sigs.k8s.io/cluster-api/bootstrap/kubeadm@v0.0.0-20191016155141-23a891785b60/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1beta1 4 kind: CustomResourceDefinition 5 metadata: 6 creationTimestamp: null 7 name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io 8 spec: 9 group: bootstrap.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: KubeadmConfigTemplate 14 listKind: KubeadmConfigTemplateList 15 plural: kubeadmconfigtemplates 16 singular: kubeadmconfigtemplate 17 scope: Namespaced 18 validation: 19 openAPIV3Schema: 20 description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates 21 API 22 properties: 23 apiVersion: 24 description: 'APIVersion defines the versioned schema of this representation 25 of an object. Servers should convert recognized schemas to the latest 26 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 27 type: string 28 kind: 29 description: 'Kind is a string value representing the REST resource this 30 object represents. Servers may infer this from the endpoint the client 31 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 32 type: string 33 metadata: 34 type: object 35 spec: 36 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate 37 properties: 38 template: 39 description: KubeadmConfigTemplateResource defines the Template structure 40 properties: 41 spec: 42 description: KubeadmConfigSpec defines the desired state of KubeadmConfig. 43 Either ClusterConfiguration and InitConfiguration should be defined 44 or the JoinConfiguration should be defined. 45 properties: 46 clusterConfiguration: 47 description: ClusterConfiguration along with InitConfiguration 48 are the configurations necessary for the init command 49 properties: 50 apiServer: 51 description: APIServer contains extra settings for the API 52 server control plane component 53 properties: 54 certSANs: 55 description: CertSANs sets extra Subject Alternative 56 Names for the API Server signing cert. 57 items: 58 type: string 59 type: array 60 extraArgs: 61 additionalProperties: 62 type: string 63 description: 'ExtraArgs is an extra set of flags to 64 pass to the control plane component. TODO: This is 65 temporary and ideally we would like to switch all 66 components to use ComponentConfig + ConfigMaps.' 67 type: object 68 extraVolumes: 69 description: ExtraVolumes is an extra set of host volumes, 70 mounted to the control plane component. 71 items: 72 description: HostPathMount contains elements describing 73 volumes that are mounted from the host. 74 properties: 75 hostPath: 76 description: HostPath is the path in the host 77 that will be mounted inside the pod. 78 type: string 79 mountPath: 80 description: MountPath is the path inside the 81 pod where hostPath will be mounted. 82 type: string 83 name: 84 description: Name of the volume inside the pod 85 template. 86 type: string 87 pathType: 88 description: PathType is the type of the HostPath. 89 type: string 90 readOnly: 91 description: ReadOnly controls write access to 92 the volume 93 type: boolean 94 required: 95 - hostPath 96 - mountPath 97 - name 98 type: object 99 type: array 100 timeoutForControlPlane: 101 description: TimeoutForControlPlane controls the timeout 102 that we use for API server to appear 103 type: string 104 type: object 105 apiVersion: 106 description: 'APIVersion defines the versioned schema of 107 this representation of an object. Servers should convert 108 recognized schemas to the latest internal value, and may 109 reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 110 type: string 111 certificatesDir: 112 description: CertificatesDir specifies where to store or 113 look for all required certificates. 114 type: string 115 clusterName: 116 description: The cluster name 117 type: string 118 controlPlaneEndpoint: 119 description: 'ControlPlaneEndpoint sets a stable IP address 120 or DNS name for the control plane; it can be a valid IP 121 address or a RFC-1123 DNS subdomain, both with optional 122 TCP port. In case the ControlPlaneEndpoint is not specified, 123 the AdvertiseAddress + BindPort are used; in case the 124 ControlPlaneEndpoint is specified but without a TCP port, 125 the BindPort is used. Possible usages are: e.g. In a cluster 126 with more than one control plane instances, this field 127 should be assigned the address of the external load balancer 128 in front of the control plane instances. e.g. in environments 129 with enforced node recycling, the ControlPlaneEndpoint 130 could be used for assigning a stable DNS to the control 131 plane. NB: This value defaults to the first value in the 132 Cluster object status.apiEndpoints array.' 133 type: string 134 controllerManager: 135 description: ControllerManager contains extra settings for 136 the controller manager control plane component 137 properties: 138 extraArgs: 139 additionalProperties: 140 type: string 141 description: 'ExtraArgs is an extra set of flags to 142 pass to the control plane component. TODO: This is 143 temporary and ideally we would like to switch all 144 components to use ComponentConfig + ConfigMaps.' 145 type: object 146 extraVolumes: 147 description: ExtraVolumes is an extra set of host volumes, 148 mounted to the control plane component. 149 items: 150 description: HostPathMount contains elements describing 151 volumes that are mounted from the host. 152 properties: 153 hostPath: 154 description: HostPath is the path in the host 155 that will be mounted inside the pod. 156 type: string 157 mountPath: 158 description: MountPath is the path inside the 159 pod where hostPath will be mounted. 160 type: string 161 name: 162 description: Name of the volume inside the pod 163 template. 164 type: string 165 pathType: 166 description: PathType is the type of the HostPath. 167 type: string 168 readOnly: 169 description: ReadOnly controls write access to 170 the volume 171 type: boolean 172 required: 173 - hostPath 174 - mountPath 175 - name 176 type: object 177 type: array 178 type: object 179 dns: 180 description: DNS defines the options for the DNS add-on 181 installed in the cluster. 182 properties: 183 imageRepository: 184 description: ImageRepository sets the container registry 185 to pull images from. if not set, the ImageRepository 186 defined in ClusterConfiguration will be used instead. 187 type: string 188 imageTag: 189 description: ImageTag allows to specify a tag for the 190 image. In case this value is set, kubeadm does not 191 change automatically the version of the above components 192 during upgrades. 193 type: string 194 type: 195 description: Type defines the DNS add-on to be used 196 type: string 197 required: 198 - type 199 type: object 200 etcd: 201 description: Etcd holds configuration for etcd. 202 properties: 203 external: 204 description: External describes how to connect to an 205 external etcd cluster Local and External are mutually 206 exclusive 207 properties: 208 caFile: 209 description: CAFile is an SSL Certificate Authority 210 file used to secure etcd communication. Required 211 if using a TLS connection. 212 type: string 213 certFile: 214 description: CertFile is an SSL certification file 215 used to secure etcd communication. Required if 216 using a TLS connection. 217 type: string 218 endpoints: 219 description: Endpoints of etcd members. Required 220 for ExternalEtcd. 221 items: 222 type: string 223 type: array 224 keyFile: 225 description: KeyFile is an SSL key file used to 226 secure etcd communication. Required if using a 227 TLS connection. 228 type: string 229 required: 230 - caFile 231 - certFile 232 - endpoints 233 - keyFile 234 type: object 235 local: 236 description: Local provides configuration knobs for 237 configuring the local etcd instance Local and External 238 are mutually exclusive 239 properties: 240 dataDir: 241 description: DataDir is the directory etcd will 242 place its data. Defaults to "/var/lib/etcd". 243 type: string 244 extraArgs: 245 additionalProperties: 246 type: string 247 description: ExtraArgs are extra arguments provided 248 to the etcd binary when run inside a static pod. 249 type: object 250 imageRepository: 251 description: ImageRepository sets the container 252 registry to pull images from. if not set, the 253 ImageRepository defined in ClusterConfiguration 254 will be used instead. 255 type: string 256 imageTag: 257 description: ImageTag allows to specify a tag for 258 the image. In case this value is set, kubeadm 259 does not change automatically the version of the 260 above components during upgrades. 261 type: string 262 peerCertSANs: 263 description: PeerCertSANs sets extra Subject Alternative 264 Names for the etcd peer signing cert. 265 items: 266 type: string 267 type: array 268 serverCertSANs: 269 description: ServerCertSANs sets extra Subject Alternative 270 Names for the etcd server signing cert. 271 items: 272 type: string 273 type: array 274 required: 275 - dataDir 276 type: object 277 type: object 278 featureGates: 279 additionalProperties: 280 type: boolean 281 description: FeatureGates enabled by the user. 282 type: object 283 imageRepository: 284 description: ImageRepository sets the container registry 285 to pull images from. If empty, `k8s.gcr.io` will be used 286 by default; in case of kubernetes version is a CI build 287 (kubernetes version starts with `ci/` or `ci-cross/`) 288 `gcr.io/kubernetes-ci-images` will be used as a default 289 for control plane components and for kube-proxy, while 290 `k8s.gcr.io` will be used for all the other images. 291 type: string 292 kind: 293 description: 'Kind is a string value representing the REST 294 resource this object represents. Servers may infer this 295 from the endpoint the client submits requests to. Cannot 296 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 297 type: string 298 kubernetesVersion: 299 description: 'KubernetesVersion is the target version of 300 the control plane. NB: This value defaults to the Machine 301 object spec.kuberentesVersion' 302 type: string 303 networking: 304 description: 'Networking holds configuration for the networking 305 topology of the cluster. NB: This value defaults to the 306 Cluster object spec.clusterNetwork.' 307 properties: 308 dnsDomain: 309 description: DNSDomain is the dns domain used by k8s 310 services. Defaults to "cluster.local". 311 type: string 312 podSubnet: 313 description: PodSubnet is the subnet used by pods. 314 type: string 315 serviceSubnet: 316 description: ServiceSubnet is the subnet used by k8s 317 services. Defaults to "10.96.0.0/12". 318 type: string 319 required: 320 - dnsDomain 321 - podSubnet 322 - serviceSubnet 323 type: object 324 scheduler: 325 description: Scheduler contains extra settings for the scheduler 326 control plane component 327 properties: 328 extraArgs: 329 additionalProperties: 330 type: string 331 description: 'ExtraArgs is an extra set of flags to 332 pass to the control plane component. TODO: This is 333 temporary and ideally we would like to switch all 334 components to use ComponentConfig + ConfigMaps.' 335 type: object 336 extraVolumes: 337 description: ExtraVolumes is an extra set of host volumes, 338 mounted to the control plane component. 339 items: 340 description: HostPathMount contains elements describing 341 volumes that are mounted from the host. 342 properties: 343 hostPath: 344 description: HostPath is the path in the host 345 that will be mounted inside the pod. 346 type: string 347 mountPath: 348 description: MountPath is the path inside the 349 pod where hostPath will be mounted. 350 type: string 351 name: 352 description: Name of the volume inside the pod 353 template. 354 type: string 355 pathType: 356 description: PathType is the type of the HostPath. 357 type: string 358 readOnly: 359 description: ReadOnly controls write access to 360 the volume 361 type: boolean 362 required: 363 - hostPath 364 - mountPath 365 - name 366 type: object 367 type: array 368 type: object 369 useHyperKubeImage: 370 description: UseHyperKubeImage controls if hyperkube should 371 be used for Kubernetes components instead of their respective 372 separate images 373 type: boolean 374 type: object 375 files: 376 description: Files specifies extra files to be passed to user_data 377 upon creation. 378 items: 379 description: File defines the input for generating write_files 380 in cloud-init. 381 properties: 382 content: 383 description: Content is the actual content of the file. 384 type: string 385 encoding: 386 description: Encoding specifies the encoding of the file 387 contents. 388 enum: 389 - base64 390 - gzip 391 - gzip+base64 392 type: string 393 owner: 394 description: Owner specifies the ownership of the file, 395 e.g. "root:root". 396 type: string 397 path: 398 description: Path specifies the full path on disk where 399 to store the file. 400 type: string 401 permissions: 402 description: Permissions specifies the permissions to 403 assign to the file, e.g. "0640". 404 type: string 405 required: 406 - content 407 - path 408 type: object 409 type: array 410 format: 411 description: Format specifies the output format of the bootstrap 412 data 413 enum: 414 - cloud-config 415 type: string 416 initConfiguration: 417 description: InitConfiguration along with ClusterConfiguration 418 are the configurations necessary for the init command 419 properties: 420 apiVersion: 421 description: 'APIVersion defines the versioned schema of 422 this representation of an object. Servers should convert 423 recognized schemas to the latest internal value, and may 424 reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 425 type: string 426 bootstrapTokens: 427 description: BootstrapTokens is respected at `kubeadm init` 428 time and describes a set of Bootstrap Tokens to create. 429 This information IS NOT uploaded to the kubeadm cluster 430 configmap, partly because of its sensitive nature 431 items: 432 description: BootstrapToken describes one bootstrap token, 433 stored as a Secret in the cluster 434 properties: 435 description: 436 description: Description sets a human-friendly message 437 why this token exists and what it's used for, so 438 other administrators can know its purpose. 439 type: string 440 expires: 441 description: Expires specifies the timestamp when 442 this token expires. Defaults to being set dynamically 443 at runtime based on the TTL. Expires and TTL are 444 mutually exclusive. 445 format: date-time 446 type: string 447 groups: 448 description: Groups specifies the extra groups that 449 this token will authenticate as when/if used for 450 authentication 451 items: 452 type: string 453 type: array 454 token: 455 description: Token is used for establishing bidirectional 456 trust between nodes and control-planes. Used for 457 joining nodes in the cluster. 458 type: object 459 ttl: 460 description: TTL defines the time to live for this 461 token. Defaults to 24h. Expires and TTL are mutually 462 exclusive. 463 type: string 464 usages: 465 description: Usages describes the ways in which this 466 token can be used. Can by default be used for establishing 467 bidirectional trust, but that can be changed here. 468 items: 469 type: string 470 type: array 471 required: 472 - token 473 type: object 474 type: array 475 kind: 476 description: 'Kind is a string value representing the REST 477 resource this object represents. Servers may infer this 478 from the endpoint the client submits requests to. Cannot 479 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 480 type: string 481 localAPIEndpoint: 482 description: LocalAPIEndpoint represents the endpoint of 483 the API server instance that's deployed on this control 484 plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 485 in the sense that ControlPlaneEndpoint is the global endpoint 486 for the cluster, which then loadbalances the requests 487 to each individual API server. This configuration object 488 lets you customize what IP/DNS name and port the local 489 API server advertises it's accessible on. By default, 490 kubeadm tries to auto-detect the IP of the default interface 491 and use that, but in case that process fails you may set 492 the desired value here. 493 properties: 494 advertiseAddress: 495 description: AdvertiseAddress sets the IP address for 496 the API server to advertise. 497 type: string 498 bindPort: 499 description: BindPort sets the secure port for the API 500 Server to bind to. Defaults to 6443. 501 format: int32 502 type: integer 503 required: 504 - advertiseAddress 505 - bindPort 506 type: object 507 nodeRegistration: 508 description: NodeRegistration holds fields that relate to 509 registering the new control-plane node to the cluster 510 properties: 511 criSocket: 512 description: CRISocket is used to retrieve container 513 runtime info. This information will be annotated to 514 the Node API object, for later re-use 515 type: string 516 kubeletExtraArgs: 517 additionalProperties: 518 type: string 519 description: KubeletExtraArgs passes through extra arguments 520 to the kubelet. The arguments here are passed to the 521 kubelet command line via the environment file kubeadm 522 writes at runtime for the kubelet to source. This 523 overrides the generic base-level configuration in 524 the kubelet-config-1.X ConfigMap Flags have higher 525 priority when parsing. These values are local and 526 specific to the node kubeadm is executing on. 527 type: object 528 name: 529 description: Name is the `.Metadata.Name` field of the 530 Node API object that will be created in this `kubeadm 531 init` or `kubeadm join` operation. This field is also 532 used in the CommonName field of the kubelet's client 533 certificate to the API server. Defaults to the hostname 534 of the node if not provided. 535 type: string 536 taints: 537 description: 'Taints specifies the taints the Node API 538 object should be registered with. If this field is 539 unset, i.e. nil, in the `kubeadm init` process it 540 will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 541 If you don''t want to taint your control-plane node, 542 set this field to an empty slice, i.e. `taints: {}` 543 in the YAML file. This field is solely used for Node 544 registration.' 545 items: 546 description: The node this Taint is attached to has 547 the "effect" on any pod that does not tolerate the 548 Taint. 549 properties: 550 effect: 551 description: Required. The effect of the taint 552 on pods that do not tolerate the taint. Valid 553 effects are NoSchedule, PreferNoSchedule and 554 NoExecute. 555 type: string 556 key: 557 description: Required. The taint key to be applied 558 to a node. 559 type: string 560 timeAdded: 561 description: TimeAdded represents the time at 562 which the taint was added. It is only written 563 for NoExecute taints. 564 format: date-time 565 type: string 566 value: 567 description: Required. The taint value corresponding 568 to the taint key. 569 type: string 570 required: 571 - effect 572 - key 573 type: object 574 type: array 575 type: object 576 type: object 577 joinConfiguration: 578 description: JoinConfiguration is the kubeadm configuration 579 for the join command 580 properties: 581 apiVersion: 582 description: 'APIVersion defines the versioned schema of 583 this representation of an object. Servers should convert 584 recognized schemas to the latest internal value, and may 585 reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' 586 type: string 587 caCertPath: 588 description: 'CACertPath is the path to the SSL certificate 589 authority used to secure comunications between node and 590 control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 591 TODO: revisit when there is defaulting from k/k' 592 type: string 593 controlPlane: 594 description: ControlPlane defines the additional control 595 plane instance to be deployed on the joining node. If 596 nil, no additional control plane instance will be deployed. 597 properties: 598 localAPIEndpoint: 599 description: LocalAPIEndpoint represents the endpoint 600 of the API server instance to be deployed on this 601 node. 602 properties: 603 advertiseAddress: 604 description: AdvertiseAddress sets the IP address 605 for the API server to advertise. 606 type: string 607 bindPort: 608 description: BindPort sets the secure port for the 609 API Server to bind to. Defaults to 6443. 610 format: int32 611 type: integer 612 required: 613 - advertiseAddress 614 - bindPort 615 type: object 616 type: object 617 discovery: 618 description: 'Discovery specifies the options for the kubelet 619 to use during the TLS Bootstrap process TODO: revisit 620 when there is defaulting from k/k' 621 properties: 622 bootstrapToken: 623 description: BootstrapToken is used to set the options 624 for bootstrap token based discovery BootstrapToken 625 and File are mutually exclusive 626 properties: 627 apiServerEndpoint: 628 description: APIServerEndpoint is an IP or domain 629 name to the API server from which info will be 630 fetched. 631 type: string 632 caCertHashes: 633 description: 'CACertHashes specifies a set of public 634 key pins to verify when token-based discovery 635 is used. The root CA found during discovery must 636 match one of these values. Specifying an empty 637 set disables root CA pinning, which can be unsafe. 638 Each hash is specified as "<type>:<value>", where 639 the only currently supported type is "sha256". 640 This is a hex-encoded SHA-256 hash of the Subject 641 Public Key Info (SPKI) object in DER-encoded ASN.1. 642 These hashes can be calculated using, for example, 643 OpenSSL: openssl x509 -pubkey -in ca.crt openssl 644 rsa -pubin -outform der 2>&/dev/null | openssl 645 dgst -sha256 -hex' 646 items: 647 type: string 648 type: array 649 token: 650 description: Token is a token used to validate cluster 651 information fetched from the control-plane. 652 type: string 653 unsafeSkipCAVerification: 654 description: UnsafeSkipCAVerification allows token-based 655 discovery without CA verification via CACertHashes. 656 This can weaken the security of kubeadm since 657 other nodes can impersonate the control-plane. 658 type: boolean 659 required: 660 - token 661 - unsafeSkipCAVerification 662 type: object 663 file: 664 description: File is used to specify a file or URL to 665 a kubeconfig file from which to load cluster information 666 BootstrapToken and File are mutually exclusive 667 properties: 668 kubeConfigPath: 669 description: KubeConfigPath is used to specify the 670 actual file path or URL to the kubeconfig file 671 from which to load cluster information 672 type: string 673 required: 674 - kubeConfigPath 675 type: object 676 timeout: 677 description: Timeout modifies the discovery timeout 678 type: string 679 tlsBootstrapToken: 680 description: 'TLSBootstrapToken is a token used for 681 TLS bootstrapping. If .BootstrapToken is set, this 682 field is defaulted to .BootstrapToken.Token, but can 683 be overridden. If .File is set, this field **must 684 be set** in case the KubeConfigFile does not contain 685 any other authentication information TODO: revisit 686 when there is defaulting from k/k' 687 type: string 688 type: object 689 kind: 690 description: 'Kind is a string value representing the REST 691 resource this object represents. Servers may infer this 692 from the endpoint the client submits requests to. Cannot 693 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' 694 type: string 695 nodeRegistration: 696 description: NodeRegistration holds fields that relate to 697 registering the new control-plane node to the cluster 698 properties: 699 criSocket: 700 description: CRISocket is used to retrieve container 701 runtime info. This information will be annotated to 702 the Node API object, for later re-use 703 type: string 704 kubeletExtraArgs: 705 additionalProperties: 706 type: string 707 description: KubeletExtraArgs passes through extra arguments 708 to the kubelet. The arguments here are passed to the 709 kubelet command line via the environment file kubeadm 710 writes at runtime for the kubelet to source. This 711 overrides the generic base-level configuration in 712 the kubelet-config-1.X ConfigMap Flags have higher 713 priority when parsing. These values are local and 714 specific to the node kubeadm is executing on. 715 type: object 716 name: 717 description: Name is the `.Metadata.Name` field of the 718 Node API object that will be created in this `kubeadm 719 init` or `kubeadm join` operation. This field is also 720 used in the CommonName field of the kubelet's client 721 certificate to the API server. Defaults to the hostname 722 of the node if not provided. 723 type: string 724 taints: 725 description: 'Taints specifies the taints the Node API 726 object should be registered with. If this field is 727 unset, i.e. nil, in the `kubeadm init` process it 728 will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 729 If you don''t want to taint your control-plane node, 730 set this field to an empty slice, i.e. `taints: {}` 731 in the YAML file. This field is solely used for Node 732 registration.' 733 items: 734 description: The node this Taint is attached to has 735 the "effect" on any pod that does not tolerate the 736 Taint. 737 properties: 738 effect: 739 description: Required. The effect of the taint 740 on pods that do not tolerate the taint. Valid 741 effects are NoSchedule, PreferNoSchedule and 742 NoExecute. 743 type: string 744 key: 745 description: Required. The taint key to be applied 746 to a node. 747 type: string 748 timeAdded: 749 description: TimeAdded represents the time at 750 which the taint was added. It is only written 751 for NoExecute taints. 752 format: date-time 753 type: string 754 value: 755 description: Required. The taint value corresponding 756 to the taint key. 757 type: string 758 required: 759 - effect 760 - key 761 type: object 762 type: array 763 type: object 764 required: 765 - nodeRegistration 766 type: object 767 ntp: 768 description: NTP specifies NTP configuration 769 properties: 770 enabled: 771 description: Enabled specifies whether NTP should be enabled 772 type: boolean 773 servers: 774 description: Servers specifies which NTP servers to use 775 items: 776 type: string 777 type: array 778 type: object 779 postKubeadmCommands: 780 description: PostKubeadmCommands specifies extra commands to 781 run after kubeadm runs 782 items: 783 type: string 784 type: array 785 preKubeadmCommands: 786 description: PreKubeadmCommands specifies extra commands to 787 run before kubeadm runs 788 items: 789 type: string 790 type: array 791 users: 792 description: Users specifies extra users to add 793 items: 794 description: User defines the input for a generated user in 795 cloud-init. 796 properties: 797 gecos: 798 description: Gecos specifies the gecos to use for the 799 user 800 type: string 801 groups: 802 description: Groups specifies the additional groups for 803 the user 804 type: string 805 homeDir: 806 description: HomeDir specifies the home directory to use 807 for the user 808 type: string 809 inactive: 810 description: Inactive specifies whether to mark the user 811 as inactive 812 type: boolean 813 lockPassword: 814 description: LockPassword specifies if password login 815 should be disabled 816 type: boolean 817 name: 818 description: Name specifies the user name 819 type: string 820 passwd: 821 description: Passwd specifies a hashed password for the 822 user 823 type: string 824 primaryGroup: 825 description: PrimaryGroup specifies the primary group 826 for the user 827 type: string 828 shell: 829 description: Shell specifies the user's shell 830 type: string 831 sshAuthorizedKeys: 832 description: SSHAuthorizedKeys specifies a list of ssh 833 authorized keys for the user 834 items: 835 type: string 836 type: array 837 sudo: 838 description: Sudo specifies a sudo role for the user 839 type: string 840 required: 841 - name 842 type: object 843 type: array 844 type: object 845 type: object 846 required: 847 - template 848 type: object 849 type: object 850 version: v1alpha2 851 versions: 852 - name: v1alpha2 853 served: true 854 storage: true 855 status: 856 acceptedNames: 857 kind: "" 858 plural: "" 859 conditions: [] 860 storedVersions: []