k8c.io/api/v3@v3.0.0-20230904060738-b0a93889c0b6/crd/enterprise/kcp/ee.kubermatic.k8c.io_clusters.yaml (about) 1 # This file has been generated by hack/update-codegen.sh, DO NOT EDIT. 2 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.12.0 8 name: clusters.ee.kubermatic.k8c.io 9 spec: 10 group: ee.kubermatic.k8c.io 11 names: 12 kind: Cluster 13 listKind: ClusterList 14 plural: clusters 15 singular: cluster 16 scope: Cluster 17 versions: 18 - additionalPrinterColumns: 19 - jsonPath: .spec.humanReadableName 20 name: HumanReadableName 21 type: string 22 - jsonPath: .status.userEmail 23 name: Owner 24 type: string 25 - jsonPath: .spec.version 26 name: Version 27 type: string 28 - jsonPath: .spec.cloud.providerName 29 name: Provider 30 type: string 31 - jsonPath: .spec.cloud.datacenter 32 name: Datacenter 33 type: string 34 - jsonPath: .status.phase 35 name: Phase 36 type: string 37 - jsonPath: .spec.pause 38 name: Paused 39 type: boolean 40 - jsonPath: .metadata.creationTimestamp 41 name: Age 42 type: date 43 name: v1 44 schema: 45 openAPIV3Schema: 46 description: Cluster represents a Kubermatic Kubernetes Platform user cluster. Cluster objects exist on Seed clusters and each user cluster consists of a namespace containing the Kubernetes control plane and additional pods (like Prometheus or the machine-controller). 47 properties: 48 apiVersion: 49 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 50 type: string 51 kind: 52 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 53 type: string 54 metadata: 55 type: object 56 spec: 57 description: Spec describes the desired cluster state. 58 properties: 59 admissionPlugins: 60 description: A list of arbitrary admission plugin names that are passed to kube-apiserver. Must not include admission plugins that can be enabled via a separate setting. 61 items: 62 type: string 63 type: array 64 apiServerAllowedIPRanges: 65 description: 'Optional: APIServerAllowedIPRanges is a list of IP ranges allowed to access the API server. Applicable only if the expose strategy of the cluster is LoadBalancer. If not configured, access to the API server is unrestricted.' 66 properties: 67 cidrBlocks: 68 items: 69 type: string 70 type: array 71 type: object 72 applicationSettings: 73 description: 'Optional: ApplicationSettings contains the settings relative to the application feature.' 74 properties: 75 cacheSize: 76 anyOf: 77 - type: integer 78 - type: string 79 description: CacheSize is the size of the cache used to download application's sources. 80 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 81 x-kubernetes-int-or-string: true 82 type: object 83 auditLogging: 84 description: 'Optional: AuditLogging configures Kubernetes API audit logging (https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) for the user cluster.' 85 properties: 86 enabled: 87 description: Enabled will enable or disable audit logging. 88 type: boolean 89 policyPreset: 90 description: 'Optional: PolicyPreset can be set to utilize a pre-defined set of audit policy rules.' 91 enum: 92 - metadata 93 - recommended 94 - minimal 95 type: string 96 sidecar: 97 description: 'Optional: Configures the fluent-bit sidecar deployed alongside kube-apiserver.' 98 properties: 99 config: 100 description: AuditSidecarConfiguration defines custom configuration for the fluent-bit sidecar deployed with a kube-apiserver. Also see https://docs.fluentbit.io/manual/v/1.8/administration/configuring-fluent-bit/configuration-file. 101 properties: 102 filters: 103 items: 104 additionalProperties: 105 type: string 106 type: object 107 type: array 108 outputs: 109 items: 110 additionalProperties: 111 type: string 112 type: object 113 type: array 114 service: 115 additionalProperties: 116 type: string 117 type: object 118 type: object 119 resources: 120 description: ResourceRequirements describes the compute resource requirements. 121 properties: 122 claims: 123 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 124 items: 125 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 126 properties: 127 name: 128 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 129 type: string 130 required: 131 - name 132 type: object 133 type: array 134 x-kubernetes-list-map-keys: 135 - name 136 x-kubernetes-list-type: map 137 limits: 138 additionalProperties: 139 anyOf: 140 - type: integer 141 - type: string 142 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 143 x-kubernetes-int-or-string: true 144 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 145 type: object 146 requests: 147 additionalProperties: 148 anyOf: 149 - type: integer 150 - type: string 151 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 152 x-kubernetes-int-or-string: true 153 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 154 type: object 155 type: object 156 type: object 157 type: object 158 cloud: 159 description: Cloud contains information regarding the cloud provider that is responsible for hosting the cluster's workload. 160 properties: 161 alibaba: 162 description: AlibabaCloudSpec specifies the access data to Alibaba. 163 properties: 164 accessKeyID: 165 type: string 166 accessKeySecret: 167 type: string 168 credentialsReference: 169 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 170 properties: 171 apiVersion: 172 description: API version of the referent. 173 type: string 174 fieldPath: 175 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 176 type: string 177 key: 178 type: string 179 kind: 180 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 181 type: string 182 name: 183 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 184 type: string 185 namespace: 186 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 187 type: string 188 resourceVersion: 189 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 190 type: string 191 uid: 192 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 193 type: string 194 type: object 195 x-kubernetes-map-type: atomic 196 type: object 197 anexia: 198 description: AnexiaCloudSpec specifies the access data to Anexia. 199 properties: 200 credentialsReference: 201 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 202 properties: 203 apiVersion: 204 description: API version of the referent. 205 type: string 206 fieldPath: 207 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 208 type: string 209 key: 210 type: string 211 kind: 212 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 213 type: string 214 name: 215 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 216 type: string 217 namespace: 218 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 219 type: string 220 resourceVersion: 221 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 222 type: string 223 uid: 224 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 225 type: string 226 type: object 227 x-kubernetes-map-type: atomic 228 token: 229 type: string 230 type: object 231 aws: 232 description: AWSCloudSpec specifies access data to Amazon Web Services. 233 properties: 234 accessKeyID: 235 type: string 236 assumeRoleARN: 237 type: string 238 assumeRoleExternalID: 239 type: string 240 credentialsReference: 241 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 242 properties: 243 apiVersion: 244 description: API version of the referent. 245 type: string 246 fieldPath: 247 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 248 type: string 249 key: 250 type: string 251 kind: 252 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 253 type: string 254 name: 255 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 256 type: string 257 namespace: 258 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 259 type: string 260 resourceVersion: 261 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 262 type: string 263 uid: 264 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 265 type: string 266 type: object 267 x-kubernetes-map-type: atomic 268 disableIAMReconciling: 269 description: DisableIAMReconciling is used to disable reconciliation for IAM related configuration. This is useful in air-gapped setups where access to IAM service is not possible. 270 type: boolean 271 instanceProfileName: 272 type: string 273 nodePortsAllowedIPRange: 274 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 275 type: string 276 nodePortsAllowedIPRanges: 277 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 278 properties: 279 cidrBlocks: 280 items: 281 type: string 282 type: array 283 type: object 284 roleARN: 285 description: The IAM role, the control plane will use. The control plane will perform an assume-role 286 type: string 287 routeTableID: 288 type: string 289 secretAccessKey: 290 type: string 291 securityGroupID: 292 type: string 293 vpcID: 294 type: string 295 required: 296 - instanceProfileName 297 - roleARN 298 - routeTableID 299 - securityGroupID 300 - vpcID 301 type: object 302 azure: 303 description: AzureCloudSpec defines cloud resource references for Microsoft Azure. 304 properties: 305 assignAvailabilitySet: 306 description: 'Optional: AssignAvailabilitySet determines whether KKP creates and assigns an AvailabilitySet to machines. Defaults to `true` internally if not set.' 307 type: boolean 308 availabilitySet: 309 description: An availability set that will be associated with nodes created for this cluster. If this field is set to empty string at cluster creation and `AssignAvailabilitySet` is set to `true`, a new availability set will be created and this field will be updated to the generated availability set's name. 310 type: string 311 clientID: 312 description: ClientID is the service principal used to access Azure. Can be read from `credentialsReference` instead. 313 type: string 314 clientSecret: 315 description: ClientSecret is the client secret corresponding to the given service principal. Can be read from `credentialsReference` instead. 316 type: string 317 credentialsReference: 318 description: CredentialsReference allows referencing a `Secret` resource instead of passing secret data in this spec. 319 properties: 320 apiVersion: 321 description: API version of the referent. 322 type: string 323 fieldPath: 324 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 325 type: string 326 key: 327 type: string 328 kind: 329 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 330 type: string 331 name: 332 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 333 type: string 334 namespace: 335 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 336 type: string 337 resourceVersion: 338 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 339 type: string 340 uid: 341 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 342 type: string 343 type: object 344 x-kubernetes-map-type: atomic 345 loadBalancerSKU: 346 description: Azure SKU for Load Balancers. Possible values are `basic` and `standard`. 347 enum: 348 - standard 349 - basic 350 type: string 351 nodePortsAllowedIPRange: 352 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 353 type: string 354 nodePortsAllowedIPRanges: 355 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 356 properties: 357 cidrBlocks: 358 items: 359 type: string 360 type: array 361 type: object 362 resourceGroup: 363 description: The resource group that will be used to look up and create resources for the cluster in. If set to empty string at cluster creation, a new resource group will be created and this field will be updated to the generated resource group's name. 364 type: string 365 routeTable: 366 description: The name of a route table associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new route table will be created and this field will be updated to the generated route table's name. If no subnet is defined at cluster creation, this field should be empty as well. 367 type: string 368 securityGroup: 369 description: The name of a security group associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new security group will be created and this field will be updated to the generated security group's name. If no subnet is defined at cluster creation, this field should be empty as well. 370 type: string 371 subnet: 372 description: The name of a subnet in the VNet referenced by `vnet`. If set to empty string at cluster creation, a new subnet will be created and this field will be updated to the generated subnet's name. If no VNet is defined at cluster creation, this field should be empty as well. 373 type: string 374 subscriptionID: 375 description: SubscriptionID is the Azure Subscription used for this cluster. Can be read from `credentialsReference` instead. 376 type: string 377 tenantID: 378 description: TenantID is the Azure Active Directory Tenant used for this cluster. Can be read from `credentialsReference` instead. 379 type: string 380 vnet: 381 description: The name of the VNet resource used for setting up networking in. If set to empty string at cluster creation, a new VNet will be created and this field will be updated to the generated VNet's name. 382 type: string 383 vnetResourceGroup: 384 description: 'Optional: VNetResourceGroup optionally defines a second resource group that will be used for VNet related resources instead. If left empty, NO additional resource group will be created and all VNet related resources use the resource group defined by `resourceGroup`.' 385 type: string 386 required: 387 - availabilitySet 388 - loadBalancerSKU 389 - resourceGroup 390 - routeTable 391 - securityGroup 392 - subnet 393 - vnet 394 - vnetResourceGroup 395 type: object 396 bringyourown: 397 description: BringYourOwnCloudSpec specifies access data for a bring your own cluster. 398 type: object 399 datacenter: 400 description: DatacenterName states the name of a cloud provider "datacenter" (defined in `Seed` resources) this cluster should be deployed into. 401 type: string 402 digitalocean: 403 description: DigitaloceanCloudSpec specifies access data to DigitalOcean. 404 properties: 405 credentialsReference: 406 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 407 properties: 408 apiVersion: 409 description: API version of the referent. 410 type: string 411 fieldPath: 412 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 413 type: string 414 key: 415 type: string 416 kind: 417 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 418 type: string 419 name: 420 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 421 type: string 422 namespace: 423 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 424 type: string 425 resourceVersion: 426 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 427 type: string 428 uid: 429 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 430 type: string 431 type: object 432 x-kubernetes-map-type: atomic 433 token: 434 type: string 435 type: object 436 fake: 437 description: FakeCloudSpec specifies access data for a fake cloud. 438 properties: 439 token: 440 type: string 441 type: object 442 gcp: 443 description: GCPCloudSpec specifies access data to GCP. 444 properties: 445 credentialsReference: 446 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 447 properties: 448 apiVersion: 449 description: API version of the referent. 450 type: string 451 fieldPath: 452 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 453 type: string 454 key: 455 type: string 456 kind: 457 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 458 type: string 459 name: 460 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 461 type: string 462 namespace: 463 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 464 type: string 465 resourceVersion: 466 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 467 type: string 468 uid: 469 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 470 type: string 471 type: object 472 x-kubernetes-map-type: atomic 473 network: 474 type: string 475 nodePortsAllowedIPRange: 476 description: A CIDR range that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 477 type: string 478 nodePortsAllowedIPRanges: 479 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 480 properties: 481 cidrBlocks: 482 items: 483 type: string 484 type: array 485 type: object 486 serviceAccount: 487 description: The Google Service Account (JSON format), encoded with base64. 488 type: string 489 subnetwork: 490 type: string 491 required: 492 - network 493 - subnetwork 494 type: object 495 hetzner: 496 description: HetznerCloudSpec specifies access data to hetzner cloud. 497 properties: 498 credentialsReference: 499 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 500 properties: 501 apiVersion: 502 description: API version of the referent. 503 type: string 504 fieldPath: 505 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 506 type: string 507 key: 508 type: string 509 kind: 510 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 511 type: string 512 name: 513 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 514 type: string 515 namespace: 516 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 517 type: string 518 resourceVersion: 519 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 520 type: string 521 uid: 522 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 523 type: string 524 type: object 525 x-kubernetes-map-type: atomic 526 network: 527 description: Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work. If this is empty, the network configured on the datacenter will be used. 528 type: string 529 token: 530 description: Token is used to authenticate with the Hetzner cloud API. 531 type: string 532 type: object 533 kubevirt: 534 description: KubeVirtCloudSpec specifies the access data to KubeVirt. 535 properties: 536 credentialsReference: 537 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 538 properties: 539 apiVersion: 540 description: API version of the referent. 541 type: string 542 fieldPath: 543 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 544 type: string 545 key: 546 type: string 547 kind: 548 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 549 type: string 550 name: 551 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 552 type: string 553 namespace: 554 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 555 type: string 556 resourceVersion: 557 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 558 type: string 559 uid: 560 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 561 type: string 562 type: object 563 x-kubernetes-map-type: atomic 564 csiKubeconfig: 565 type: string 566 imageCloningEnabled: 567 description: ImageCloningEnabled flag enable/disable cloning for a cluster. 568 type: boolean 569 infraStorageClasses: 570 description: 'Deprecated: in favor of StorageClasses. InfraStorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks)' 571 items: 572 type: string 573 type: array 574 kubeconfig: 575 description: The cluster's kubeconfig file, encoded with base64. 576 type: string 577 preAllocatedDataVolumes: 578 description: Custom Images are a good example of this use case. 579 items: 580 properties: 581 annotations: 582 additionalProperties: 583 type: string 584 type: object 585 name: 586 type: string 587 size: 588 type: string 589 storageClass: 590 type: string 591 url: 592 type: string 593 required: 594 - name 595 - size 596 - storageClass 597 - url 598 type: object 599 type: array 600 storageClasses: 601 description: StorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks. It contains also some flag specifying which one is the default one. 602 items: 603 properties: 604 isDefaultClass: 605 description: 'Optional: IsDefaultClass. If true, the created StorageClass in the tenant cluster will be annotated with: storageclass.kubernetes.io/is-default-class : true If missing or false, annotation will be: storageclass.kubernetes.io/is-default-class : false' 606 type: boolean 607 name: 608 type: string 609 required: 610 - name 611 type: object 612 type: array 613 type: object 614 nutanix: 615 description: NutanixCloudSpec specifies the access data to Nutanix. 616 properties: 617 clusterName: 618 description: ClusterName is the Nutanix cluster that this user cluster will be deployed to. 619 type: string 620 credentialsReference: 621 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 622 properties: 623 apiVersion: 624 description: API version of the referent. 625 type: string 626 fieldPath: 627 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 628 type: string 629 key: 630 type: string 631 kind: 632 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 633 type: string 634 name: 635 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 636 type: string 637 namespace: 638 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 639 type: string 640 resourceVersion: 641 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 642 type: string 643 uid: 644 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 645 type: string 646 type: object 647 x-kubernetes-map-type: atomic 648 csi: 649 description: NutanixCSIConfig for csi driver that connects to a prism element 650 properties: 651 endpoint: 652 description: Prism Element Endpoint to access Nutanix Prism Element for csi driver 653 type: string 654 fstype: 655 description: 'Optional: defaults to "xfs"' 656 type: string 657 password: 658 description: Prism Element Password for csi driver 659 type: string 660 port: 661 description: 'Optional: Port to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440)' 662 format: int32 663 type: integer 664 ssSegmentedIscsiNetwork: 665 description: 'Optional: defaults to "false"' 666 type: boolean 667 storageContainer: 668 description: 'Optional: defaults to "SelfServiceContainer"' 669 type: string 670 username: 671 description: Prism Element Username for csi driver 672 type: string 673 required: 674 - endpoint 675 type: object 676 password: 677 type: string 678 projectName: 679 description: ProjectName is the project that this cluster is deployed into. If none is given, no project will be used. 680 type: string 681 proxyURL: 682 type: string 683 username: 684 type: string 685 required: 686 - clusterName 687 type: object 688 openstack: 689 description: OpenStackCloudSpec specifies access data to an OpenStack cloud. 690 properties: 691 applicationCredentialID: 692 type: string 693 applicationCredentialSecret: 694 type: string 695 credentialsReference: 696 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 697 properties: 698 apiVersion: 699 description: API version of the referent. 700 type: string 701 fieldPath: 702 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 703 type: string 704 key: 705 type: string 706 kind: 707 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 708 type: string 709 name: 710 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 711 type: string 712 namespace: 713 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 714 type: string 715 resourceVersion: 716 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 717 type: string 718 uid: 719 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 720 type: string 721 type: object 722 x-kubernetes-map-type: atomic 723 domain: 724 type: string 725 enableIngressHostname: 726 description: Enable the `enable-ingress-hostname` cloud provider option on the OpenStack CCM. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround for the PROXY protocol to preserve client IPs. 727 type: boolean 728 floatingIPPool: 729 description: "FloatingIPPool holds the name of the public network The public network is reachable from the outside world and should provide the pool of IP addresses to choose from. \n When specified, all worker nodes will receive a public ip from this floating ip pool \n Note that the network is external if the \"External\" field is set to true" 730 type: string 731 ingressHostnameSuffix: 732 description: Set a specific suffix for the hostnames used for the PROXY protocol workaround that is enabled by EnableIngressHostname. The suffix is set to `nip.io` by default. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround only. 733 type: string 734 ipv6SubnetID: 735 description: IPv6SubnetID holds the ID of the subnet used for IPv6 networking. If not provided, a new subnet will be created if IPv6 is enabled. 736 type: string 737 ipv6SubnetPool: 738 description: IPv6SubnetPool holds the name of the subnet pool used for creating new IPv6 subnets. If not provided, the default IPv6 subnet pool will be used. 739 type: string 740 network: 741 description: "Network holds the name of the internal network When specified, all worker nodes will be attached to this network. If not specified, a network, subnet & router will be created \n Note that the network is internal if the \"External\" field is set to false" 742 type: string 743 nodePortsAllowedIPRange: 744 description: A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere. 745 type: string 746 nodePortsAllowedIPRanges: 747 description: 'Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.' 748 properties: 749 cidrBlocks: 750 items: 751 type: string 752 type: array 753 type: object 754 password: 755 type: string 756 project: 757 description: project, formally known as tenant. 758 type: string 759 projectID: 760 description: project id, formally known as tenantID. 761 type: string 762 routerID: 763 type: string 764 securityGroups: 765 type: string 766 subnetID: 767 type: string 768 token: 769 description: Used internally during cluster creation 770 type: string 771 useOctavia: 772 description: "Whether or not to use Octavia for LoadBalancer type of Service implementation instead of using Neutron-LBaaS. Attention:OpenStack CCM use Octavia as default load balancer implementation since v1.17.0 \n Takes precedence over the 'use_octavia' flag provided at datacenter level if both are specified." 773 type: boolean 774 useToken: 775 type: boolean 776 username: 777 type: string 778 required: 779 - floatingIPPool 780 - network 781 - routerID 782 - securityGroups 783 - subnetID 784 type: object 785 packet: 786 description: PacketCloudSpec specifies access data to a Packet cloud. 787 properties: 788 apiKey: 789 type: string 790 billingCycle: 791 type: string 792 credentialsReference: 793 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 794 properties: 795 apiVersion: 796 description: API version of the referent. 797 type: string 798 fieldPath: 799 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 800 type: string 801 key: 802 type: string 803 kind: 804 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 805 type: string 806 name: 807 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 808 type: string 809 namespace: 810 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 811 type: string 812 resourceVersion: 813 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 814 type: string 815 uid: 816 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 817 type: string 818 type: object 819 x-kubernetes-map-type: atomic 820 projectID: 821 type: string 822 required: 823 - billingCycle 824 type: object 825 providerName: 826 description: ProviderName is the name of the cloud provider used for this cluster. This must match the given provider spec (e.g. if the providerName is "aws", then the `aws` field must be set). 827 enum: 828 - alibaba 829 - anexia 830 - aws 831 - azure 832 - bringyourown 833 - digitalocean 834 - gcp 835 - hetzner 836 - kubevirt 837 - nutanix 838 - openstack 839 - packet 840 - vmwareclouddirector 841 - vsphere 842 type: string 843 vmwareclouddirector: 844 description: VMwareCloudDirectorCloudSpec specifies access data to VMware Cloud Director cloud. 845 properties: 846 apiToken: 847 description: APIToken is the VMware Cloud Director API token. 848 type: string 849 credentialsReference: 850 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 851 properties: 852 apiVersion: 853 description: API version of the referent. 854 type: string 855 fieldPath: 856 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 857 type: string 858 key: 859 type: string 860 kind: 861 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 862 type: string 863 name: 864 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 865 type: string 866 namespace: 867 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 868 type: string 869 resourceVersion: 870 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 871 type: string 872 uid: 873 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 874 type: string 875 type: object 876 x-kubernetes-map-type: atomic 877 csi: 878 description: Config for CSI driver 879 properties: 880 filesystem: 881 description: Filesystem to use for named disks, defaults to "ext4" 882 type: string 883 storageProfile: 884 description: The name of the storage profile to use for disks created by CSI driver 885 type: string 886 required: 887 - storageProfile 888 type: object 889 organization: 890 description: Organization is the name of organization to use. 891 type: string 892 ovdcNetwork: 893 description: Network is the name of organizational virtual data center network that will be associated with the VMs and vApp. 894 type: string 895 password: 896 description: Password is the VMware Cloud Director user password. 897 type: string 898 username: 899 description: Username is the VMware Cloud Director user name. 900 type: string 901 vapp: 902 description: VApp used for isolation of VMs and their associated network 903 type: string 904 vdc: 905 description: VDC is the organizational virtual data center. 906 type: string 907 required: 908 - csi 909 - ovdcNetwork 910 type: object 911 vsphere: 912 description: VSphereCloudSpec specifies access data to VSphere cloud. 913 properties: 914 credentialsReference: 915 description: GlobalObjectKeySelector is needed as we can not use v1.SecretKeySelector because it is not cross namespace. 916 properties: 917 apiVersion: 918 description: API version of the referent. 919 type: string 920 fieldPath: 921 description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' 922 type: string 923 key: 924 type: string 925 kind: 926 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 927 type: string 928 name: 929 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 930 type: string 931 namespace: 932 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 933 type: string 934 resourceVersion: 935 description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 936 type: string 937 uid: 938 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 939 type: string 940 type: object 941 x-kubernetes-map-type: atomic 942 datastore: 943 description: Datastore to be used for storing virtual machines and as a default for dynamic volume provisioning, it is mutually exclusive with DatastoreCluster. 944 type: string 945 datastoreCluster: 946 description: DatastoreCluster to be used for storing virtual machines, it is mutually exclusive with Datastore. 947 type: string 948 folder: 949 description: Folder is the folder to be used to group the provisioned virtual machines. 950 type: string 951 infraManagementUser: 952 description: This user will be used for everything except cloud provider functionality 953 properties: 954 password: 955 type: string 956 username: 957 type: string 958 type: object 959 password: 960 description: Password is the vSphere user password. 961 type: string 962 resourcePool: 963 description: ResourcePool is used to manage resources such as cpu and memory for vSphere virtual machines. The resource pool should be defined on vSphere cluster level. 964 type: string 965 storagePolicy: 966 description: StoragePolicy to be used for storage provisioning 967 type: string 968 tags: 969 description: Tags represents the tags that are attached or created on the cluster level, that are then propagated down to the MachineDeployments. In order to attach tags on MachineDeployment, users must create the tag on a cluster level first then attach that tag on the MachineDeployment. 970 properties: 971 categoryID: 972 description: CategoryID is the id of the vsphere category that the tag belongs to. If the category id is left empty, the default category id for the cluster will be used. 973 type: string 974 tags: 975 description: Tags represents the name of the created tags. 976 items: 977 type: string 978 type: array 979 required: 980 - tags 981 type: object 982 username: 983 description: Username is the vSphere user name. 984 type: string 985 vmNetName: 986 description: VMNetName is the name of the vSphere network. 987 type: string 988 required: 989 - infraManagementUser 990 - storagePolicy 991 - vmNetName 992 type: object 993 required: 994 - datacenter 995 - providerName 996 type: object 997 clusterNetwork: 998 description: ClusterNetworkingConfig specifies the different networking parameters for a cluster. 999 properties: 1000 coreDNSReplicas: 1001 description: CoreDNSReplicas is the number of desired pods of user cluster coredns deployment. 1002 format: int32 1003 type: integer 1004 dnsDomain: 1005 description: Domain name for services. 1006 type: string 1007 ipFamily: 1008 description: 'Optional: IP family used for cluster networking. Supported values are "", "IPv4" or "IPv4+IPv6". Can be omitted / empty if pods and services network ranges are specified. In that case it defaults according to the IP families of the provided network ranges. If neither ipFamily nor pods & services network ranges are specified, defaults to "IPv4".' 1009 enum: 1010 - "" 1011 - IPv4 1012 - IPv4+IPv6 1013 type: string 1014 ipvs: 1015 description: IPVS defines kube-proxy ipvs configuration options 1016 properties: 1017 strictArp: 1018 default: true 1019 description: StrictArp configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface. defaults to true. 1020 type: boolean 1021 type: object 1022 konnectivityEnabled: 1023 description: KonnectivityEnabled enables konnectivity for controlplane to node network communication. 1024 type: boolean 1025 nodeCidrMaskSizeIPv4: 1026 description: NodeCIDRMaskSizeIPv4 is the mask size used to address the nodes within provided IPv4 Pods CIDR. It has to be larger than the provided IPv4 Pods CIDR. Defaults to 24. 1027 format: int32 1028 type: integer 1029 nodeCidrMaskSizeIPv6: 1030 description: NodeCIDRMaskSizeIPv6 is the mask size used to address the nodes within provided IPv6 Pods CIDR. It has to be larger than the provided IPv6 Pods CIDR. Defaults to 64. 1031 format: int32 1032 type: integer 1033 nodeLocalDNSCacheEnabled: 1034 default: true 1035 description: NodeLocalDNSCacheEnabled controls whether the NodeLocal DNS Cache feature is enabled. Defaults to true. 1036 type: boolean 1037 pods: 1038 description: The network ranges from which POD networks are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 1039 properties: 1040 cidrBlocks: 1041 items: 1042 type: string 1043 type: array 1044 type: object 1045 proxyMode: 1046 default: ipvs 1047 description: ProxyMode defines the kube-proxy mode ("ipvs" / "iptables" / "ebpf"). Defaults to "ipvs". "ebpf" disables kube-proxy and requires CNI support. 1048 enum: 1049 - ipvs 1050 - iptables 1051 - ebpf 1052 type: string 1053 services: 1054 description: The network ranges from which service VIPs are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family. 1055 properties: 1056 cidrBlocks: 1057 items: 1058 type: string 1059 type: array 1060 type: object 1061 tunnelingAgentIP: 1062 description: TunnelingAgentIP is the address used by the tunneling agents 1063 type: string 1064 required: 1065 - dnsDomain 1066 - pods 1067 - proxyMode 1068 - services 1069 type: object 1070 cniPlugin: 1071 description: CNIPluginSettings contains the spec of the CNI plugin used by the Cluster. 1072 properties: 1073 type: 1074 description: Type is the CNI plugin type to be used. 1075 enum: 1076 - canal 1077 - cilium 1078 - none 1079 type: string 1080 version: 1081 description: Version defines the CNI plugin version to be used. This varies by chosen CNI plugin type. 1082 type: string 1083 required: 1084 - type 1085 - version 1086 type: object 1087 componentsOverride: 1088 description: Component specific overrides that allow customization of control plane components. 1089 properties: 1090 apiserver: 1091 description: Apiserver configures kube-apiserver settings. 1092 properties: 1093 endpointReconcilingDisabled: 1094 type: boolean 1095 nodePortRange: 1096 type: string 1097 replicas: 1098 format: int32 1099 type: integer 1100 resources: 1101 description: ResourceRequirements describes the compute resource requirements. 1102 properties: 1103 claims: 1104 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1105 items: 1106 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1107 properties: 1108 name: 1109 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1110 type: string 1111 required: 1112 - name 1113 type: object 1114 type: array 1115 x-kubernetes-list-map-keys: 1116 - name 1117 x-kubernetes-list-type: map 1118 limits: 1119 additionalProperties: 1120 anyOf: 1121 - type: integer 1122 - type: string 1123 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1124 x-kubernetes-int-or-string: true 1125 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1126 type: object 1127 requests: 1128 additionalProperties: 1129 anyOf: 1130 - type: integer 1131 - type: string 1132 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1133 x-kubernetes-int-or-string: true 1134 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1135 type: object 1136 type: object 1137 tolerations: 1138 items: 1139 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1140 properties: 1141 effect: 1142 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1143 type: string 1144 key: 1145 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1146 type: string 1147 operator: 1148 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1149 type: string 1150 tolerationSeconds: 1151 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1152 format: int64 1153 type: integer 1154 value: 1155 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1156 type: string 1157 type: object 1158 type: array 1159 type: object 1160 controllerManager: 1161 description: ControllerManager configures kube-controller-manager settings. 1162 properties: 1163 leaderElection: 1164 properties: 1165 leaseDurationSeconds: 1166 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1167 format: int32 1168 type: integer 1169 renewDeadlineSeconds: 1170 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1171 format: int32 1172 type: integer 1173 retryPeriodSeconds: 1174 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1175 format: int32 1176 type: integer 1177 type: object 1178 replicas: 1179 format: int32 1180 type: integer 1181 resources: 1182 description: ResourceRequirements describes the compute resource requirements. 1183 properties: 1184 claims: 1185 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1186 items: 1187 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1188 properties: 1189 name: 1190 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1191 type: string 1192 required: 1193 - name 1194 type: object 1195 type: array 1196 x-kubernetes-list-map-keys: 1197 - name 1198 x-kubernetes-list-type: map 1199 limits: 1200 additionalProperties: 1201 anyOf: 1202 - type: integer 1203 - type: string 1204 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1205 x-kubernetes-int-or-string: true 1206 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1207 type: object 1208 requests: 1209 additionalProperties: 1210 anyOf: 1211 - type: integer 1212 - type: string 1213 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1214 x-kubernetes-int-or-string: true 1215 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1216 type: object 1217 type: object 1218 tolerations: 1219 items: 1220 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1221 properties: 1222 effect: 1223 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1224 type: string 1225 key: 1226 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1227 type: string 1228 operator: 1229 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1230 type: string 1231 tolerationSeconds: 1232 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1233 format: int64 1234 type: integer 1235 value: 1236 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1237 type: string 1238 type: object 1239 type: array 1240 type: object 1241 etcd: 1242 description: Etcd configures the etcd ring used to store Kubernetes data. 1243 properties: 1244 clusterSize: 1245 description: ClusterSize is the number of replicas created for etcd. This should be an odd number to guarantee consensus, e.g. 3, 5 or 7. 1246 format: int32 1247 type: integer 1248 diskSize: 1249 anyOf: 1250 - type: integer 1251 - type: string 1252 description: DiskSize is the volume size used when creating persistent storage from the configured StorageClass. This is inherited from KubermaticConfiguration if not set. Defaults to 5Gi. 1253 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1254 x-kubernetes-int-or-string: true 1255 hostAntiAffinity: 1256 description: HostAntiAffinity allows to enforce a certain type of host anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1257 enum: 1258 - preferred 1259 - required 1260 type: string 1261 resources: 1262 description: Resources allows to override the resource requirements for etcd Pods. 1263 properties: 1264 claims: 1265 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1266 items: 1267 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1268 properties: 1269 name: 1270 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1271 type: string 1272 required: 1273 - name 1274 type: object 1275 type: array 1276 x-kubernetes-list-map-keys: 1277 - name 1278 x-kubernetes-list-type: map 1279 limits: 1280 additionalProperties: 1281 anyOf: 1282 - type: integer 1283 - type: string 1284 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1285 x-kubernetes-int-or-string: true 1286 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1287 type: object 1288 requests: 1289 additionalProperties: 1290 anyOf: 1291 - type: integer 1292 - type: string 1293 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1294 x-kubernetes-int-or-string: true 1295 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1296 type: object 1297 type: object 1298 storageClass: 1299 description: StorageClass is the Kubernetes StorageClass used for persistent storage which stores the etcd WAL and other data persisted across restarts. Defaults to `kubermatic-fast` (the global default). 1300 type: string 1301 tolerations: 1302 description: Tolerations allows to override the scheduling tolerations for etcd Pods. 1303 items: 1304 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1305 properties: 1306 effect: 1307 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1308 type: string 1309 key: 1310 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1311 type: string 1312 operator: 1313 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1314 type: string 1315 tolerationSeconds: 1316 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1317 format: int64 1318 type: integer 1319 value: 1320 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1321 type: string 1322 type: object 1323 type: array 1324 zoneAntiAffinity: 1325 description: ZoneAntiAffinity allows to enforce a certain type of availability zone anti-affinity on etcd pods. Options are "preferred" (default) and "required". Please note that enforcing anti-affinity via "required" can mean that pods are never scheduled. 1326 enum: 1327 - preferred 1328 - required 1329 type: string 1330 type: object 1331 konnectivityProxy: 1332 description: KonnectivityProxy configures konnectivity-server and konnectivity-agent components. 1333 properties: 1334 keepaliveTime: 1335 description: KeepaliveTime represents a duration of time to check if the transport is still alive. The option is propagated to agents and server. Defaults to 1m. 1336 type: string 1337 resources: 1338 description: Resources configure limits/requests for Konnectivity components. 1339 properties: 1340 claims: 1341 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1342 items: 1343 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1344 properties: 1345 name: 1346 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1347 type: string 1348 required: 1349 - name 1350 type: object 1351 type: array 1352 x-kubernetes-list-map-keys: 1353 - name 1354 x-kubernetes-list-type: map 1355 limits: 1356 additionalProperties: 1357 anyOf: 1358 - type: integer 1359 - type: string 1360 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1361 x-kubernetes-int-or-string: true 1362 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1363 type: object 1364 requests: 1365 additionalProperties: 1366 anyOf: 1367 - type: integer 1368 - type: string 1369 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1370 x-kubernetes-int-or-string: true 1371 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1372 type: object 1373 type: object 1374 type: object 1375 nodePortProxyEnvoy: 1376 description: NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if the `LoadBalancer` expose strategy is used. This is not effective if a different expose strategy is configured. 1377 properties: 1378 dockerRepository: 1379 description: DockerRepository is the repository containing the component's image. 1380 type: string 1381 resources: 1382 description: Resources describes the requested and maximum allowed CPU/memory usage. 1383 properties: 1384 claims: 1385 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1386 items: 1387 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1388 properties: 1389 name: 1390 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1391 type: string 1392 required: 1393 - name 1394 type: object 1395 type: array 1396 x-kubernetes-list-map-keys: 1397 - name 1398 x-kubernetes-list-type: map 1399 limits: 1400 additionalProperties: 1401 anyOf: 1402 - type: integer 1403 - type: string 1404 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1405 x-kubernetes-int-or-string: true 1406 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1407 type: object 1408 requests: 1409 additionalProperties: 1410 anyOf: 1411 - type: integer 1412 - type: string 1413 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1414 x-kubernetes-int-or-string: true 1415 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1416 type: object 1417 type: object 1418 type: object 1419 prometheus: 1420 description: Prometheus configures the Prometheus instance deployed into the cluster control plane. 1421 properties: 1422 resources: 1423 description: ResourceRequirements describes the compute resource requirements. 1424 properties: 1425 claims: 1426 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1427 items: 1428 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1429 properties: 1430 name: 1431 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1432 type: string 1433 required: 1434 - name 1435 type: object 1436 type: array 1437 x-kubernetes-list-map-keys: 1438 - name 1439 x-kubernetes-list-type: map 1440 limits: 1441 additionalProperties: 1442 anyOf: 1443 - type: integer 1444 - type: string 1445 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1446 x-kubernetes-int-or-string: true 1447 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1448 type: object 1449 requests: 1450 additionalProperties: 1451 anyOf: 1452 - type: integer 1453 - type: string 1454 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1455 x-kubernetes-int-or-string: true 1456 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1457 type: object 1458 type: object 1459 type: object 1460 scheduler: 1461 description: Scheduler configures kube-scheduler settings. 1462 properties: 1463 leaderElection: 1464 properties: 1465 leaseDurationSeconds: 1466 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1467 format: int32 1468 type: integer 1469 renewDeadlineSeconds: 1470 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1471 format: int32 1472 type: integer 1473 retryPeriodSeconds: 1474 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1475 format: int32 1476 type: integer 1477 type: object 1478 replicas: 1479 format: int32 1480 type: integer 1481 resources: 1482 description: ResourceRequirements describes the compute resource requirements. 1483 properties: 1484 claims: 1485 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1486 items: 1487 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1488 properties: 1489 name: 1490 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1491 type: string 1492 required: 1493 - name 1494 type: object 1495 type: array 1496 x-kubernetes-list-map-keys: 1497 - name 1498 x-kubernetes-list-type: map 1499 limits: 1500 additionalProperties: 1501 anyOf: 1502 - type: integer 1503 - type: string 1504 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1505 x-kubernetes-int-or-string: true 1506 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1507 type: object 1508 requests: 1509 additionalProperties: 1510 anyOf: 1511 - type: integer 1512 - type: string 1513 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1514 x-kubernetes-int-or-string: true 1515 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1516 type: object 1517 type: object 1518 tolerations: 1519 items: 1520 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1521 properties: 1522 effect: 1523 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1524 type: string 1525 key: 1526 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1527 type: string 1528 operator: 1529 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1530 type: string 1531 tolerationSeconds: 1532 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1533 format: int64 1534 type: integer 1535 value: 1536 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1537 type: string 1538 type: object 1539 type: array 1540 type: object 1541 userClusterController: 1542 description: UserClusterController configures the KKP usercluster-controller deployed as part of the cluster control plane. 1543 properties: 1544 leaderElection: 1545 properties: 1546 leaseDurationSeconds: 1547 description: LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack. 1548 format: int32 1549 type: integer 1550 renewDeadlineSeconds: 1551 description: RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up. 1552 format: int32 1553 type: integer 1554 retryPeriodSeconds: 1555 description: RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions. 1556 format: int32 1557 type: integer 1558 type: object 1559 replicas: 1560 format: int32 1561 type: integer 1562 resources: 1563 description: ResourceRequirements describes the compute resource requirements. 1564 properties: 1565 claims: 1566 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1567 items: 1568 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1569 properties: 1570 name: 1571 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1572 type: string 1573 required: 1574 - name 1575 type: object 1576 type: array 1577 x-kubernetes-list-map-keys: 1578 - name 1579 x-kubernetes-list-type: map 1580 limits: 1581 additionalProperties: 1582 anyOf: 1583 - type: integer 1584 - type: string 1585 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1586 x-kubernetes-int-or-string: true 1587 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1588 type: object 1589 requests: 1590 additionalProperties: 1591 anyOf: 1592 - type: integer 1593 - type: string 1594 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1595 x-kubernetes-int-or-string: true 1596 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1597 type: object 1598 type: object 1599 tolerations: 1600 items: 1601 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 1602 properties: 1603 effect: 1604 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1605 type: string 1606 key: 1607 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1608 type: string 1609 operator: 1610 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 1611 type: string 1612 tolerationSeconds: 1613 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 1614 format: int64 1615 type: integer 1616 value: 1617 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 1618 type: string 1619 type: object 1620 type: array 1621 type: object 1622 required: 1623 - apiserver 1624 - controllerManager 1625 - etcd 1626 - scheduler 1627 type: object 1628 containerRuntime: 1629 default: containerd 1630 description: ContainerRuntime to use, i.e. `docker` or `containerd`. By default `containerd` will be used. 1631 enum: 1632 - docker 1633 - containerd 1634 type: string 1635 debugLog: 1636 description: Enables more verbose logging in KKP's user-cluster-controller-manager. 1637 type: boolean 1638 enableOperatingSystemManager: 1639 description: 'Optional: Enables operating-system-manager (OSM), which is responsible for creating and managing worker node configuration. This field is enabled(true) by default.' 1640 type: boolean 1641 enableUserSSHKeyAgent: 1642 description: 'Optional: Deploys the UserSSHKeyAgent to the user cluster. This field is immutable. If enabled, the agent will be deployed and used to sync user ssh keys attached by users to the cluster. No SSH keys will be synced after node creation if this is disabled.' 1643 type: boolean 1644 encryptionConfiguration: 1645 description: 'Optional: Configures encryption-at-rest for Kubernetes API data. This needs the `encryptionAtRest` feature gate.' 1646 properties: 1647 enabled: 1648 description: Enables encryption-at-rest on this cluster. 1649 type: boolean 1650 resources: 1651 description: List of resources that will be stored encrypted in etcd. 1652 items: 1653 type: string 1654 minItems: 1 1655 type: array 1656 secretbox: 1657 description: 'Configuration for the `secretbox` static key encryption scheme as supported by Kubernetes. More info: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#providers' 1658 properties: 1659 keys: 1660 description: List of 'secretbox' encryption keys. The first element of this list is considered the "primary" key which will be used for encrypting data while writing it. Additional keys will be used for decrypting data while reading it, if keys higher in the list did not succeed in decrypting it. 1661 items: 1662 description: SecretboxKey stores a key or key reference for encrypting Kubernetes API data at rest with a static key. 1663 properties: 1664 name: 1665 description: Identifier of a key, used in various places to refer to the key. 1666 type: string 1667 secretRef: 1668 description: Instead of passing the sensitive encryption key via the `value` field, a secret can be referenced. The key of the secret referenced here needs to hold a key equivalent to the `value` field. 1669 properties: 1670 key: 1671 description: The key of the secret to select from. Must be a valid secret key. 1672 type: string 1673 name: 1674 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1675 type: string 1676 optional: 1677 description: Specify whether the Secret or its key must be defined 1678 type: boolean 1679 required: 1680 - key 1681 type: object 1682 x-kubernetes-map-type: atomic 1683 value: 1684 description: Value contains a 32-byte random key that is base64 encoded. This is the key used for encryption. Can be generated via `head -c 32 /dev/urandom | base64`, for example. 1685 type: string 1686 required: 1687 - name 1688 type: object 1689 minItems: 1 1690 type: array 1691 required: 1692 - keys 1693 type: object 1694 required: 1695 - enabled 1696 - resources 1697 type: object 1698 eventRateLimitConfig: 1699 description: 'Optional: Configures the EventRateLimit admission plugin (if enabled via `useEventRateLimitAdmissionPlugin`) to create limits on Kubernetes event generation. The EventRateLimit plugin is capable of comparing and rate limiting incoming `Events` based on several configured buckets.' 1700 properties: 1701 namespace: 1702 properties: 1703 burst: 1704 format: int32 1705 type: integer 1706 cacheSize: 1707 format: int32 1708 type: integer 1709 qps: 1710 format: int32 1711 type: integer 1712 required: 1713 - burst 1714 - qps 1715 type: object 1716 server: 1717 properties: 1718 burst: 1719 format: int32 1720 type: integer 1721 cacheSize: 1722 format: int32 1723 type: integer 1724 qps: 1725 format: int32 1726 type: integer 1727 required: 1728 - burst 1729 - qps 1730 type: object 1731 sourceAndObject: 1732 properties: 1733 burst: 1734 format: int32 1735 type: integer 1736 cacheSize: 1737 format: int32 1738 type: integer 1739 qps: 1740 format: int32 1741 type: integer 1742 required: 1743 - burst 1744 - qps 1745 type: object 1746 user: 1747 properties: 1748 burst: 1749 format: int32 1750 type: integer 1751 cacheSize: 1752 format: int32 1753 type: integer 1754 qps: 1755 format: int32 1756 type: integer 1757 required: 1758 - burst 1759 - qps 1760 type: object 1761 type: object 1762 exposeStrategy: 1763 description: ExposeStrategy is the strategy used to expose a cluster control plane. 1764 enum: 1765 - NodePort 1766 - LoadBalancer 1767 - Tunneling 1768 type: string 1769 features: 1770 additionalProperties: 1771 type: boolean 1772 description: A map of optional or early-stage features that can be enabled for the user cluster. Some feature gates cannot be disabled after being enabled. The available feature gates vary based on KKP version, Kubernetes version and Seed configuration. Please consult the KKP documentation for specific feature gates. 1773 type: object 1774 humanReadableName: 1775 description: HumanReadableName is the cluster name provided by the user. 1776 type: string 1777 imagePullSecret: 1778 description: 'Optional: ImagePullSecret references a secret with container registry credentials. This is passed to the machine-controller which sets the registry credentials on node level.' 1779 properties: 1780 name: 1781 description: name is unique within a namespace to reference a secret resource. 1782 type: string 1783 namespace: 1784 description: namespace defines the space within which the secret name must be unique. 1785 type: string 1786 type: object 1787 x-kubernetes-map-type: atomic 1788 kubernetesDashboard: 1789 description: KubernetesDashboard holds the configuration for the kubernetes-dashboard component. 1790 properties: 1791 enabled: 1792 description: Controls whether kubernetes-dashboard is deployed to the user cluster or not. Enabled by default. 1793 type: boolean 1794 type: object 1795 machineNetworks: 1796 items: 1797 description: MachineNetworkingConfig specifies the networking parameters used for IPAM. 1798 properties: 1799 cidr: 1800 type: string 1801 dnsServers: 1802 items: 1803 type: string 1804 type: array 1805 gateway: 1806 type: string 1807 required: 1808 - cidr 1809 - dnsServers 1810 - gateway 1811 type: object 1812 type: array 1813 mla: 1814 description: 'Optional: MLA contains monitoring, logging and alerting related settings for the user cluster.' 1815 properties: 1816 loggingEnabled: 1817 description: LoggingEnabled is the flag for enabling logging in user cluster. 1818 type: boolean 1819 loggingResources: 1820 description: LoggingResources is the resource requirements for user cluster promtail. 1821 properties: 1822 claims: 1823 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1824 items: 1825 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1826 properties: 1827 name: 1828 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1829 type: string 1830 required: 1831 - name 1832 type: object 1833 type: array 1834 x-kubernetes-list-map-keys: 1835 - name 1836 x-kubernetes-list-type: map 1837 limits: 1838 additionalProperties: 1839 anyOf: 1840 - type: integer 1841 - type: string 1842 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1843 x-kubernetes-int-or-string: true 1844 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1845 type: object 1846 requests: 1847 additionalProperties: 1848 anyOf: 1849 - type: integer 1850 - type: string 1851 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1852 x-kubernetes-int-or-string: true 1853 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1854 type: object 1855 type: object 1856 monitoringEnabled: 1857 description: MonitoringEnabled is the flag for enabling monitoring in user cluster. 1858 type: boolean 1859 monitoringReplicas: 1860 description: MonitoringReplicas is the number of desired pods of user cluster prometheus deployment. 1861 format: int32 1862 type: integer 1863 monitoringResources: 1864 description: MonitoringResources is the resource requirements for user cluster prometheus. 1865 properties: 1866 claims: 1867 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1868 items: 1869 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1870 properties: 1871 name: 1872 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1873 type: string 1874 required: 1875 - name 1876 type: object 1877 type: array 1878 x-kubernetes-list-map-keys: 1879 - name 1880 x-kubernetes-list-type: map 1881 limits: 1882 additionalProperties: 1883 anyOf: 1884 - type: integer 1885 - type: string 1886 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1887 x-kubernetes-int-or-string: true 1888 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1889 type: object 1890 requests: 1891 additionalProperties: 1892 anyOf: 1893 - type: integer 1894 - type: string 1895 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1896 x-kubernetes-int-or-string: true 1897 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1898 type: object 1899 type: object 1900 type: object 1901 oidc: 1902 properties: 1903 clientID: 1904 type: string 1905 clientSecret: 1906 type: string 1907 extraScopes: 1908 type: string 1909 groupsClaim: 1910 type: string 1911 issuerURL: 1912 type: string 1913 requiredClaim: 1914 type: string 1915 usernameClaim: 1916 type: string 1917 type: object 1918 opaIntegration: 1919 description: 'Optional: OPAIntegration is a preview feature that enables OPA integration for the cluster. Enabling it causes OPA Gatekeeper and its resources to be deployed on the user cluster. By default it is disabled.' 1920 properties: 1921 auditResources: 1922 description: 'Optional: AuditResources is the resource requirements for user cluster gatekeeper audit.' 1923 properties: 1924 claims: 1925 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1926 items: 1927 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1928 properties: 1929 name: 1930 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1931 type: string 1932 required: 1933 - name 1934 type: object 1935 type: array 1936 x-kubernetes-list-map-keys: 1937 - name 1938 x-kubernetes-list-type: map 1939 limits: 1940 additionalProperties: 1941 anyOf: 1942 - type: integer 1943 - type: string 1944 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1945 x-kubernetes-int-or-string: true 1946 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1947 type: object 1948 requests: 1949 additionalProperties: 1950 anyOf: 1951 - type: integer 1952 - type: string 1953 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1954 x-kubernetes-int-or-string: true 1955 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1956 type: object 1957 type: object 1958 controllerResources: 1959 description: 'Optional: ControllerResources is the resource requirements for user cluster gatekeeper controller.' 1960 properties: 1961 claims: 1962 description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." 1963 items: 1964 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1965 properties: 1966 name: 1967 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1968 type: string 1969 required: 1970 - name 1971 type: object 1972 type: array 1973 x-kubernetes-list-map-keys: 1974 - name 1975 x-kubernetes-list-type: map 1976 limits: 1977 additionalProperties: 1978 anyOf: 1979 - type: integer 1980 - type: string 1981 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1982 x-kubernetes-int-or-string: true 1983 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1984 type: object 1985 requests: 1986 additionalProperties: 1987 anyOf: 1988 - type: integer 1989 - type: string 1990 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1991 x-kubernetes-int-or-string: true 1992 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1993 type: object 1994 type: object 1995 enabled: 1996 description: Enables OPA Gatekeeper integration. 1997 type: boolean 1998 experimentalEnableMutation: 1999 description: 'Optional: Enables experimental mutation in Gatekeeper.' 2000 type: boolean 2001 webhookTimeoutSeconds: 2002 default: 10 2003 description: The timeout in seconds that is set for the Gatekeeper validating webhook admission review calls. Defaults to `10` (seconds). 2004 format: int32 2005 type: integer 2006 type: object 2007 pause: 2008 default: false 2009 description: If this is set to true, the cluster will not be reconciled by KKP. This indicates that the user needs to do some action to resolve the pause. 2010 type: boolean 2011 pauseReason: 2012 description: PauseReason is the reason why the cluster is not being managed. This field is for informational purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster. 2013 type: string 2014 podNodeSelectorAdmissionPluginConfig: 2015 additionalProperties: 2016 type: string 2017 description: 'Optional: Provides configuration for the PodNodeSelector admission plugin (needs plugin enabled via `usePodNodeSelectorAdmissionPlugin`). It''s used by the backend to create a configuration file for this plugin. The key:value from this map is converted to <namespace>:<node-selectors-labels> in the file. Use `clusterDefaultNodeSelector` as key to configure a default node selector.' 2018 type: object 2019 serviceAccount: 2020 description: 'Optional: ServiceAccount contains service account related settings for the user cluster''s kube-apiserver.' 2021 properties: 2022 apiAudiences: 2023 description: APIAudiences are the Identifiers of the API If this is not specified, it will be set to a single element list containing the issuer URL 2024 items: 2025 type: string 2026 type: array 2027 issuer: 2028 description: Issuer is the identifier of the service account token issuer If this is not specified, it will be set to the URL of apiserver by default 2029 type: string 2030 tokenVolumeProjectionEnabled: 2031 type: boolean 2032 type: object 2033 updateWindow: 2034 description: 'Optional: UpdateWindow configures automatic update systems to respect a maintenance window for applying OS updates to nodes. This is only respected on Flatcar nodes currently.' 2035 properties: 2036 length: 2037 description: Sets the length of the update window beginning with the start time. This needs to be a valid duration as parsed by Go's time.ParseDuration (https://pkg.go.dev/time#ParseDuration), e.g. `2h`. 2038 type: string 2039 start: 2040 description: Sets the start time of the update window. This can be a time of day in 24h format, e.g. `22:30`, or a day of week plus a time of day, for example `Mon 21:00`. Only short names for week days are supported, i.e. `Mon`, `Tue`, `Wed`, `Thu`, `Fri`, `Sat` and `Sun`. 2041 type: string 2042 type: object 2043 useEventRateLimitAdmissionPlugin: 2044 description: Enables the admission plugin `EventRateLimit`. Needs additional configuration via the `eventRateLimitConfig` field. This plugin is considered "alpha" by Kubernetes. 2045 type: boolean 2046 usePodNodeSelectorAdmissionPlugin: 2047 description: Enables the admission plugin `PodNodeSelector`. Needs additional configuration via the `podNodeSelectorAdmissionPluginConfig` field. 2048 type: boolean 2049 usePodSecurityPolicyAdmissionPlugin: 2050 description: Enables the admission plugin `PodSecurityPolicy`. This plugin is deprecated by Kubernetes. 2051 type: boolean 2052 version: 2053 description: Version defines the wanted version of the control plane. 2054 type: string 2055 required: 2056 - cloud 2057 - clusterNetwork 2058 - exposeStrategy 2059 - humanReadableName 2060 - version 2061 type: object 2062 status: 2063 description: Status contains reconciliation information for the cluster. 2064 properties: 2065 address: 2066 description: Address contains the IPs/URLs to access the cluster control plane. 2067 properties: 2068 adminToken: 2069 description: AdminToken is the token for the kubeconfig, the user can download 2070 type: string 2071 externalName: 2072 description: ExternalName is the DNS name for this cluster 2073 type: string 2074 internalURL: 2075 description: InternalName is the seed cluster internal absolute DNS name to the API server 2076 type: string 2077 ip: 2078 description: IP is the external IP under which the apiserver is available 2079 type: string 2080 port: 2081 description: Port is the port the API server listens on 2082 format: int32 2083 type: integer 2084 url: 2085 description: URL under which the Apiserver is available 2086 type: string 2087 type: object 2088 conditions: 2089 additionalProperties: 2090 properties: 2091 kubermaticVersion: 2092 description: KubermaticVersion current kubermatic version. 2093 type: string 2094 lastHeartbeatTime: 2095 description: Last time we got an update on a given condition. 2096 format: date-time 2097 type: string 2098 lastTransitionTime: 2099 description: Last time the condition transit from one status to another. 2100 format: date-time 2101 type: string 2102 message: 2103 description: Human readable message indicating details about last transition. 2104 type: string 2105 reason: 2106 description: (brief) reason for the condition's last transition. 2107 type: string 2108 status: 2109 description: Status of the condition, one of True, False, Unknown. 2110 type: string 2111 required: 2112 - kubermaticVersion 2113 - lastHeartbeatTime 2114 - status 2115 type: object 2116 description: Conditions contains conditions the cluster is in, its primary use case is status signaling between controllers or between controllers and the API. 2117 type: object 2118 encryption: 2119 description: Encryption describes the status of the encryption-at-rest feature for encrypted data in etcd. 2120 properties: 2121 activeKey: 2122 description: The current "primary" key used to encrypt data written to etcd. Secondary keys that can be used for decryption (but not encryption) might be configured in the ClusterSpec. 2123 type: string 2124 encryptedResources: 2125 description: List of resources currently encrypted. 2126 items: 2127 type: string 2128 type: array 2129 phase: 2130 description: The current phase of the encryption process. Can be one of `Pending`, `Failed`, `Active` or `EncryptionNeeded`. The `encryption_controller` logic will process the cluster based on the current phase and issue necessary changes to make sure encryption on the cluster is active and updated with what the ClusterSpec defines. 2131 enum: 2132 - Pending 2133 - Failed 2134 - Active 2135 - EncryptionNeeded 2136 type: string 2137 required: 2138 - activeKey 2139 - encryptedResources 2140 type: object 2141 errorMessage: 2142 description: ErrorMessage contains a default error message in case the controller encountered an error. Will be reset if the error was resolved. 2143 type: string 2144 errorReason: 2145 description: ErrorReason contains a error reason in case the controller encountered an error. Will be reset if the error was resolved. 2146 enum: 2147 - InvalidConfiguration 2148 - UnsupportedChange 2149 - ReconcileError 2150 type: string 2151 extendedHealth: 2152 description: ExtendedHealth exposes information about the current health state. Extends standard health status for new states. 2153 properties: 2154 alertmanagerConfig: 2155 enum: 2156 - HealthStatusDown 2157 - HealthStatusUp 2158 - HealthStatusProvisioning 2159 type: string 2160 applicationController: 2161 enum: 2162 - HealthStatusDown 2163 - HealthStatusUp 2164 - HealthStatusProvisioning 2165 type: string 2166 cloudProviderInfrastructure: 2167 enum: 2168 - HealthStatusDown 2169 - HealthStatusUp 2170 - HealthStatusProvisioning 2171 type: string 2172 etcd: 2173 enum: 2174 - HealthStatusDown 2175 - HealthStatusUp 2176 - HealthStatusProvisioning 2177 type: string 2178 gatekeeperAudit: 2179 enum: 2180 - HealthStatusDown 2181 - HealthStatusUp 2182 - HealthStatusProvisioning 2183 type: string 2184 gatekeeperController: 2185 enum: 2186 - HealthStatusDown 2187 - HealthStatusUp 2188 - HealthStatusProvisioning 2189 type: string 2190 konnectivity: 2191 enum: 2192 - HealthStatusDown 2193 - HealthStatusUp 2194 - HealthStatusProvisioning 2195 type: string 2196 kubernetesApiserver: 2197 enum: 2198 - HealthStatusDown 2199 - HealthStatusUp 2200 - HealthStatusProvisioning 2201 type: string 2202 kubernetesControllerManager: 2203 enum: 2204 - HealthStatusDown 2205 - HealthStatusUp 2206 - HealthStatusProvisioning 2207 type: string 2208 kubernetesDashboard: 2209 enum: 2210 - HealthStatusDown 2211 - HealthStatusUp 2212 - HealthStatusProvisioning 2213 type: string 2214 kubernetesScheduler: 2215 enum: 2216 - HealthStatusDown 2217 - HealthStatusUp 2218 - HealthStatusProvisioning 2219 type: string 2220 logging: 2221 enum: 2222 - HealthStatusDown 2223 - HealthStatusUp 2224 - HealthStatusProvisioning 2225 type: string 2226 machineController: 2227 enum: 2228 - HealthStatusDown 2229 - HealthStatusUp 2230 - HealthStatusProvisioning 2231 type: string 2232 mlaGateway: 2233 enum: 2234 - HealthStatusDown 2235 - HealthStatusUp 2236 - HealthStatusProvisioning 2237 type: string 2238 monitoring: 2239 enum: 2240 - HealthStatusDown 2241 - HealthStatusUp 2242 - HealthStatusProvisioning 2243 type: string 2244 openvpn: 2245 enum: 2246 - HealthStatusDown 2247 - HealthStatusUp 2248 - HealthStatusProvisioning 2249 type: string 2250 operatingSystemManager: 2251 enum: 2252 - HealthStatusDown 2253 - HealthStatusUp 2254 - HealthStatusProvisioning 2255 type: string 2256 userClusterControllerManager: 2257 enum: 2258 - HealthStatusDown 2259 - HealthStatusUp 2260 - HealthStatusProvisioning 2261 type: string 2262 type: object 2263 inheritedLabels: 2264 additionalProperties: 2265 type: string 2266 description: InheritedLabels are labels the cluster inherited from the project. They are read-only for users. 2267 type: object 2268 lastProviderReconciliation: 2269 description: LastProviderReconciliation is the time when the cloud provider resources were last fully reconciled (during normal cluster reconciliation, KKP does not re-check things like security groups, networks etc.). 2270 format: date-time 2271 type: string 2272 lastUpdated: 2273 format: date-time 2274 type: string 2275 namespaceName: 2276 description: NamespaceName defines the namespace the control plane of this cluster is deployed in. 2277 type: string 2278 phase: 2279 description: Phase is a description of the current cluster status, summarizing the various conditions, possible active updates etc. This field is for informational purpose only and no logic should be tied to the phase. 2280 enum: 2281 - Creating 2282 - Updating 2283 - Running 2284 - Terminating 2285 type: string 2286 resourceUsage: 2287 description: ResourceUsage shows the current usage of resources for the cluster. 2288 properties: 2289 cpu: 2290 anyOf: 2291 - type: integer 2292 - type: string 2293 description: CPU holds the quantity of CPU. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity. 2294 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2295 x-kubernetes-int-or-string: true 2296 memory: 2297 anyOf: 2298 - type: integer 2299 - type: string 2300 description: Memory represents the quantity of RAM size. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity. 2301 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2302 x-kubernetes-int-or-string: true 2303 storage: 2304 anyOf: 2305 - type: integer 2306 - type: string 2307 description: Storage represents the disk size. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity. 2308 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2309 x-kubernetes-int-or-string: true 2310 type: object 2311 userEmail: 2312 description: UserEmail contains the email of the owner of this cluster. During cluster creation only, this field will be used to bind the `cluster-admin` `ClusterRole` to a cluster owner. 2313 type: string 2314 userName: 2315 description: 'Deprecated: UserName contains the name of the owner of this cluster. This field is not actively used and will be removed in the future.' 2316 type: string 2317 versions: 2318 description: Versions contains information regarding the current and desired versions of the cluster control plane and worker nodes. 2319 properties: 2320 apiserver: 2321 description: Apiserver is the currently desired version of the kube-apiserver. During upgrades across multiple minor versions (e.g. from 1.20 to 1.23), this will gradually be increased by the update-controller until the desired cluster version (spec.version) is reached. 2322 type: string 2323 controlPlane: 2324 description: ControlPlane is the currently active cluster version. This can lag behind the apiserver version if an update is currently rolling out. 2325 type: string 2326 controllerManager: 2327 description: ControllerManager is the currently desired version of the kube-controller-manager. This field behaves the same as the apiserver field. 2328 type: string 2329 oldestNodeVersion: 2330 description: OldestNodeVersion is the oldest node version currently in use inside the cluster. This can be nil if there are no nodes. This field is primarily for speeding up reconciling, so that the controller doesn't have to re-fetch to the usercluster and query its node on every reconciliation. 2331 type: string 2332 scheduler: 2333 description: Scheduler is the currently desired version of the kube-scheduler. This field behaves the same as the apiserver field. 2334 type: string 2335 required: 2336 - apiserver 2337 - controlPlane 2338 - controllerManager 2339 - scheduler 2340 type: object 2341 type: object 2342 type: object 2343 served: true 2344 storage: true 2345 subresources: 2346 status: {}