This is not effective if a different expose strategy is configured. 1297 properties: 1298 dockerRepository: 1299 description: DockerRepository is the repository containing the component's image. 1300 type: string 1301 resources: 1302 description: Resources describes the requested and maximum allowed CPU/memory usage. 1303 properties: 1304 claims: 1305 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1306 items: 1307 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1308 properties: 1309 name: 1310 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1311 type: string 1312 required: 1313 - name 1314 type: object 1315 type: array 1316 x-kubernetes-list-map-keys: 1317 - name 1318 x-kubernetes-list-type: map 1319 limits: 1320 additionalProperties: 1321 anyOf: 1322 - type: integer 1323 - type: string 1324 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1325 x-kubernetes-int-or-string: true 1326 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1327 type: object 1328 requests: 1329 additionalProperties: 1330 anyOf: 1331 - type: integer 1332 - type: string 1333 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1334 x-kubernetes-int-or-string: true 1335 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1336 type: object 1337 type: object 1338 type: object 1339 prometheus: 1340 description: Prometheus configures the Prometheus instance deployed into the cluster control plane. 1341 properties: 1342 resources: 1343 description: ResourceRequirements describes the compute resource requirements. 1344 properties: 1345 claims: 1346 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1347 items: 1348 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1349 properties: 1350 name: 1351 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1352 type: string 1353 required: 1354 - name 1355 type: object 1356 type: array 1357 x-kubernetes-list-map-keys: 1358 - name 1359 x-kubernetes-list-type: map 1360 limits: 1361 additionalProperties: 1362 anyOf: 1363 - type: integer 1364 - type: string 1365 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1366 x-kubernetes-int-or-string: true 1367 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1368 type: object 1369 requests: 1370 additionalProperties: 1371 anyOf: 1372 - type: integer 1373 - type: string 1374 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1375 x-kubernetes-int-or-string: true 1376 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1377 type: object 1378 type: object 1379 type: object 1380 scheduler: 1381 description: Scheduler configures kube-scheduler settings. 1382 properties: 1383 leaderElection: 1384 properties: 1385 leaseDurationSeconds: 1386 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1387 format: int32 1388 type: integer 1389 renewDeadlineSeconds: 1390 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1391 format: int32 1392 type: integer 1393 retryPeriodSeconds: 1394 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1395 format: int32 1396 type: integer 1397 type: object 1398 replicas: 1399 format: int32 1400 type: integer 1401 resources: 1402 description: ResourceRequirements describes the compute resource requirements. 1403 properties: 1404 claims: 1405 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1406 items: 1407 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1408 properties: 1409 name: 1410 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1411 type: string 1412 required: 1413 - name 1414 type: object 1415 type: array 1416 x-kubernetes-list-map-keys: 1417 - name 1418 x-kubernetes-list-type: map 1419 limits: 1420 additionalProperties: 1421 anyOf: 1422 - type: integer 1423 - type: string 1424 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1425 x-kubernetes-int-or-string: true 1426 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1427 type: object 1428 requests: 1429 additionalProperties: 1430 anyOf: 1431 - type: integer 1432 - type: string 1433 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1434 x-kubernetes-int-or-string: true 1435 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1436 type: object 1437 type: object 1438 tolerations: 1439 items: 1440 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1441 properties: 1442 effect: 1443 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1444 type: string 1445 key: 1446 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1447 type: string 1448 operator: 1449 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1450 type: string 1451 tolerationSeconds: 1452 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1453 format: int64 1454 type: integer 1455 value: 1456 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1457 type: string 1458 type: object 1459 type: array 1460 type: object 1461 userClusterController: 1462 description: UserClusterController configures the KKP usercluster-controller deployed as part of the cluster control plane. 1463 properties: 1464 leaderElection: 1465 properties: 1466 leaseDurationSeconds: 1467 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1468 format: int32 1469 type: integer 1470 renewDeadlineSeconds: 1471 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1472 format: int32 1473 type: integer 1474 retryPeriodSeconds: 1475 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1476 format: int32 1477 type: integer 1478 type: object 1479 replicas: 1480 format: int32 1481 type: integer 1482 resources: 1483 description: ResourceRequirements describes the compute resource requirements. 1484 properties: 1485 claims: 1486 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1487 items: 1488 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1489 properties: 1490 name: 1491 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1492 type: string 1493 required: 1494 - name 1495 type: object 1496 type: array 1497 x-kubernetes-list-map-keys: 1498 - name 1499 x-kubernetes-list-type: map 1500 limits: 1501 additionalProperties: 1502 anyOf: 1503 - type: integer 1504 - type: string 1505 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1506 x-kubernetes-int-or-string: true 1507 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1508 type: object 1509 requests: 1510 additionalProperties: 1511 anyOf: 1512 - type: integer 1513 - type: string 1514 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1515 x-kubernetes-int-or-string: true 1516 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1517 type: object 1518 type: object 1519 tolerations: 1520 items: 1521 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1522 properties: 1523 effect: 1524 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1525 type: string 1526 key: 1527 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1528 type: string 1529 operator: 1530 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1531 type: string 1532 tolerationSeconds: 1533 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1534 format: int64 1535 type: integer 1536 value: 1537 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1538 type: string 1539 type: object 1540 type: array 1541 type: object 1542 required: 1543 - apiserver 1544 - controllerManager 1545 - etcd 1546 - scheduler 1547 type: object 1548 containerRuntime: 1549 default: containerd 1550 description: ContainerRuntime to use, i.e. `docker` or `containerd`. By default `containerd` will be used. 1551 enum: 1552 - docker 1553 - containerd 1554 type: string 1555 debugLog: 1556 description: Enables more verbose logging in KKP's user-cluster-controller-manager. 1557 type: boolean 1558 enableOperatingSystemManager: 1559 description: 'Optional: Enables operating-system-manager (OSM), which is responsible for creating and managing worker node configuration. This field is enabled(true) by default.' 1560 type: boolean 1561 eventRateLimitConfig: 1562 description: 'Optional: Configures the EventRateLimit admission plugin (if enabled via `useEventRateLimitAdmissionPlugin`) to create limits on Kubernetes event generation. The EventRateLimit plugin is capable of comparing and rate limiting incoming `Events` based on several configured buckets.' 1563 properties: 1564 namespace: 1565 properties: 1566 burst: 1567 format: int32 1568 type: integer 1569 cacheSize: 1570 format: int32 1571 type: integer 1572 qps: 1573 format: int32 1574 type: integer 1575 required: 1576 - burst 1577 - qps 1578 type: object 1579 server: 1580 properties: 1581 burst: 1582 format: int32 1583 type: integer 1584 cacheSize: 1585 format: int32 1586 type: integer 1587 qps: 1588 format: int32 1589 type: integer 1590 required: 1591 - burst 1592 - qps 1593 type: object 1594 sourceAndObject: 1595 properties: 1596 burst: 1597 format: int32 1598 type: integer 1599 cacheSize: 1600 format: int32 1601 type: integer 1602 qps: 1603 format: int32 1604 type: integer 1605 required: 1606 - burst 1607 - qps 1608 type: object 1609 user: 1610 properties: 1611 burst: 1612 format: int32 1613 type: integer 1614 cacheSize: 1615 format: int32 1616 type: integer 1617 qps: 1618 format: int32 1619 type: integer 1620 required: 1621 - burst 1622 - qps 1623 type: object 1624 type: object 1625 exposeStrategy: 1626 description: ExposeStrategy is the strategy used to expose a cluster control plane. 1627 enum: 1628 - NodePort 1629 - LoadBalancer 1630 - Tunneling 1631 type: string 1632 features: 1633 additionalProperties: 1634 type: boolean 1635 description: A map of optional or early-stage features that can be enabled for the user cluster. Some feature gates cannot be disabled after being enabled. The available feature gates vary based on KKP version, Kubernetes version and Seed configuration. Please consult the KKP documentation for specific feature gates. 1636 type: object 1637 humanReadableName: 1638 description: HumanReadableName is the cluster name provided by the user. 1639 type: string 1640 imagePullSecret: 1641 description: 'Optional: ImagePullSecret references a secret with container registry credentials. This is passed to the machine-controller which sets the registry credentials on node level.' 1642 properties: 1643 name: 1644 description: name is unique within a namespace to reference a secret resource. 1645 type: string 1646 namespace: 1647 description: namespace defines the space within which the secret name must be unique. 1648 type: string 1649 type: object 1650 x-kubernetes-map-type: atomic 1651 kubernetesDashboard: 1652 description: KubernetesDashboard holds the configuration for the kubernetes-dashboard component. 1653 properties: 1654 enabled: 1655 description: Controls whether kubernetes-dashboard is deployed to the user cluster or not. Enabled by default. 1656 type: boolean 1657 type: object 1658 machineNetworks: 1659 items: 1660 description: MachineNetworkingConfig specifies the networking parameters used for IPAM. 1661 properties: 1662 cidr: 1663 type: string 1664 dnsServers: 1665 items: 1666 type: string 1667 type: array 1668 gateway: 1669 type: string 1670 required: 1671 - cidr 1672 - dnsServers 1673 - gateway 1674 type: object 1675 type: array 1676 mla: 1677 description: 'Optional: MLA contains monitoring, logging and alerting related settings for the user cluster.' 1678 properties: 1679 loggingEnabled: 1680 description: LoggingEnabled is the flag for enabling logging in user cluster. 1681 type: boolean 1682 loggingResources: 1683 description: LoggingResources is the resource requirements for user cluster promtail. 1684 properties: 1685 claims: 1686 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1687 items: 1688 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1689 properties: 1690 name: 1691 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1692 type: string 1693 required: 1694 - name 1695 type: object 1696 type: array 1697 x-kubernetes-list-map-keys: 1698 - name 1699 x-kubernetes-list-type: map 1700 limits: 1701 additionalProperties: 1702 anyOf: 1703 - type: integer 1704 - type: string 1705 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1706 x-kubernetes-int-or-string: true 1707 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1708 type: object 1709 requests: 1710 additionalProperties: 1711 anyOf: 1712 - type: integer 1713 - type: string 1714 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1715 x-kubernetes-int-or-string: true 1716 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1717 type: object 1718 type: object 1719 monitoringEnabled: 1720 description: MonitoringEnabled is the flag for enabling monitoring in user cluster. 1721 type: boolean 1722 monitoringReplicas: 1723 description: MonitoringReplicas is the number of desired pods of user cluster prometheus deployment. 1724 format: int32 1725 type: integer 1726 monitoringResources: 1727 description: MonitoringResources is the resource requirements for user cluster prometheus. 1728 properties: 1729 claims: 1730 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1731 items: 1732 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1733 properties: 1734 name: 1735 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1736 type: string 1737 required: 1738 - name 1739 type: object 1740 type: array 1741 x-kubernetes-list-map-keys: 1742 - name 1743 x-kubernetes-list-type: map 1744 limits: 1745 additionalProperties: 1746 anyOf: 1747 - type: integer 1748 - type: string 1749 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1750 x-kubernetes-int-or-string: true 1751 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1752 type: object 1753 requests: 1754 additionalProperties: 1755 anyOf: 1756 - type: integer 1757 - type: string 1758 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1759 x-kubernetes-int-or-string: true 1760 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1761 type: object 1762 type: object 1763 type: object 1764 oidc: 1765 properties: 1766 clientID: 1767 type: string 1768 clientSecret: 1769 type: string 1770 extraScopes: 1771 type: string 1772 groupsClaim: 1773 type: string 1774 issuerURL: 1775 type: string 1776 requiredClaim: 1777 type: string 1778 usernameClaim: 1779 type: string 1780 type: object 1781 opaIntegration: 1782 description: 'Optional: OPAIntegration is a preview feature that enables OPA integration for the cluster. Enabling it causes OPA Gatekeeper and its resources to be deployed on the user cluster. By default it is disabled.' 1783 properties: 1784 auditResources: 1785 description: 'Optional: AuditResources is the resource requirements for user cluster gatekeeper audit.' 1786 properties: 1787 claims: 1788 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1789 items: 1790 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1791 properties: 1792 name: 1793 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1794 type: string 1795 required: 1796 - name 1797 type: object 1798 type: array 1799 x-kubernetes-list-map-keys: 1800 - name 1801 x-kubernetes-list-type: map 1802 limits: 1803 additionalProperties: 1804 anyOf: 1805 - type: integer 1806 - type: string 1807 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1808 x-kubernetes-int-or-string: true 1809 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1810 type: object 1811 requests: 1812 additionalProperties: 1813 anyOf: 1814 - type: integer 1815 - type: string 1816 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1817 x-kubernetes-int-or-string: true 1818 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1819 type: object 1820 type: object 1821 controllerResources: 1822 description: 'Optional: ControllerResources is the resource requirements for user cluster gatekeeper controller.' 1823 properties: 1824 claims: 1825 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1826 items: 1827 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1828 properties: 1829 name: 1830 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1831 type: string 1832 required: 1833 - name 1834 type: object 1835 type: array 1836 x-kubernetes-list-map-keys: 1837 - name 1838 x-kubernetes-list-type: map 1839 limits: 1840 additionalProperties: 1841 anyOf: 1842 - type: integer 1843 - type: string 1844 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1845 x-kubernetes-int-or-string: true 1846 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1847 type: object 1848 requests: 1849 additionalProperties: 1850 anyOf: 1851 - type: integer 1852 - type: string 1853 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1854 x-kubernetes-int-or-string: true 1855 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1856 type: object 1857 type: object 1858 enabled: 1859 description: Enables OPA Gatekeeper integration. 1860 type: boolean 1861 experimentalEnableMutation: 1862 description: 'Optional: Enables experimental mutation in Gatekeeper.' 1863 type: boolean 1864 webhookTimeoutSeconds: 1865 default: 10 1866 description: The timeout in seconds that is set for the Gatekeeper validating webhook admission review calls. Defaults to `10` (seconds). 1867 format: int32 1868 type: integer 1869 type: object 1870 pause: 1871 default: false 1872 description: If this is set to true, the cluster will not be reconciled by KKP. This indicates that the user needs to do some action to resolve the pause. 1873 type: boolean 1874 pauseReason: 1875 description: PauseReason is the reason why the cluster is not being managed. This field is for informational purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster. 1876 type: string 1877 podNodeSelectorAdmissionPluginConfig: 1878 additionalProperties: 1879 type: string 1880 description: 'Optional: Provides configuration for the PodNodeSelector admission plugin (needs plugin enabled via `usePodNodeSelectorAdmissionPlugin`). It''s used by the backend to create a configuration file for this plugin. The key:value from this map is converted to <namespace>:<node-selectors-labels> in the file. Use `clusterDefaultNodeSelector` as key to configure a default node selector.' 1881 type: object 1882 serviceAccount: 1883 description: 'Optional: ServiceAccount contains service account related settings for the user cluster''s kube-apiserver.' 1884 properties: 1885 apiAudiences: 1886 description: APIAudiences are the Identifiers of the API If this is not specified, it will be set to a single element list containing the issuer URL 1887 items: 1888 type: string 1889 type: array 1890 issuer: 1891 description: Issuer is the identifier of the service account token issuer If this is not specified, it will be set to the URL of apiserver by default 1892 type: string 1893 tokenVolumeProjectionEnabled: 1894 type: boolean 1895 type: object 1896 updateWindow: 1897 description: 'Optional: UpdateWindow configures automatic update systems to respect a maintenance window for applying OS updates to nodes. This is only respected on Flatcar nodes currently.' 1898 properties: 1899 length: 1900 description: Sets the length of the update window beginning with the start time. This needs to be a valid duration as parsed by Go's time.ParseDuration (https://pkg.go.dev/time#ParseDuration), e.g. `2h`. 1901 type: string 1902 start: 1903 description: Sets the start time of the update window. This can be a time of day in 24h format, e.g. `22:30`, or a day of week plus a time of day, for example `Mon 21:00`. Only short names for week days are supported, i.e. `Mon`, `Tue`, `Wed`, `Thu`, `Fri`, `Sat` and `Sun`. 1904 type: string 1905 type: object 1906 useEventRateLimitAdmissionPlugin: 1907 description: Enables the admission plugin `EventRateLimit`. Needs additional configuration via the `eventRateLimitConfig` field. This plugin is considered "alpha" by Kubernetes. 1908 type: boolean 1909 usePodNodeSelectorAdmissionPlugin: 1910 description: Enables the admission plugin `PodNodeSelector`. Needs additional configuration via the `podNodeSelectorAdmissionPluginConfig` field. 1911 type: boolean 1912 usePodSecurityPolicyAdmissionPlugin: 1913 description: Enables the admission plugin `PodSecurityPolicy`. This plugin is deprecated by Kubernetes. 1914 type: boolean 1915 version: 1916 description: Version defines the wanted version of the control plane. 1917 type: string 1918 required: 1919 - cloud 1920 - clusterNetwork 1921 - exposeStrategy 1922 - humanReadableName 1923 - version 1924 type: object 1925 userSSHKeys: 1926 items: 1927 description: ClusterTemplateSSHKey is the object for holding SSH key. 1928 properties: 1929 id: 1930 description: ID is the name of the UserSSHKey object that is supposed to be assigned to any ClusterTemplateInstance created based on this template. 1931 type: string 1932 name: 1933 description: Name is the human readable SSH key name. 1934 type: string 1935 required: 1936 - id 1937 - name 1938 type: object 1939 type: array 1940 required: 1941 - credential 1942 type: object 1943 served: true 1944 storage: true 1945 subresources: {}