sigs.k8s.io/cluster-api@v1.6.3/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.13.0 7 name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io 8 spec: 9 group: bootstrap.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: KubeadmConfigTemplate 14 listKind: KubeadmConfigTemplateList 15 plural: kubeadmconfigtemplates 16 singular: kubeadmconfigtemplate 17 scope: Namespaced 18 versions: 19 - deprecated: true 20 name: v1alpha3 21 schema: 22 openAPIV3Schema: 23 description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates 24 API. \n Deprecated: This type will be removed in one of the next releases." 25 properties: 26 apiVersion: 27 description: 'APIVersion defines the versioned schema of this representation 28 of an object. Servers should convert recognized schemas to the latest 29 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 30 type: string 31 kind: 32 description: 'Kind is a string value representing the REST resource this 33 object represents. Servers may infer this from the endpoint the client 34 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 35 type: string 36 metadata: 37 type: object 38 spec: 39 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 40 properties: 41 template: 42 description: KubeadmConfigTemplateResource defines the Template structure. 43 properties: 44 spec: 45 description: KubeadmConfigSpec defines the desired state of KubeadmConfig. 46 Either ClusterConfiguration and InitConfiguration should be 47 defined or the JoinConfiguration should be defined. 48 properties: 49 clusterConfiguration: 50 description: ClusterConfiguration along with InitConfiguration 51 are the configurations necessary for the init command 52 properties: 53 apiServer: 54 description: APIServer contains extra settings for the 55 API server control plane component 56 properties: 57 certSANs: 58 description: CertSANs sets extra Subject Alternative 59 Names for the API Server signing cert. 60 items: 61 type: string 62 type: array 63 extraArgs: 64 additionalProperties: 65 type: string 66 description: 'ExtraArgs is an extra set of flags to 67 pass to the control plane component. TODO: This 68 is temporary and ideally we would like to switch 69 all components to use ComponentConfig + ConfigMaps.' 70 type: object 71 extraVolumes: 72 description: ExtraVolumes is an extra set of host 73 volumes, mounted to the control plane component. 74 items: 75 description: HostPathMount contains elements describing 76 volumes that are mounted from the host. 77 properties: 78 hostPath: 79 description: HostPath is the path in the host 80 that will be mounted inside the pod. 81 type: string 82 mountPath: 83 description: MountPath is the path inside the 84 pod where hostPath will be mounted. 85 type: string 86 name: 87 description: Name of the volume inside the pod 88 template. 89 type: string 90 pathType: 91 description: PathType is the type of the HostPath. 92 type: string 93 readOnly: 94 description: ReadOnly controls write access 95 to the volume 96 type: boolean 97 required: 98 - hostPath 99 - mountPath 100 - name 101 type: object 102 type: array 103 timeoutForControlPlane: 104 description: TimeoutForControlPlane controls the timeout 105 that we use for API server to appear 106 type: string 107 type: object 108 apiVersion: 109 description: 'APIVersion defines the versioned schema 110 of this representation of an object. Servers should 111 convert recognized schemas to the latest internal value, 112 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 113 type: string 114 certificatesDir: 115 description: 'CertificatesDir specifies where to store 116 or look for all required certificates. NB: if not provided, 117 this will default to `/etc/kubernetes/pki`' 118 type: string 119 clusterName: 120 description: The cluster name 121 type: string 122 controlPlaneEndpoint: 123 description: 'ControlPlaneEndpoint sets a stable IP address 124 or DNS name for the control plane; it can be a valid 125 IP address or a RFC-1123 DNS subdomain, both with optional 126 TCP port. In case the ControlPlaneEndpoint is not specified, 127 the AdvertiseAddress + BindPort are used; in case the 128 ControlPlaneEndpoint is specified but without a TCP 129 port, the BindPort is used. Possible usages are: e.g. 130 In a cluster with more than one control plane instances, 131 this field should be assigned the address of the external 132 load balancer in front of the control plane instances. 133 e.g. in environments with enforced node recycling, 134 the ControlPlaneEndpoint could be used for assigning 135 a stable DNS to the control plane. NB: This value defaults 136 to the first value in the Cluster object status.apiEndpoints 137 array.' 138 type: string 139 controllerManager: 140 description: ControllerManager contains extra settings 141 for the controller manager control plane component 142 properties: 143 extraArgs: 144 additionalProperties: 145 type: string 146 description: 'ExtraArgs is an extra set of flags to 147 pass to the control plane component. TODO: This 148 is temporary and ideally we would like to switch 149 all components to use ComponentConfig + ConfigMaps.' 150 type: object 151 extraVolumes: 152 description: ExtraVolumes is an extra set of host 153 volumes, mounted to the control plane component. 154 items: 155 description: HostPathMount contains elements describing 156 volumes that are mounted from the host. 157 properties: 158 hostPath: 159 description: HostPath is the path in the host 160 that will be mounted inside the pod. 161 type: string 162 mountPath: 163 description: MountPath is the path inside the 164 pod where hostPath will be mounted. 165 type: string 166 name: 167 description: Name of the volume inside the pod 168 template. 169 type: string 170 pathType: 171 description: PathType is the type of the HostPath. 172 type: string 173 readOnly: 174 description: ReadOnly controls write access 175 to the volume 176 type: boolean 177 required: 178 - hostPath 179 - mountPath 180 - name 181 type: object 182 type: array 183 type: object 184 dns: 185 description: DNS defines the options for the DNS add-on 186 installed in the cluster. 187 properties: 188 imageRepository: 189 description: ImageRepository sets the container registry 190 to pull images from. if not set, the ImageRepository 191 defined in ClusterConfiguration will be used instead. 192 type: string 193 imageTag: 194 description: ImageTag allows to specify a tag for 195 the image. In case this value is set, kubeadm does 196 not change automatically the version of the above 197 components during upgrades. 198 type: string 199 type: 200 description: Type defines the DNS add-on to be used 201 type: string 202 type: object 203 etcd: 204 description: 'Etcd holds configuration for etcd. NB: This 205 value defaults to a Local (stacked) etcd' 206 properties: 207 external: 208 description: External describes how to connect to 209 an external etcd cluster Local and External are 210 mutually exclusive 211 properties: 212 caFile: 213 description: CAFile is an SSL Certificate Authority 214 file used to secure etcd communication. Required 215 if using a TLS connection. 216 type: string 217 certFile: 218 description: CertFile is an SSL certification 219 file used to secure etcd communication. Required 220 if using a TLS connection. 221 type: string 222 endpoints: 223 description: Endpoints of etcd members. Required 224 for ExternalEtcd. 225 items: 226 type: string 227 type: array 228 keyFile: 229 description: KeyFile is an SSL key file used to 230 secure etcd communication. Required if using 231 a TLS connection. 232 type: string 233 required: 234 - caFile 235 - certFile 236 - endpoints 237 - keyFile 238 type: object 239 local: 240 description: Local provides configuration knobs for 241 configuring the local etcd instance Local and External 242 are mutually exclusive 243 properties: 244 dataDir: 245 description: DataDir is the directory etcd will 246 place its data. Defaults to "/var/lib/etcd". 247 type: string 248 extraArgs: 249 additionalProperties: 250 type: string 251 description: ExtraArgs are extra arguments provided 252 to the etcd binary when run inside a static 253 pod. 254 type: object 255 imageRepository: 256 description: ImageRepository sets the container 257 registry to pull images from. if not set, the 258 ImageRepository defined in ClusterConfiguration 259 will be used instead. 260 type: string 261 imageTag: 262 description: ImageTag allows to specify a tag 263 for the image. In case this value is set, kubeadm 264 does not change automatically the version of 265 the above components during upgrades. 266 type: string 267 peerCertSANs: 268 description: PeerCertSANs sets extra Subject Alternative 269 Names for the etcd peer signing cert. 270 items: 271 type: string 272 type: array 273 serverCertSANs: 274 description: ServerCertSANs sets extra Subject 275 Alternative Names for the etcd server signing 276 cert. 277 items: 278 type: string 279 type: array 280 type: object 281 type: object 282 featureGates: 283 additionalProperties: 284 type: boolean 285 description: FeatureGates enabled by the user. 286 type: object 287 imageRepository: 288 description: ImageRepository sets the container registry 289 to pull images from. If empty, `k8s.gcr.io` will be 290 used by default; in case of kubernetes version is a 291 CI build (kubernetes version starts with `ci/` or `ci-cross/`) 292 `gcr.io/k8s-staging-ci-images` will be used as a default 293 for control plane components and for kube-proxy, while 294 `k8s.gcr.io` will be used for all the other images. 295 type: string 296 kind: 297 description: 'Kind is a string value representing the 298 REST resource this object represents. Servers may infer 299 this from the endpoint the client submits requests to. 300 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 301 type: string 302 kubernetesVersion: 303 description: 'KubernetesVersion is the target version 304 of the control plane. NB: This value defaults to the 305 Machine object spec.version' 306 type: string 307 networking: 308 description: 'Networking holds configuration for the networking 309 topology of the cluster. NB: This value defaults to 310 the Cluster object spec.clusterNetwork.' 311 properties: 312 dnsDomain: 313 description: DNSDomain is the dns domain used by k8s 314 services. Defaults to "cluster.local". 315 type: string 316 podSubnet: 317 description: PodSubnet is the subnet used by pods. 318 If unset, the API server will not allocate CIDR 319 ranges for every node. Defaults to a comma-delimited 320 string of the Cluster object's spec.clusterNetwork.services.cidrBlocks 321 if that is set 322 type: string 323 serviceSubnet: 324 description: ServiceSubnet is the subnet used by k8s 325 services. Defaults to a comma-delimited string of 326 the Cluster object's spec.clusterNetwork.pods.cidrBlocks, 327 or to "10.96.0.0/12" if that's unset. 328 type: string 329 type: object 330 scheduler: 331 description: Scheduler contains extra settings for the 332 scheduler control plane component 333 properties: 334 extraArgs: 335 additionalProperties: 336 type: string 337 description: 'ExtraArgs is an extra set of flags to 338 pass to the control plane component. TODO: This 339 is temporary and ideally we would like to switch 340 all components to use ComponentConfig + ConfigMaps.' 341 type: object 342 extraVolumes: 343 description: ExtraVolumes is an extra set of host 344 volumes, mounted to the control plane component. 345 items: 346 description: HostPathMount contains elements describing 347 volumes that are mounted from the host. 348 properties: 349 hostPath: 350 description: HostPath is the path in the host 351 that will be mounted inside the pod. 352 type: string 353 mountPath: 354 description: MountPath is the path inside the 355 pod where hostPath will be mounted. 356 type: string 357 name: 358 description: Name of the volume inside the pod 359 template. 360 type: string 361 pathType: 362 description: PathType is the type of the HostPath. 363 type: string 364 readOnly: 365 description: ReadOnly controls write access 366 to the volume 367 type: boolean 368 required: 369 - hostPath 370 - mountPath 371 - name 372 type: object 373 type: array 374 type: object 375 useHyperKubeImage: 376 description: UseHyperKubeImage controls if hyperkube should 377 be used for Kubernetes components instead of their respective 378 separate images 379 type: boolean 380 type: object 381 diskSetup: 382 description: DiskSetup specifies options for the creation 383 of partition tables and file systems on devices. 384 properties: 385 filesystems: 386 description: Filesystems specifies the list of file systems 387 to setup. 388 items: 389 description: Filesystem defines the file systems to 390 be created. 391 properties: 392 device: 393 description: Device specifies the device name 394 type: string 395 extraOpts: 396 description: ExtraOpts defined extra options to 397 add to the command for creating the file system. 398 items: 399 type: string 400 type: array 401 filesystem: 402 description: Filesystem specifies the file system 403 type. 404 type: string 405 label: 406 description: Label specifies the file system label 407 to be used. If set to None, no label is used. 408 type: string 409 overwrite: 410 description: Overwrite defines whether or not to 411 overwrite any existing filesystem. If true, any 412 pre-existing file system will be destroyed. Use 413 with Caution. 414 type: boolean 415 partition: 416 description: 'Partition specifies the partition 417 to use. The valid options are: "auto|any", "auto", 418 "any", "none", and <NUM>, where NUM is the actual 419 partition number.' 420 type: string 421 replaceFS: 422 description: 'ReplaceFS is a special directive, 423 used for Microsoft Azure that instructs cloud-init 424 to replace a file system of <FS_TYPE>. NOTE: unless 425 you define a label, this requires the use of the 426 ''any'' partition directive.' 427 type: string 428 required: 429 - device 430 - filesystem 431 - label 432 type: object 433 type: array 434 partitions: 435 description: Partitions specifies the list of the partitions 436 to setup. 437 items: 438 description: Partition defines how to create and layout 439 a partition. 440 properties: 441 device: 442 description: Device is the name of the device. 443 type: string 444 layout: 445 description: Layout specifies the device layout. 446 If it is true, a single partition will be created 447 for the entire device. When layout is false, it 448 means don't partition or ignore existing partitioning. 449 type: boolean 450 overwrite: 451 description: Overwrite describes whether to skip 452 checks and create the partition if a partition 453 or filesystem is found on the device. Use with 454 caution. Default is 'false'. 455 type: boolean 456 tableType: 457 description: 'TableType specifies the tupe of partition 458 table. The following are supported: ''mbr'': default 459 and setups a MS-DOS partition table ''gpt'': setups 460 a GPT partition table' 461 type: string 462 required: 463 - device 464 - layout 465 type: object 466 type: array 467 type: object 468 files: 469 description: Files specifies extra files to be passed to user_data 470 upon creation. 471 items: 472 description: File defines the input for generating write_files 473 in cloud-init. 474 properties: 475 content: 476 description: Content is the actual content of the file. 477 type: string 478 contentFrom: 479 description: ContentFrom is a referenced source of content 480 to populate the file. 481 properties: 482 secret: 483 description: Secret represents a secret that should 484 populate this file. 485 properties: 486 key: 487 description: Key is the key in the secret's 488 data map for this value. 489 type: string 490 name: 491 description: Name of the secret in the KubeadmBootstrapConfig's 492 namespace to use. 493 type: string 494 required: 495 - key 496 - name 497 type: object 498 required: 499 - secret 500 type: object 501 encoding: 502 description: Encoding specifies the encoding of the 503 file contents. 504 enum: 505 - base64 506 - gzip 507 - gzip+base64 508 type: string 509 owner: 510 description: Owner specifies the ownership of the file, 511 e.g. "root:root". 512 type: string 513 path: 514 description: Path specifies the full path on disk where 515 to store the file. 516 type: string 517 permissions: 518 description: Permissions specifies the permissions to 519 assign to the file, e.g. "0640". 520 type: string 521 required: 522 - path 523 type: object 524 type: array 525 format: 526 description: Format specifies the output format of the bootstrap 527 data 528 enum: 529 - cloud-config 530 type: string 531 initConfiguration: 532 description: InitConfiguration along with ClusterConfiguration 533 are the configurations necessary for the init command 534 properties: 535 apiVersion: 536 description: 'APIVersion defines the versioned schema 537 of this representation of an object. Servers should 538 convert recognized schemas to the latest internal value, 539 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 540 type: string 541 bootstrapTokens: 542 description: BootstrapTokens is respected at `kubeadm 543 init` time and describes a set of Bootstrap Tokens to 544 create. This information IS NOT uploaded to the kubeadm 545 cluster configmap, partly because of its sensitive nature 546 items: 547 description: BootstrapToken describes one bootstrap 548 token, stored as a Secret in the cluster. 549 properties: 550 description: 551 description: Description sets a human-friendly message 552 why this token exists and what it's used for, 553 so other administrators can know its purpose. 554 type: string 555 expires: 556 description: Expires specifies the timestamp when 557 this token expires. Defaults to being set dynamically 558 at runtime based on the TTL. Expires and TTL are 559 mutually exclusive. 560 format: date-time 561 type: string 562 groups: 563 description: Groups specifies the extra groups that 564 this token will authenticate as when/if used for 565 authentication 566 items: 567 type: string 568 type: array 569 token: 570 description: Token is used for establishing bidirectional 571 trust between nodes and control-planes. Used for 572 joining nodes in the cluster. 573 type: string 574 ttl: 575 description: TTL defines the time to live for this 576 token. Defaults to 24h. Expires and TTL are mutually 577 exclusive. 578 type: string 579 usages: 580 description: Usages describes the ways in which 581 this token can be used. Can by default be used 582 for establishing bidirectional trust, but that 583 can be changed here. 584 items: 585 type: string 586 type: array 587 required: 588 - token 589 type: object 590 type: array 591 kind: 592 description: 'Kind is a string value representing the 593 REST resource this object represents. Servers may infer 594 this from the endpoint the client submits requests to. 595 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 596 type: string 597 localAPIEndpoint: 598 description: LocalAPIEndpoint represents the endpoint 599 of the API server instance that's deployed on this control 600 plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 601 in the sense that ControlPlaneEndpoint is the global 602 endpoint for the cluster, which then loadbalances the 603 requests to each individual API server. This configuration 604 object lets you customize what IP/DNS name and port 605 the local API server advertises it's accessible on. 606 By default, kubeadm tries to auto-detect the IP of the 607 default interface and use that, but in case that process 608 fails you may set the desired value here. 609 properties: 610 advertiseAddress: 611 description: AdvertiseAddress sets the IP address 612 for the API server to advertise. 613 type: string 614 bindPort: 615 description: BindPort sets the secure port for the 616 API Server to bind to. Defaults to 6443. 617 format: int32 618 type: integer 619 required: 620 - advertiseAddress 621 - bindPort 622 type: object 623 nodeRegistration: 624 description: NodeRegistration holds fields that relate 625 to registering the new control-plane node to the cluster. 626 When used in the context of control plane nodes, NodeRegistration 627 should remain consistent across both InitConfiguration 628 and JoinConfiguration 629 properties: 630 criSocket: 631 description: CRISocket is used to retrieve container 632 runtime info. This information will be annotated 633 to the Node API object, for later re-use 634 type: string 635 kubeletExtraArgs: 636 additionalProperties: 637 type: string 638 description: KubeletExtraArgs passes through extra 639 arguments to the kubelet. The arguments here are 640 passed to the kubelet command line via the environment 641 file kubeadm writes at runtime for the kubelet to 642 source. This overrides the generic base-level configuration 643 in the kubelet-config-1.X ConfigMap Flags have higher 644 priority when parsing. These values are local and 645 specific to the node kubeadm is executing on. 646 type: object 647 name: 648 description: Name is the `.Metadata.Name` field of 649 the Node API object that will be created in this 650 `kubeadm init` or `kubeadm join` operation. This 651 field is also used in the CommonName field of the 652 kubelet's client certificate to the API server. 653 Defaults to the hostname of the node if not provided. 654 type: string 655 taints: 656 description: 'Taints specifies the taints the Node 657 API object should be registered with. If this field 658 is unset, i.e. nil, in the `kubeadm init` process 659 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 660 If you don''t want to taint your control-plane node, 661 set this field to an empty slice, i.e. `taints: 662 {}` in the YAML file. This field is solely used 663 for Node registration.' 664 items: 665 description: The node this Taint is attached to 666 has the "effect" on any pod that does not tolerate 667 the Taint. 668 properties: 669 effect: 670 description: Required. The effect of the taint 671 on pods that do not tolerate the taint. Valid 672 effects are NoSchedule, PreferNoSchedule and 673 NoExecute. 674 type: string 675 key: 676 description: Required. The taint key to be applied 677 to a node. 678 type: string 679 timeAdded: 680 description: TimeAdded represents the time at 681 which the taint was added. It is only written 682 for NoExecute taints. 683 format: date-time 684 type: string 685 value: 686 description: The taint value corresponding to 687 the taint key. 688 type: string 689 required: 690 - effect 691 - key 692 type: object 693 type: array 694 type: object 695 type: object 696 joinConfiguration: 697 description: JoinConfiguration is the kubeadm configuration 698 for the join command 699 properties: 700 apiVersion: 701 description: 'APIVersion defines the versioned schema 702 of this representation of an object. Servers should 703 convert recognized schemas to the latest internal value, 704 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 705 type: string 706 caCertPath: 707 description: 'CACertPath is the path to the SSL certificate 708 authority used to secure comunications between node 709 and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 710 TODO: revisit when there is defaulting from k/k' 711 type: string 712 controlPlane: 713 description: ControlPlane defines the additional control 714 plane instance to be deployed on the joining node. If 715 nil, no additional control plane instance will be deployed. 716 properties: 717 localAPIEndpoint: 718 description: LocalAPIEndpoint represents the endpoint 719 of the API server instance to be deployed on this 720 node. 721 properties: 722 advertiseAddress: 723 description: AdvertiseAddress sets the IP address 724 for the API server to advertise. 725 type: string 726 bindPort: 727 description: BindPort sets the secure port for 728 the API Server to bind to. Defaults to 6443. 729 format: int32 730 type: integer 731 required: 732 - advertiseAddress 733 - bindPort 734 type: object 735 type: object 736 discovery: 737 description: 'Discovery specifies the options for the 738 kubelet to use during the TLS Bootstrap process TODO: 739 revisit when there is defaulting from k/k' 740 properties: 741 bootstrapToken: 742 description: BootstrapToken is used to set the options 743 for bootstrap token based discovery BootstrapToken 744 and File are mutually exclusive 745 properties: 746 apiServerEndpoint: 747 description: APIServerEndpoint is an IP or domain 748 name to the API server from which info will 749 be fetched. 750 type: string 751 caCertHashes: 752 description: 'CACertHashes specifies a set of 753 public key pins to verify when token-based discovery 754 is used. The root CA found during discovery 755 must match one of these values. Specifying an 756 empty set disables root CA pinning, which can 757 be unsafe. Each hash is specified as "<type>:<value>", 758 where the only currently supported type is "sha256". 759 This is a hex-encoded SHA-256 hash of the Subject 760 Public Key Info (SPKI) object in DER-encoded 761 ASN.1. These hashes can be calculated using, 762 for example, OpenSSL: openssl x509 -pubkey -in 763 ca.crt openssl rsa -pubin -outform der 2>&/dev/null 764 | openssl dgst -sha256 -hex' 765 items: 766 type: string 767 type: array 768 token: 769 description: Token is a token used to validate 770 cluster information fetched from the control-plane. 771 type: string 772 unsafeSkipCAVerification: 773 description: UnsafeSkipCAVerification allows token-based 774 discovery without CA verification via CACertHashes. 775 This can weaken the security of kubeadm since 776 other nodes can impersonate the control-plane. 777 type: boolean 778 required: 779 - token 780 - unsafeSkipCAVerification 781 type: object 782 file: 783 description: File is used to specify a file or URL 784 to a kubeconfig file from which to load cluster 785 information BootstrapToken and File are mutually 786 exclusive 787 properties: 788 kubeConfigPath: 789 description: KubeConfigPath is used to specify 790 the actual file path or URL to the kubeconfig 791 file from which to load cluster information 792 type: string 793 required: 794 - kubeConfigPath 795 type: object 796 timeout: 797 description: Timeout modifies the discovery timeout 798 type: string 799 tlsBootstrapToken: 800 description: 'TLSBootstrapToken is a token used for 801 TLS bootstrapping. If .BootstrapToken is set, this 802 field is defaulted to .BootstrapToken.Token, but 803 can be overridden. If .File is set, this field **must 804 be set** in case the KubeConfigFile does not contain 805 any other authentication information TODO: revisit 806 when there is defaulting from k/k' 807 type: string 808 type: object 809 kind: 810 description: 'Kind is a string value representing the 811 REST resource this object represents. Servers may infer 812 this from the endpoint the client submits requests to. 813 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 814 type: string 815 nodeRegistration: 816 description: NodeRegistration holds fields that relate 817 to registering the new control-plane node to the cluster. 818 When used in the context of control plane nodes, NodeRegistration 819 should remain consistent across both InitConfiguration 820 and JoinConfiguration 821 properties: 822 criSocket: 823 description: CRISocket is used to retrieve container 824 runtime info. This information will be annotated 825 to the Node API object, for later re-use 826 type: string 827 kubeletExtraArgs: 828 additionalProperties: 829 type: string 830 description: KubeletExtraArgs passes through extra 831 arguments to the kubelet. The arguments here are 832 passed to the kubelet command line via the environment 833 file kubeadm writes at runtime for the kubelet to 834 source. This overrides the generic base-level configuration 835 in the kubelet-config-1.X ConfigMap Flags have higher 836 priority when parsing. These values are local and 837 specific to the node kubeadm is executing on. 838 type: object 839 name: 840 description: Name is the `.Metadata.Name` field of 841 the Node API object that will be created in this 842 `kubeadm init` or `kubeadm join` operation. This 843 field is also used in the CommonName field of the 844 kubelet's client certificate to the API server. 845 Defaults to the hostname of the node if not provided. 846 type: string 847 taints: 848 description: 'Taints specifies the taints the Node 849 API object should be registered with. If this field 850 is unset, i.e. nil, in the `kubeadm init` process 851 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 852 If you don''t want to taint your control-plane node, 853 set this field to an empty slice, i.e. `taints: 854 {}` in the YAML file. This field is solely used 855 for Node registration.' 856 items: 857 description: The node this Taint is attached to 858 has the "effect" on any pod that does not tolerate 859 the Taint. 860 properties: 861 effect: 862 description: Required. The effect of the taint 863 on pods that do not tolerate the taint. Valid 864 effects are NoSchedule, PreferNoSchedule and 865 NoExecute. 866 type: string 867 key: 868 description: Required. The taint key to be applied 869 to a node. 870 type: string 871 timeAdded: 872 description: TimeAdded represents the time at 873 which the taint was added. It is only written 874 for NoExecute taints. 875 format: date-time 876 type: string 877 value: 878 description: The taint value corresponding to 879 the taint key. 880 type: string 881 required: 882 - effect 883 - key 884 type: object 885 type: array 886 type: object 887 type: object 888 mounts: 889 description: Mounts specifies a list of mount points to be 890 setup. 891 items: 892 description: MountPoints defines input for generated mounts 893 in cloud-init. 894 items: 895 type: string 896 type: array 897 type: array 898 ntp: 899 description: NTP specifies NTP configuration 900 properties: 901 enabled: 902 description: Enabled specifies whether NTP should be enabled 903 type: boolean 904 servers: 905 description: Servers specifies which NTP servers to use 906 items: 907 type: string 908 type: array 909 type: object 910 postKubeadmCommands: 911 description: PostKubeadmCommands specifies extra commands 912 to run after kubeadm runs 913 items: 914 type: string 915 type: array 916 preKubeadmCommands: 917 description: PreKubeadmCommands specifies extra commands to 918 run before kubeadm runs 919 items: 920 type: string 921 type: array 922 useExperimentalRetryJoin: 923 description: "UseExperimentalRetryJoin replaces a basic kubeadm 924 command with a shell script with retries for joins. \n This 925 is meant to be an experimental temporary workaround on some 926 environments where joins fail due to timing (and other issues). 927 The long term goal is to add retries to kubeadm proper and 928 use that functionality. \n This will add about 40KB to userdata 929 \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." 930 type: boolean 931 users: 932 description: Users specifies extra users to add 933 items: 934 description: User defines the input for a generated user 935 in cloud-init. 936 properties: 937 gecos: 938 description: Gecos specifies the gecos to use for the 939 user 940 type: string 941 groups: 942 description: Groups specifies the additional groups 943 for the user 944 type: string 945 homeDir: 946 description: HomeDir specifies the home directory to 947 use for the user 948 type: string 949 inactive: 950 description: Inactive specifies whether to mark the 951 user as inactive 952 type: boolean 953 lockPassword: 954 description: LockPassword specifies if password login 955 should be disabled 956 type: boolean 957 name: 958 description: Name specifies the user name 959 type: string 960 passwd: 961 description: Passwd specifies a hashed password for 962 the user 963 type: string 964 primaryGroup: 965 description: PrimaryGroup specifies the primary group 966 for the user 967 type: string 968 shell: 969 description: Shell specifies the user's shell 970 type: string 971 sshAuthorizedKeys: 972 description: SSHAuthorizedKeys specifies a list of ssh 973 authorized keys for the user 974 items: 975 type: string 976 type: array 977 sudo: 978 description: Sudo specifies a sudo role for the user 979 type: string 980 required: 981 - name 982 type: object 983 type: array 984 verbosity: 985 description: Verbosity is the number for the kubeadm log level 986 verbosity. It overrides the `--v` flag in kubeadm commands. 987 format: int32 988 type: integer 989 type: object 990 type: object 991 required: 992 - template 993 type: object 994 type: object 995 served: false 996 storage: false 997 - additionalPrinterColumns: 998 - description: Time duration since creation of KubeadmConfigTemplate 999 jsonPath: .metadata.creationTimestamp 1000 name: Age 1001 type: date 1002 deprecated: true 1003 name: v1alpha4 1004 schema: 1005 openAPIV3Schema: 1006 description: "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates 1007 API. \n Deprecated: This type will be removed in one of the next releases." 1008 properties: 1009 apiVersion: 1010 description: 'APIVersion defines the versioned schema of this representation 1011 of an object. Servers should convert recognized schemas to the latest 1012 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1013 type: string 1014 kind: 1015 description: 'Kind is a string value representing the REST resource this 1016 object represents. Servers may infer this from the endpoint the client 1017 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1018 type: string 1019 metadata: 1020 type: object 1021 spec: 1022 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 1023 properties: 1024 template: 1025 description: KubeadmConfigTemplateResource defines the Template structure. 1026 properties: 1027 spec: 1028 description: KubeadmConfigSpec defines the desired state of KubeadmConfig. 1029 Either ClusterConfiguration and InitConfiguration should be 1030 defined or the JoinConfiguration should be defined. 1031 properties: 1032 clusterConfiguration: 1033 description: ClusterConfiguration along with InitConfiguration 1034 are the configurations necessary for the init command 1035 properties: 1036 apiServer: 1037 description: APIServer contains extra settings for the 1038 API server control plane component 1039 properties: 1040 certSANs: 1041 description: CertSANs sets extra Subject Alternative 1042 Names for the API Server signing cert. 1043 items: 1044 type: string 1045 type: array 1046 extraArgs: 1047 additionalProperties: 1048 type: string 1049 description: 'ExtraArgs is an extra set of flags to 1050 pass to the control plane component. TODO: This 1051 is temporary and ideally we would like to switch 1052 all components to use ComponentConfig + ConfigMaps.' 1053 type: object 1054 extraVolumes: 1055 description: ExtraVolumes is an extra set of host 1056 volumes, mounted to the control plane component. 1057 items: 1058 description: HostPathMount contains elements describing 1059 volumes that are mounted from the host. 1060 properties: 1061 hostPath: 1062 description: HostPath is the path in the host 1063 that will be mounted inside the pod. 1064 type: string 1065 mountPath: 1066 description: MountPath is the path inside the 1067 pod where hostPath will be mounted. 1068 type: string 1069 name: 1070 description: Name of the volume inside the pod 1071 template. 1072 type: string 1073 pathType: 1074 description: PathType is the type of the HostPath. 1075 type: string 1076 readOnly: 1077 description: ReadOnly controls write access 1078 to the volume 1079 type: boolean 1080 required: 1081 - hostPath 1082 - mountPath 1083 - name 1084 type: object 1085 type: array 1086 timeoutForControlPlane: 1087 description: TimeoutForControlPlane controls the timeout 1088 that we use for API server to appear 1089 type: string 1090 type: object 1091 apiVersion: 1092 description: 'APIVersion defines the versioned schema 1093 of this representation of an object. Servers should 1094 convert recognized schemas to the latest internal value, 1095 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1096 type: string 1097 certificatesDir: 1098 description: 'CertificatesDir specifies where to store 1099 or look for all required certificates. NB: if not provided, 1100 this will default to `/etc/kubernetes/pki`' 1101 type: string 1102 clusterName: 1103 description: The cluster name 1104 type: string 1105 controlPlaneEndpoint: 1106 description: 'ControlPlaneEndpoint sets a stable IP address 1107 or DNS name for the control plane; it can be a valid 1108 IP address or a RFC-1123 DNS subdomain, both with optional 1109 TCP port. In case the ControlPlaneEndpoint is not specified, 1110 the AdvertiseAddress + BindPort are used; in case the 1111 ControlPlaneEndpoint is specified but without a TCP 1112 port, the BindPort is used. Possible usages are: e.g. 1113 In a cluster with more than one control plane instances, 1114 this field should be assigned the address of the external 1115 load balancer in front of the control plane instances. 1116 e.g. in environments with enforced node recycling, 1117 the ControlPlaneEndpoint could be used for assigning 1118 a stable DNS to the control plane. NB: This value defaults 1119 to the first value in the Cluster object status.apiEndpoints 1120 array.' 1121 type: string 1122 controllerManager: 1123 description: ControllerManager contains extra settings 1124 for the controller manager control plane component 1125 properties: 1126 extraArgs: 1127 additionalProperties: 1128 type: string 1129 description: 'ExtraArgs is an extra set of flags to 1130 pass to the control plane component. TODO: This 1131 is temporary and ideally we would like to switch 1132 all components to use ComponentConfig + ConfigMaps.' 1133 type: object 1134 extraVolumes: 1135 description: ExtraVolumes is an extra set of host 1136 volumes, mounted to the control plane component. 1137 items: 1138 description: HostPathMount contains elements describing 1139 volumes that are mounted from the host. 1140 properties: 1141 hostPath: 1142 description: HostPath is the path in the host 1143 that will be mounted inside the pod. 1144 type: string 1145 mountPath: 1146 description: MountPath is the path inside the 1147 pod where hostPath will be mounted. 1148 type: string 1149 name: 1150 description: Name of the volume inside the pod 1151 template. 1152 type: string 1153 pathType: 1154 description: PathType is the type of the HostPath. 1155 type: string 1156 readOnly: 1157 description: ReadOnly controls write access 1158 to the volume 1159 type: boolean 1160 required: 1161 - hostPath 1162 - mountPath 1163 - name 1164 type: object 1165 type: array 1166 type: object 1167 dns: 1168 description: DNS defines the options for the DNS add-on 1169 installed in the cluster. 1170 properties: 1171 imageRepository: 1172 description: ImageRepository sets the container registry 1173 to pull images from. if not set, the ImageRepository 1174 defined in ClusterConfiguration will be used instead. 1175 type: string 1176 imageTag: 1177 description: ImageTag allows to specify a tag for 1178 the image. In case this value is set, kubeadm does 1179 not change automatically the version of the above 1180 components during upgrades. 1181 type: string 1182 type: object 1183 etcd: 1184 description: 'Etcd holds configuration for etcd. NB: This 1185 value defaults to a Local (stacked) etcd' 1186 properties: 1187 external: 1188 description: External describes how to connect to 1189 an external etcd cluster Local and External are 1190 mutually exclusive 1191 properties: 1192 caFile: 1193 description: CAFile is an SSL Certificate Authority 1194 file used to secure etcd communication. Required 1195 if using a TLS connection. 1196 type: string 1197 certFile: 1198 description: CertFile is an SSL certification 1199 file used to secure etcd communication. Required 1200 if using a TLS connection. 1201 type: string 1202 endpoints: 1203 description: Endpoints of etcd members. Required 1204 for ExternalEtcd. 1205 items: 1206 type: string 1207 type: array 1208 keyFile: 1209 description: KeyFile is an SSL key file used to 1210 secure etcd communication. Required if using 1211 a TLS connection. 1212 type: string 1213 required: 1214 - caFile 1215 - certFile 1216 - endpoints 1217 - keyFile 1218 type: object 1219 local: 1220 description: Local provides configuration knobs for 1221 configuring the local etcd instance Local and External 1222 are mutually exclusive 1223 properties: 1224 dataDir: 1225 description: DataDir is the directory etcd will 1226 place its data. Defaults to "/var/lib/etcd". 1227 type: string 1228 extraArgs: 1229 additionalProperties: 1230 type: string 1231 description: ExtraArgs are extra arguments provided 1232 to the etcd binary when run inside a static 1233 pod. 1234 type: object 1235 imageRepository: 1236 description: ImageRepository sets the container 1237 registry to pull images from. if not set, the 1238 ImageRepository defined in ClusterConfiguration 1239 will be used instead. 1240 type: string 1241 imageTag: 1242 description: ImageTag allows to specify a tag 1243 for the image. In case this value is set, kubeadm 1244 does not change automatically the version of 1245 the above components during upgrades. 1246 type: string 1247 peerCertSANs: 1248 description: PeerCertSANs sets extra Subject Alternative 1249 Names for the etcd peer signing cert. 1250 items: 1251 type: string 1252 type: array 1253 serverCertSANs: 1254 description: ServerCertSANs sets extra Subject 1255 Alternative Names for the etcd server signing 1256 cert. 1257 items: 1258 type: string 1259 type: array 1260 type: object 1261 type: object 1262 featureGates: 1263 additionalProperties: 1264 type: boolean 1265 description: FeatureGates enabled by the user. 1266 type: object 1267 imageRepository: 1268 description: ImageRepository sets the container registry 1269 to pull images from. If empty, `registry.k8s.io` will 1270 be used by default; in case of kubernetes version is 1271 a CI build (kubernetes version starts with `ci/` or 1272 `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be 1273 used as a default for control plane components and for 1274 kube-proxy, while `registry.k8s.io` will be used for 1275 all the other images. 1276 type: string 1277 kind: 1278 description: 'Kind is a string value representing the 1279 REST resource this object represents. Servers may infer 1280 this from the endpoint the client submits requests to. 1281 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1282 type: string 1283 kubernetesVersion: 1284 description: 'KubernetesVersion is the target version 1285 of the control plane. NB: This value defaults to the 1286 Machine object spec.version' 1287 type: string 1288 networking: 1289 description: 'Networking holds configuration for the networking 1290 topology of the cluster. NB: This value defaults to 1291 the Cluster object spec.clusterNetwork.' 1292 properties: 1293 dnsDomain: 1294 description: DNSDomain is the dns domain used by k8s 1295 services. Defaults to "cluster.local". 1296 type: string 1297 podSubnet: 1298 description: PodSubnet is the subnet used by pods. 1299 If unset, the API server will not allocate CIDR 1300 ranges for every node. Defaults to a comma-delimited 1301 string of the Cluster object's spec.clusterNetwork.services.cidrBlocks 1302 if that is set 1303 type: string 1304 serviceSubnet: 1305 description: ServiceSubnet is the subnet used by k8s 1306 services. Defaults to a comma-delimited string of 1307 the Cluster object's spec.clusterNetwork.pods.cidrBlocks, 1308 or to "10.96.0.0/12" if that's unset. 1309 type: string 1310 type: object 1311 scheduler: 1312 description: Scheduler contains extra settings for the 1313 scheduler control plane component 1314 properties: 1315 extraArgs: 1316 additionalProperties: 1317 type: string 1318 description: 'ExtraArgs is an extra set of flags to 1319 pass to the control plane component. TODO: This 1320 is temporary and ideally we would like to switch 1321 all components to use ComponentConfig + ConfigMaps.' 1322 type: object 1323 extraVolumes: 1324 description: ExtraVolumes is an extra set of host 1325 volumes, mounted to the control plane component. 1326 items: 1327 description: HostPathMount contains elements describing 1328 volumes that are mounted from the host. 1329 properties: 1330 hostPath: 1331 description: HostPath is the path in the host 1332 that will be mounted inside the pod. 1333 type: string 1334 mountPath: 1335 description: MountPath is the path inside the 1336 pod where hostPath will be mounted. 1337 type: string 1338 name: 1339 description: Name of the volume inside the pod 1340 template. 1341 type: string 1342 pathType: 1343 description: PathType is the type of the HostPath. 1344 type: string 1345 readOnly: 1346 description: ReadOnly controls write access 1347 to the volume 1348 type: boolean 1349 required: 1350 - hostPath 1351 - mountPath 1352 - name 1353 type: object 1354 type: array 1355 type: object 1356 type: object 1357 diskSetup: 1358 description: DiskSetup specifies options for the creation 1359 of partition tables and file systems on devices. 1360 properties: 1361 filesystems: 1362 description: Filesystems specifies the list of file systems 1363 to setup. 1364 items: 1365 description: Filesystem defines the file systems to 1366 be created. 1367 properties: 1368 device: 1369 description: Device specifies the device name 1370 type: string 1371 extraOpts: 1372 description: ExtraOpts defined extra options to 1373 add to the command for creating the file system. 1374 items: 1375 type: string 1376 type: array 1377 filesystem: 1378 description: Filesystem specifies the file system 1379 type. 1380 type: string 1381 label: 1382 description: Label specifies the file system label 1383 to be used. If set to None, no label is used. 1384 type: string 1385 overwrite: 1386 description: Overwrite defines whether or not to 1387 overwrite any existing filesystem. If true, any 1388 pre-existing file system will be destroyed. Use 1389 with Caution. 1390 type: boolean 1391 partition: 1392 description: 'Partition specifies the partition 1393 to use. The valid options are: "auto|any", "auto", 1394 "any", "none", and <NUM>, where NUM is the actual 1395 partition number.' 1396 type: string 1397 replaceFS: 1398 description: 'ReplaceFS is a special directive, 1399 used for Microsoft Azure that instructs cloud-init 1400 to replace a file system of <FS_TYPE>. NOTE: unless 1401 you define a label, this requires the use of the 1402 ''any'' partition directive.' 1403 type: string 1404 required: 1405 - device 1406 - filesystem 1407 - label 1408 type: object 1409 type: array 1410 partitions: 1411 description: Partitions specifies the list of the partitions 1412 to setup. 1413 items: 1414 description: Partition defines how to create and layout 1415 a partition. 1416 properties: 1417 device: 1418 description: Device is the name of the device. 1419 type: string 1420 layout: 1421 description: Layout specifies the device layout. 1422 If it is true, a single partition will be created 1423 for the entire device. When layout is false, it 1424 means don't partition or ignore existing partitioning. 1425 type: boolean 1426 overwrite: 1427 description: Overwrite describes whether to skip 1428 checks and create the partition if a partition 1429 or filesystem is found on the device. Use with 1430 caution. Default is 'false'. 1431 type: boolean 1432 tableType: 1433 description: 'TableType specifies the tupe of partition 1434 table. The following are supported: ''mbr'': default 1435 and setups a MS-DOS partition table ''gpt'': setups 1436 a GPT partition table' 1437 type: string 1438 required: 1439 - device 1440 - layout 1441 type: object 1442 type: array 1443 type: object 1444 files: 1445 description: Files specifies extra files to be passed to user_data 1446 upon creation. 1447 items: 1448 description: File defines the input for generating write_files 1449 in cloud-init. 1450 properties: 1451 content: 1452 description: Content is the actual content of the file. 1453 type: string 1454 contentFrom: 1455 description: ContentFrom is a referenced source of content 1456 to populate the file. 1457 properties: 1458 secret: 1459 description: Secret represents a secret that should 1460 populate this file. 1461 properties: 1462 key: 1463 description: Key is the key in the secret's 1464 data map for this value. 1465 type: string 1466 name: 1467 description: Name of the secret in the KubeadmBootstrapConfig's 1468 namespace to use. 1469 type: string 1470 required: 1471 - key 1472 - name 1473 type: object 1474 required: 1475 - secret 1476 type: object 1477 encoding: 1478 description: Encoding specifies the encoding of the 1479 file contents. 1480 enum: 1481 - base64 1482 - gzip 1483 - gzip+base64 1484 type: string 1485 owner: 1486 description: Owner specifies the ownership of the file, 1487 e.g. "root:root". 1488 type: string 1489 path: 1490 description: Path specifies the full path on disk where 1491 to store the file. 1492 type: string 1493 permissions: 1494 description: Permissions specifies the permissions to 1495 assign to the file, e.g. "0640". 1496 type: string 1497 required: 1498 - path 1499 type: object 1500 type: array 1501 format: 1502 description: Format specifies the output format of the bootstrap 1503 data 1504 enum: 1505 - cloud-config 1506 type: string 1507 initConfiguration: 1508 description: InitConfiguration along with ClusterConfiguration 1509 are the configurations necessary for the init command 1510 properties: 1511 apiVersion: 1512 description: 'APIVersion defines the versioned schema 1513 of this representation of an object. Servers should 1514 convert recognized schemas to the latest internal value, 1515 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1516 type: string 1517 bootstrapTokens: 1518 description: BootstrapTokens is respected at `kubeadm 1519 init` time and describes a set of Bootstrap Tokens to 1520 create. This information IS NOT uploaded to the kubeadm 1521 cluster configmap, partly because of its sensitive nature 1522 items: 1523 description: BootstrapToken describes one bootstrap 1524 token, stored as a Secret in the cluster. 1525 properties: 1526 description: 1527 description: Description sets a human-friendly message 1528 why this token exists and what it's used for, 1529 so other administrators can know its purpose. 1530 type: string 1531 expires: 1532 description: Expires specifies the timestamp when 1533 this token expires. Defaults to being set dynamically 1534 at runtime based on the TTL. Expires and TTL are 1535 mutually exclusive. 1536 format: date-time 1537 type: string 1538 groups: 1539 description: Groups specifies the extra groups that 1540 this token will authenticate as when/if used for 1541 authentication 1542 items: 1543 type: string 1544 type: array 1545 token: 1546 description: Token is used for establishing bidirectional 1547 trust between nodes and control-planes. Used for 1548 joining nodes in the cluster. 1549 type: string 1550 ttl: 1551 description: TTL defines the time to live for this 1552 token. Defaults to 24h. Expires and TTL are mutually 1553 exclusive. 1554 type: string 1555 usages: 1556 description: Usages describes the ways in which 1557 this token can be used. Can by default be used 1558 for establishing bidirectional trust, but that 1559 can be changed here. 1560 items: 1561 type: string 1562 type: array 1563 required: 1564 - token 1565 type: object 1566 type: array 1567 kind: 1568 description: 'Kind is a string value representing the 1569 REST resource this object represents. Servers may infer 1570 this from the endpoint the client submits requests to. 1571 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1572 type: string 1573 localAPIEndpoint: 1574 description: LocalAPIEndpoint represents the endpoint 1575 of the API server instance that's deployed on this control 1576 plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 1577 in the sense that ControlPlaneEndpoint is the global 1578 endpoint for the cluster, which then loadbalances the 1579 requests to each individual API server. This configuration 1580 object lets you customize what IP/DNS name and port 1581 the local API server advertises it's accessible on. 1582 By default, kubeadm tries to auto-detect the IP of the 1583 default interface and use that, but in case that process 1584 fails you may set the desired value here. 1585 properties: 1586 advertiseAddress: 1587 description: AdvertiseAddress sets the IP address 1588 for the API server to advertise. 1589 type: string 1590 bindPort: 1591 description: BindPort sets the secure port for the 1592 API Server to bind to. Defaults to 6443. 1593 format: int32 1594 type: integer 1595 type: object 1596 nodeRegistration: 1597 description: NodeRegistration holds fields that relate 1598 to registering the new control-plane node to the cluster. 1599 When used in the context of control plane nodes, NodeRegistration 1600 should remain consistent across both InitConfiguration 1601 and JoinConfiguration 1602 properties: 1603 criSocket: 1604 description: CRISocket is used to retrieve container 1605 runtime info. This information will be annotated 1606 to the Node API object, for later re-use 1607 type: string 1608 ignorePreflightErrors: 1609 description: IgnorePreflightErrors provides a slice 1610 of pre-flight errors to be ignored when the current 1611 node is registered. 1612 items: 1613 type: string 1614 type: array 1615 kubeletExtraArgs: 1616 additionalProperties: 1617 type: string 1618 description: KubeletExtraArgs passes through extra 1619 arguments to the kubelet. The arguments here are 1620 passed to the kubelet command line via the environment 1621 file kubeadm writes at runtime for the kubelet to 1622 source. This overrides the generic base-level configuration 1623 in the kubelet-config-1.X ConfigMap Flags have higher 1624 priority when parsing. These values are local and 1625 specific to the node kubeadm is executing on. 1626 type: object 1627 name: 1628 description: Name is the `.Metadata.Name` field of 1629 the Node API object that will be created in this 1630 `kubeadm init` or `kubeadm join` operation. This 1631 field is also used in the CommonName field of the 1632 kubelet's client certificate to the API server. 1633 Defaults to the hostname of the node if not provided. 1634 type: string 1635 taints: 1636 description: 'Taints specifies the taints the Node 1637 API object should be registered with. If this field 1638 is unset, i.e. nil, in the `kubeadm init` process 1639 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 1640 If you don''t want to taint your control-plane node, 1641 set this field to an empty slice, i.e. `taints: 1642 {}` in the YAML file. This field is solely used 1643 for Node registration.' 1644 items: 1645 description: The node this Taint is attached to 1646 has the "effect" on any pod that does not tolerate 1647 the Taint. 1648 properties: 1649 effect: 1650 description: Required. The effect of the taint 1651 on pods that do not tolerate the taint. Valid 1652 effects are NoSchedule, PreferNoSchedule and 1653 NoExecute. 1654 type: string 1655 key: 1656 description: Required. The taint key to be applied 1657 to a node. 1658 type: string 1659 timeAdded: 1660 description: TimeAdded represents the time at 1661 which the taint was added. It is only written 1662 for NoExecute taints. 1663 format: date-time 1664 type: string 1665 value: 1666 description: The taint value corresponding to 1667 the taint key. 1668 type: string 1669 required: 1670 - effect 1671 - key 1672 type: object 1673 type: array 1674 type: object 1675 type: object 1676 joinConfiguration: 1677 description: JoinConfiguration is the kubeadm configuration 1678 for the join command 1679 properties: 1680 apiVersion: 1681 description: 'APIVersion defines the versioned schema 1682 of this representation of an object. Servers should 1683 convert recognized schemas to the latest internal value, 1684 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1685 type: string 1686 caCertPath: 1687 description: 'CACertPath is the path to the SSL certificate 1688 authority used to secure comunications between node 1689 and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 1690 TODO: revisit when there is defaulting from k/k' 1691 type: string 1692 controlPlane: 1693 description: ControlPlane defines the additional control 1694 plane instance to be deployed on the joining node. If 1695 nil, no additional control plane instance will be deployed. 1696 properties: 1697 localAPIEndpoint: 1698 description: LocalAPIEndpoint represents the endpoint 1699 of the API server instance to be deployed on this 1700 node. 1701 properties: 1702 advertiseAddress: 1703 description: AdvertiseAddress sets the IP address 1704 for the API server to advertise. 1705 type: string 1706 bindPort: 1707 description: BindPort sets the secure port for 1708 the API Server to bind to. Defaults to 6443. 1709 format: int32 1710 type: integer 1711 type: object 1712 type: object 1713 discovery: 1714 description: 'Discovery specifies the options for the 1715 kubelet to use during the TLS Bootstrap process TODO: 1716 revisit when there is defaulting from k/k' 1717 properties: 1718 bootstrapToken: 1719 description: BootstrapToken is used to set the options 1720 for bootstrap token based discovery BootstrapToken 1721 and File are mutually exclusive 1722 properties: 1723 apiServerEndpoint: 1724 description: APIServerEndpoint is an IP or domain 1725 name to the API server from which info will 1726 be fetched. 1727 type: string 1728 caCertHashes: 1729 description: 'CACertHashes specifies a set of 1730 public key pins to verify when token-based discovery 1731 is used. The root CA found during discovery 1732 must match one of these values. Specifying an 1733 empty set disables root CA pinning, which can 1734 be unsafe. Each hash is specified as "<type>:<value>", 1735 where the only currently supported type is "sha256". 1736 This is a hex-encoded SHA-256 hash of the Subject 1737 Public Key Info (SPKI) object in DER-encoded 1738 ASN.1. These hashes can be calculated using, 1739 for example, OpenSSL: openssl x509 -pubkey -in 1740 ca.crt openssl rsa -pubin -outform der 2>&/dev/null 1741 | openssl dgst -sha256 -hex' 1742 items: 1743 type: string 1744 type: array 1745 token: 1746 description: Token is a token used to validate 1747 cluster information fetched from the control-plane. 1748 type: string 1749 unsafeSkipCAVerification: 1750 description: UnsafeSkipCAVerification allows token-based 1751 discovery without CA verification via CACertHashes. 1752 This can weaken the security of kubeadm since 1753 other nodes can impersonate the control-plane. 1754 type: boolean 1755 required: 1756 - token 1757 type: object 1758 file: 1759 description: File is used to specify a file or URL 1760 to a kubeconfig file from which to load cluster 1761 information BootstrapToken and File are mutually 1762 exclusive 1763 properties: 1764 kubeConfigPath: 1765 description: KubeConfigPath is used to specify 1766 the actual file path or URL to the kubeconfig 1767 file from which to load cluster information 1768 type: string 1769 required: 1770 - kubeConfigPath 1771 type: object 1772 timeout: 1773 description: Timeout modifies the discovery timeout 1774 type: string 1775 tlsBootstrapToken: 1776 description: TLSBootstrapToken is a token used for 1777 TLS bootstrapping. If .BootstrapToken is set, this 1778 field is defaulted to .BootstrapToken.Token, but 1779 can be overridden. If .File is set, this field **must 1780 be set** in case the KubeConfigFile does not contain 1781 any other authentication information 1782 type: string 1783 type: object 1784 kind: 1785 description: 'Kind is a string value representing the 1786 REST resource this object represents. Servers may infer 1787 this from the endpoint the client submits requests to. 1788 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1789 type: string 1790 nodeRegistration: 1791 description: NodeRegistration holds fields that relate 1792 to registering the new control-plane node to the cluster. 1793 When used in the context of control plane nodes, NodeRegistration 1794 should remain consistent across both InitConfiguration 1795 and JoinConfiguration 1796 properties: 1797 criSocket: 1798 description: CRISocket is used to retrieve container 1799 runtime info. This information will be annotated 1800 to the Node API object, for later re-use 1801 type: string 1802 ignorePreflightErrors: 1803 description: IgnorePreflightErrors provides a slice 1804 of pre-flight errors to be ignored when the current 1805 node is registered. 1806 items: 1807 type: string 1808 type: array 1809 kubeletExtraArgs: 1810 additionalProperties: 1811 type: string 1812 description: KubeletExtraArgs passes through extra 1813 arguments to the kubelet. The arguments here are 1814 passed to the kubelet command line via the environment 1815 file kubeadm writes at runtime for the kubelet to 1816 source. This overrides the generic base-level configuration 1817 in the kubelet-config-1.X ConfigMap Flags have higher 1818 priority when parsing. These values are local and 1819 specific to the node kubeadm is executing on. 1820 type: object 1821 name: 1822 description: Name is the `.Metadata.Name` field of 1823 the Node API object that will be created in this 1824 `kubeadm init` or `kubeadm join` operation. This 1825 field is also used in the CommonName field of the 1826 kubelet's client certificate to the API server. 1827 Defaults to the hostname of the node if not provided. 1828 type: string 1829 taints: 1830 description: 'Taints specifies the taints the Node 1831 API object should be registered with. If this field 1832 is unset, i.e. nil, in the `kubeadm init` process 1833 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 1834 If you don''t want to taint your control-plane node, 1835 set this field to an empty slice, i.e. `taints: 1836 {}` in the YAML file. This field is solely used 1837 for Node registration.' 1838 items: 1839 description: The node this Taint is attached to 1840 has the "effect" on any pod that does not tolerate 1841 the Taint. 1842 properties: 1843 effect: 1844 description: Required. The effect of the taint 1845 on pods that do not tolerate the taint. Valid 1846 effects are NoSchedule, PreferNoSchedule and 1847 NoExecute. 1848 type: string 1849 key: 1850 description: Required. The taint key to be applied 1851 to a node. 1852 type: string 1853 timeAdded: 1854 description: TimeAdded represents the time at 1855 which the taint was added. It is only written 1856 for NoExecute taints. 1857 format: date-time 1858 type: string 1859 value: 1860 description: The taint value corresponding to 1861 the taint key. 1862 type: string 1863 required: 1864 - effect 1865 - key 1866 type: object 1867 type: array 1868 type: object 1869 type: object 1870 mounts: 1871 description: Mounts specifies a list of mount points to be 1872 setup. 1873 items: 1874 description: MountPoints defines input for generated mounts 1875 in cloud-init. 1876 items: 1877 type: string 1878 type: array 1879 type: array 1880 ntp: 1881 description: NTP specifies NTP configuration 1882 properties: 1883 enabled: 1884 description: Enabled specifies whether NTP should be enabled 1885 type: boolean 1886 servers: 1887 description: Servers specifies which NTP servers to use 1888 items: 1889 type: string 1890 type: array 1891 type: object 1892 postKubeadmCommands: 1893 description: PostKubeadmCommands specifies extra commands 1894 to run after kubeadm runs 1895 items: 1896 type: string 1897 type: array 1898 preKubeadmCommands: 1899 description: PreKubeadmCommands specifies extra commands to 1900 run before kubeadm runs 1901 items: 1902 type: string 1903 type: array 1904 useExperimentalRetryJoin: 1905 description: "UseExperimentalRetryJoin replaces a basic kubeadm 1906 command with a shell script with retries for joins. \n This 1907 is meant to be an experimental temporary workaround on some 1908 environments where joins fail due to timing (and other issues). 1909 The long term goal is to add retries to kubeadm proper and 1910 use that functionality. \n This will add about 40KB to userdata 1911 \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055." 1912 type: boolean 1913 users: 1914 description: Users specifies extra users to add 1915 items: 1916 description: User defines the input for a generated user 1917 in cloud-init. 1918 properties: 1919 gecos: 1920 description: Gecos specifies the gecos to use for the 1921 user 1922 type: string 1923 groups: 1924 description: Groups specifies the additional groups 1925 for the user 1926 type: string 1927 homeDir: 1928 description: HomeDir specifies the home directory to 1929 use for the user 1930 type: string 1931 inactive: 1932 description: Inactive specifies whether to mark the 1933 user as inactive 1934 type: boolean 1935 lockPassword: 1936 description: LockPassword specifies if password login 1937 should be disabled 1938 type: boolean 1939 name: 1940 description: Name specifies the user name 1941 type: string 1942 passwd: 1943 description: Passwd specifies a hashed password for 1944 the user 1945 type: string 1946 primaryGroup: 1947 description: PrimaryGroup specifies the primary group 1948 for the user 1949 type: string 1950 shell: 1951 description: Shell specifies the user's shell 1952 type: string 1953 sshAuthorizedKeys: 1954 description: SSHAuthorizedKeys specifies a list of ssh 1955 authorized keys for the user 1956 items: 1957 type: string 1958 type: array 1959 sudo: 1960 description: Sudo specifies a sudo role for the user 1961 type: string 1962 required: 1963 - name 1964 type: object 1965 type: array 1966 verbosity: 1967 description: Verbosity is the number for the kubeadm log level 1968 verbosity. It overrides the `--v` flag in kubeadm commands. 1969 format: int32 1970 type: integer 1971 type: object 1972 type: object 1973 required: 1974 - template 1975 type: object 1976 type: object 1977 served: false 1978 storage: false 1979 subresources: {} 1980 - additionalPrinterColumns: 1981 - description: Time duration since creation of KubeadmConfigTemplate 1982 jsonPath: .metadata.creationTimestamp 1983 name: Age 1984 type: date 1985 name: v1beta1 1986 schema: 1987 openAPIV3Schema: 1988 description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates 1989 API. 1990 properties: 1991 apiVersion: 1992 description: 'APIVersion defines the versioned schema of this representation 1993 of an object. Servers should convert recognized schemas to the latest 1994 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1995 type: string 1996 kind: 1997 description: 'Kind is a string value representing the REST resource this 1998 object represents. Servers may infer this from the endpoint the client 1999 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2000 type: string 2001 metadata: 2002 type: object 2003 spec: 2004 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 2005 properties: 2006 template: 2007 description: KubeadmConfigTemplateResource defines the Template structure. 2008 properties: 2009 metadata: 2010 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 2011 properties: 2012 annotations: 2013 additionalProperties: 2014 type: string 2015 description: 'Annotations is an unstructured key value map 2016 stored with a resource that may be set by external tools 2017 to store and retrieve arbitrary metadata. They are not queryable 2018 and should be preserved when modifying objects. More info: 2019 http://kubernetes.io/docs/user-guide/annotations' 2020 type: object 2021 labels: 2022 additionalProperties: 2023 type: string 2024 description: 'Map of string keys and values that can be used 2025 to organize and categorize (scope and select) objects. May 2026 match selectors of replication controllers and services. 2027 More info: http://kubernetes.io/docs/user-guide/labels' 2028 type: object 2029 type: object 2030 spec: 2031 description: KubeadmConfigSpec defines the desired state of KubeadmConfig. 2032 Either ClusterConfiguration and InitConfiguration should be 2033 defined or the JoinConfiguration should be defined. 2034 properties: 2035 clusterConfiguration: 2036 description: ClusterConfiguration along with InitConfiguration 2037 are the configurations necessary for the init command 2038 properties: 2039 apiServer: 2040 description: APIServer contains extra settings for the 2041 API server control plane component 2042 properties: 2043 certSANs: 2044 description: CertSANs sets extra Subject Alternative 2045 Names for the API Server signing cert. 2046 items: 2047 type: string 2048 type: array 2049 extraArgs: 2050 additionalProperties: 2051 type: string 2052 description: 'ExtraArgs is an extra set of flags to 2053 pass to the control plane component. TODO: This 2054 is temporary and ideally we would like to switch 2055 all components to use ComponentConfig + ConfigMaps.' 2056 type: object 2057 extraVolumes: 2058 description: ExtraVolumes is an extra set of host 2059 volumes, mounted to the control plane component. 2060 items: 2061 description: HostPathMount contains elements describing 2062 volumes that are mounted from the host. 2063 properties: 2064 hostPath: 2065 description: HostPath is the path in the host 2066 that will be mounted inside the pod. 2067 type: string 2068 mountPath: 2069 description: MountPath is the path inside the 2070 pod where hostPath will be mounted. 2071 type: string 2072 name: 2073 description: Name of the volume inside the pod 2074 template. 2075 type: string 2076 pathType: 2077 description: PathType is the type of the HostPath. 2078 type: string 2079 readOnly: 2080 description: ReadOnly controls write access 2081 to the volume 2082 type: boolean 2083 required: 2084 - hostPath 2085 - mountPath 2086 - name 2087 type: object 2088 type: array 2089 timeoutForControlPlane: 2090 description: TimeoutForControlPlane controls the timeout 2091 that we use for API server to appear 2092 type: string 2093 type: object 2094 apiVersion: 2095 description: 'APIVersion defines the versioned schema 2096 of this representation of an object. Servers should 2097 convert recognized schemas to the latest internal value, 2098 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2099 type: string 2100 certificatesDir: 2101 description: 'CertificatesDir specifies where to store 2102 or look for all required certificates. NB: if not provided, 2103 this will default to `/etc/kubernetes/pki`' 2104 type: string 2105 clusterName: 2106 description: The cluster name 2107 type: string 2108 controlPlaneEndpoint: 2109 description: 'ControlPlaneEndpoint sets a stable IP address 2110 or DNS name for the control plane; it can be a valid 2111 IP address or a RFC-1123 DNS subdomain, both with optional 2112 TCP port. In case the ControlPlaneEndpoint is not specified, 2113 the AdvertiseAddress + BindPort are used; in case the 2114 ControlPlaneEndpoint is specified but without a TCP 2115 port, the BindPort is used. Possible usages are: e.g. 2116 In a cluster with more than one control plane instances, 2117 this field should be assigned the address of the external 2118 load balancer in front of the control plane instances. 2119 e.g. in environments with enforced node recycling, 2120 the ControlPlaneEndpoint could be used for assigning 2121 a stable DNS to the control plane. NB: This value defaults 2122 to the first value in the Cluster object status.apiEndpoints 2123 array.' 2124 type: string 2125 controllerManager: 2126 description: ControllerManager contains extra settings 2127 for the controller manager control plane component 2128 properties: 2129 extraArgs: 2130 additionalProperties: 2131 type: string 2132 description: 'ExtraArgs is an extra set of flags to 2133 pass to the control plane component. TODO: This 2134 is temporary and ideally we would like to switch 2135 all components to use ComponentConfig + ConfigMaps.' 2136 type: object 2137 extraVolumes: 2138 description: ExtraVolumes is an extra set of host 2139 volumes, mounted to the control plane component. 2140 items: 2141 description: HostPathMount contains elements describing 2142 volumes that are mounted from the host. 2143 properties: 2144 hostPath: 2145 description: HostPath is the path in the host 2146 that will be mounted inside the pod. 2147 type: string 2148 mountPath: 2149 description: MountPath is the path inside the 2150 pod where hostPath will be mounted. 2151 type: string 2152 name: 2153 description: Name of the volume inside the pod 2154 template. 2155 type: string 2156 pathType: 2157 description: PathType is the type of the HostPath. 2158 type: string 2159 readOnly: 2160 description: ReadOnly controls write access 2161 to the volume 2162 type: boolean 2163 required: 2164 - hostPath 2165 - mountPath 2166 - name 2167 type: object 2168 type: array 2169 type: object 2170 dns: 2171 description: DNS defines the options for the DNS add-on 2172 installed in the cluster. 2173 properties: 2174 imageRepository: 2175 description: ImageRepository sets the container registry 2176 to pull images from. if not set, the ImageRepository 2177 defined in ClusterConfiguration will be used instead. 2178 type: string 2179 imageTag: 2180 description: ImageTag allows to specify a tag for 2181 the image. In case this value is set, kubeadm does 2182 not change automatically the version of the above 2183 components during upgrades. 2184 type: string 2185 type: object 2186 etcd: 2187 description: 'Etcd holds configuration for etcd. NB: This 2188 value defaults to a Local (stacked) etcd' 2189 properties: 2190 external: 2191 description: External describes how to connect to 2192 an external etcd cluster Local and External are 2193 mutually exclusive 2194 properties: 2195 caFile: 2196 description: CAFile is an SSL Certificate Authority 2197 file used to secure etcd communication. Required 2198 if using a TLS connection. 2199 type: string 2200 certFile: 2201 description: CertFile is an SSL certification 2202 file used to secure etcd communication. Required 2203 if using a TLS connection. 2204 type: string 2205 endpoints: 2206 description: Endpoints of etcd members. Required 2207 for ExternalEtcd. 2208 items: 2209 type: string 2210 type: array 2211 keyFile: 2212 description: KeyFile is an SSL key file used to 2213 secure etcd communication. Required if using 2214 a TLS connection. 2215 type: string 2216 required: 2217 - caFile 2218 - certFile 2219 - endpoints 2220 - keyFile 2221 type: object 2222 local: 2223 description: Local provides configuration knobs for 2224 configuring the local etcd instance Local and External 2225 are mutually exclusive 2226 properties: 2227 dataDir: 2228 description: DataDir is the directory etcd will 2229 place its data. Defaults to "/var/lib/etcd". 2230 type: string 2231 extraArgs: 2232 additionalProperties: 2233 type: string 2234 description: ExtraArgs are extra arguments provided 2235 to the etcd binary when run inside a static 2236 pod. 2237 type: object 2238 imageRepository: 2239 description: ImageRepository sets the container 2240 registry to pull images from. if not set, the 2241 ImageRepository defined in ClusterConfiguration 2242 will be used instead. 2243 type: string 2244 imageTag: 2245 description: ImageTag allows to specify a tag 2246 for the image. In case this value is set, kubeadm 2247 does not change automatically the version of 2248 the above components during upgrades. 2249 type: string 2250 peerCertSANs: 2251 description: PeerCertSANs sets extra Subject Alternative 2252 Names for the etcd peer signing cert. 2253 items: 2254 type: string 2255 type: array 2256 serverCertSANs: 2257 description: ServerCertSANs sets extra Subject 2258 Alternative Names for the etcd server signing 2259 cert. 2260 items: 2261 type: string 2262 type: array 2263 type: object 2264 type: object 2265 featureGates: 2266 additionalProperties: 2267 type: boolean 2268 description: FeatureGates enabled by the user. 2269 type: object 2270 imageRepository: 2271 description: 'ImageRepository sets the container registry 2272 to pull images from. * If not set, the default registry 2273 of kubeadm will be used, i.e. * registry.k8s.io (new 2274 registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= 2275 v1.25.0 * k8s.gcr.io (old registry): all older versions 2276 Please note that when imageRepository is not set we 2277 don''t allow upgrades to versions >= v1.22.0 which use 2278 the old registry (k8s.gcr.io). Please use a newer patch 2279 version with the new registry instead (i.e. >= v1.22.17, 2280 >= v1.23.15, >= v1.24.9, >= v1.25.0). * If the version 2281 is a CI build (kubernetes version starts with `ci/` 2282 or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will 2283 be used as a default for control plane components and 2284 for kube-proxy, while `registry.k8s.io` will be used 2285 for all the other images.' 2286 type: string 2287 kind: 2288 description: 'Kind is a string value representing the 2289 REST resource this object represents. Servers may infer 2290 this from the endpoint the client submits requests to. 2291 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2292 type: string 2293 kubernetesVersion: 2294 description: 'KubernetesVersion is the target version 2295 of the control plane. NB: This value defaults to the 2296 Machine object spec.version' 2297 type: string 2298 networking: 2299 description: 'Networking holds configuration for the networking 2300 topology of the cluster. NB: This value defaults to 2301 the Cluster object spec.clusterNetwork.' 2302 properties: 2303 dnsDomain: 2304 description: DNSDomain is the dns domain used by k8s 2305 services. Defaults to "cluster.local". 2306 type: string 2307 podSubnet: 2308 description: PodSubnet is the subnet used by pods. 2309 If unset, the API server will not allocate CIDR 2310 ranges for every node. Defaults to a comma-delimited 2311 string of the Cluster object's spec.clusterNetwork.services.cidrBlocks 2312 if that is set 2313 type: string 2314 serviceSubnet: 2315 description: ServiceSubnet is the subnet used by k8s 2316 services. Defaults to a comma-delimited string of 2317 the Cluster object's spec.clusterNetwork.pods.cidrBlocks, 2318 or to "10.96.0.0/12" if that's unset. 2319 type: string 2320 type: object 2321 scheduler: 2322 description: Scheduler contains extra settings for the 2323 scheduler control plane component 2324 properties: 2325 extraArgs: 2326 additionalProperties: 2327 type: string 2328 description: 'ExtraArgs is an extra set of flags to 2329 pass to the control plane component. TODO: This 2330 is temporary and ideally we would like to switch 2331 all components to use ComponentConfig + ConfigMaps.' 2332 type: object 2333 extraVolumes: 2334 description: ExtraVolumes is an extra set of host 2335 volumes, mounted to the control plane component. 2336 items: 2337 description: HostPathMount contains elements describing 2338 volumes that are mounted from the host. 2339 properties: 2340 hostPath: 2341 description: HostPath is the path in the host 2342 that will be mounted inside the pod. 2343 type: string 2344 mountPath: 2345 description: MountPath is the path inside the 2346 pod where hostPath will be mounted. 2347 type: string 2348 name: 2349 description: Name of the volume inside the pod 2350 template. 2351 type: string 2352 pathType: 2353 description: PathType is the type of the HostPath. 2354 type: string 2355 readOnly: 2356 description: ReadOnly controls write access 2357 to the volume 2358 type: boolean 2359 required: 2360 - hostPath 2361 - mountPath 2362 - name 2363 type: object 2364 type: array 2365 type: object 2366 type: object 2367 diskSetup: 2368 description: DiskSetup specifies options for the creation 2369 of partition tables and file systems on devices. 2370 properties: 2371 filesystems: 2372 description: Filesystems specifies the list of file systems 2373 to setup. 2374 items: 2375 description: Filesystem defines the file systems to 2376 be created. 2377 properties: 2378 device: 2379 description: Device specifies the device name 2380 type: string 2381 extraOpts: 2382 description: ExtraOpts defined extra options to 2383 add to the command for creating the file system. 2384 items: 2385 type: string 2386 type: array 2387 filesystem: 2388 description: Filesystem specifies the file system 2389 type. 2390 type: string 2391 label: 2392 description: Label specifies the file system label 2393 to be used. If set to None, no label is used. 2394 type: string 2395 overwrite: 2396 description: Overwrite defines whether or not to 2397 overwrite any existing filesystem. If true, any 2398 pre-existing file system will be destroyed. Use 2399 with Caution. 2400 type: boolean 2401 partition: 2402 description: 'Partition specifies the partition 2403 to use. The valid options are: "auto|any", "auto", 2404 "any", "none", and <NUM>, where NUM is the actual 2405 partition number.' 2406 type: string 2407 replaceFS: 2408 description: 'ReplaceFS is a special directive, 2409 used for Microsoft Azure that instructs cloud-init 2410 to replace a file system of <FS_TYPE>. NOTE: unless 2411 you define a label, this requires the use of the 2412 ''any'' partition directive.' 2413 type: string 2414 required: 2415 - device 2416 - filesystem 2417 - label 2418 type: object 2419 type: array 2420 partitions: 2421 description: Partitions specifies the list of the partitions 2422 to setup. 2423 items: 2424 description: Partition defines how to create and layout 2425 a partition. 2426 properties: 2427 device: 2428 description: Device is the name of the device. 2429 type: string 2430 layout: 2431 description: Layout specifies the device layout. 2432 If it is true, a single partition will be created 2433 for the entire device. When layout is false, it 2434 means don't partition or ignore existing partitioning. 2435 type: boolean 2436 overwrite: 2437 description: Overwrite describes whether to skip 2438 checks and create the partition if a partition 2439 or filesystem is found on the device. Use with 2440 caution. Default is 'false'. 2441 type: boolean 2442 tableType: 2443 description: 'TableType specifies the tupe of partition 2444 table. The following are supported: ''mbr'': default 2445 and setups a MS-DOS partition table ''gpt'': setups 2446 a GPT partition table' 2447 type: string 2448 required: 2449 - device 2450 - layout 2451 type: object 2452 type: array 2453 type: object 2454 files: 2455 description: Files specifies extra files to be passed to user_data 2456 upon creation. 2457 items: 2458 description: File defines the input for generating write_files 2459 in cloud-init. 2460 properties: 2461 append: 2462 description: Append specifies whether to append Content 2463 to existing file if Path exists. 2464 type: boolean 2465 content: 2466 description: Content is the actual content of the file. 2467 type: string 2468 contentFrom: 2469 description: ContentFrom is a referenced source of content 2470 to populate the file. 2471 properties: 2472 secret: 2473 description: Secret represents a secret that should 2474 populate this file. 2475 properties: 2476 key: 2477 description: Key is the key in the secret's 2478 data map for this value. 2479 type: string 2480 name: 2481 description: Name of the secret in the KubeadmBootstrapConfig's 2482 namespace to use. 2483 type: string 2484 required: 2485 - key 2486 - name 2487 type: object 2488 required: 2489 - secret 2490 type: object 2491 encoding: 2492 description: Encoding specifies the encoding of the 2493 file contents. 2494 enum: 2495 - base64 2496 - gzip 2497 - gzip+base64 2498 type: string 2499 owner: 2500 description: Owner specifies the ownership of the file, 2501 e.g. "root:root". 2502 type: string 2503 path: 2504 description: Path specifies the full path on disk where 2505 to store the file. 2506 type: string 2507 permissions: 2508 description: Permissions specifies the permissions to 2509 assign to the file, e.g. "0640". 2510 type: string 2511 required: 2512 - path 2513 type: object 2514 type: array 2515 format: 2516 description: Format specifies the output format of the bootstrap 2517 data 2518 enum: 2519 - cloud-config 2520 - ignition 2521 type: string 2522 ignition: 2523 description: Ignition contains Ignition specific configuration. 2524 properties: 2525 containerLinuxConfig: 2526 description: ContainerLinuxConfig contains CLC specific 2527 configuration. 2528 properties: 2529 additionalConfig: 2530 description: "AdditionalConfig contains additional 2531 configuration to be merged with the Ignition configuration 2532 generated by the bootstrapper controller. More info: 2533 https://coreos.github.io/ignition/operator-notes/#config-merging 2534 \n The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/" 2535 type: string 2536 strict: 2537 description: Strict controls if AdditionalConfig should 2538 be strictly parsed. If so, warnings are treated 2539 as errors. 2540 type: boolean 2541 type: object 2542 type: object 2543 initConfiguration: 2544 description: InitConfiguration along with ClusterConfiguration 2545 are the configurations necessary for the init command 2546 properties: 2547 apiVersion: 2548 description: 'APIVersion defines the versioned schema 2549 of this representation of an object. Servers should 2550 convert recognized schemas to the latest internal value, 2551 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2552 type: string 2553 bootstrapTokens: 2554 description: BootstrapTokens is respected at `kubeadm 2555 init` time and describes a set of Bootstrap Tokens to 2556 create. This information IS NOT uploaded to the kubeadm 2557 cluster configmap, partly because of its sensitive nature 2558 items: 2559 description: BootstrapToken describes one bootstrap 2560 token, stored as a Secret in the cluster. 2561 properties: 2562 description: 2563 description: Description sets a human-friendly message 2564 why this token exists and what it's used for, 2565 so other administrators can know its purpose. 2566 type: string 2567 expires: 2568 description: Expires specifies the timestamp when 2569 this token expires. Defaults to being set dynamically 2570 at runtime based on the TTL. Expires and TTL are 2571 mutually exclusive. 2572 format: date-time 2573 type: string 2574 groups: 2575 description: Groups specifies the extra groups that 2576 this token will authenticate as when/if used for 2577 authentication 2578 items: 2579 type: string 2580 type: array 2581 token: 2582 description: Token is used for establishing bidirectional 2583 trust between nodes and control-planes. Used for 2584 joining nodes in the cluster. 2585 type: string 2586 ttl: 2587 description: TTL defines the time to live for this 2588 token. Defaults to 24h. Expires and TTL are mutually 2589 exclusive. 2590 type: string 2591 usages: 2592 description: Usages describes the ways in which 2593 this token can be used. Can by default be used 2594 for establishing bidirectional trust, but that 2595 can be changed here. 2596 items: 2597 type: string 2598 type: array 2599 required: 2600 - token 2601 type: object 2602 type: array 2603 kind: 2604 description: 'Kind is a string value representing the 2605 REST resource this object represents. Servers may infer 2606 this from the endpoint the client submits requests to. 2607 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2608 type: string 2609 localAPIEndpoint: 2610 description: LocalAPIEndpoint represents the endpoint 2611 of the API server instance that's deployed on this control 2612 plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint 2613 in the sense that ControlPlaneEndpoint is the global 2614 endpoint for the cluster, which then loadbalances the 2615 requests to each individual API server. This configuration 2616 object lets you customize what IP/DNS name and port 2617 the local API server advertises it's accessible on. 2618 By default, kubeadm tries to auto-detect the IP of the 2619 default interface and use that, but in case that process 2620 fails you may set the desired value here. 2621 properties: 2622 advertiseAddress: 2623 description: AdvertiseAddress sets the IP address 2624 for the API server to advertise. 2625 type: string 2626 bindPort: 2627 description: BindPort sets the secure port for the 2628 API Server to bind to. Defaults to 6443. 2629 format: int32 2630 type: integer 2631 type: object 2632 nodeRegistration: 2633 description: NodeRegistration holds fields that relate 2634 to registering the new control-plane node to the cluster. 2635 When used in the context of control plane nodes, NodeRegistration 2636 should remain consistent across both InitConfiguration 2637 and JoinConfiguration 2638 properties: 2639 criSocket: 2640 description: CRISocket is used to retrieve container 2641 runtime info. This information will be annotated 2642 to the Node API object, for later re-use 2643 type: string 2644 ignorePreflightErrors: 2645 description: IgnorePreflightErrors provides a slice 2646 of pre-flight errors to be ignored when the current 2647 node is registered. 2648 items: 2649 type: string 2650 type: array 2651 imagePullPolicy: 2652 description: ImagePullPolicy specifies the policy 2653 for image pulling during kubeadm "init" and "join" 2654 operations. The value of this field must be one 2655 of "Always", "IfNotPresent" or "Never". Defaults 2656 to "IfNotPresent". This can be used only with Kubernetes 2657 version equal to 1.22 and later. 2658 enum: 2659 - Always 2660 - IfNotPresent 2661 - Never 2662 type: string 2663 kubeletExtraArgs: 2664 additionalProperties: 2665 type: string 2666 description: KubeletExtraArgs passes through extra 2667 arguments to the kubelet. The arguments here are 2668 passed to the kubelet command line via the environment 2669 file kubeadm writes at runtime for the kubelet to 2670 source. This overrides the generic base-level configuration 2671 in the kubelet-config-1.X ConfigMap Flags have higher 2672 priority when parsing. These values are local and 2673 specific to the node kubeadm is executing on. 2674 type: object 2675 name: 2676 description: Name is the `.Metadata.Name` field of 2677 the Node API object that will be created in this 2678 `kubeadm init` or `kubeadm join` operation. This 2679 field is also used in the CommonName field of the 2680 kubelet's client certificate to the API server. 2681 Defaults to the hostname of the node if not provided. 2682 type: string 2683 taints: 2684 description: 'Taints specifies the taints the Node 2685 API object should be registered with. If this field 2686 is unset, i.e. nil, in the `kubeadm init` process 2687 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 2688 If you don''t want to taint your control-plane node, 2689 set this field to an empty slice, i.e. `taints: 2690 []` in the YAML file. This field is solely used 2691 for Node registration.' 2692 items: 2693 description: The node this Taint is attached to 2694 has the "effect" on any pod that does not tolerate 2695 the Taint. 2696 properties: 2697 effect: 2698 description: Required. The effect of the taint 2699 on pods that do not tolerate the taint. Valid 2700 effects are NoSchedule, PreferNoSchedule and 2701 NoExecute. 2702 type: string 2703 key: 2704 description: Required. The taint key to be applied 2705 to a node. 2706 type: string 2707 timeAdded: 2708 description: TimeAdded represents the time at 2709 which the taint was added. It is only written 2710 for NoExecute taints. 2711 format: date-time 2712 type: string 2713 value: 2714 description: The taint value corresponding to 2715 the taint key. 2716 type: string 2717 required: 2718 - effect 2719 - key 2720 type: object 2721 type: array 2722 type: object 2723 patches: 2724 description: Patches contains options related to applying 2725 patches to components deployed by kubeadm during "kubeadm 2726 init". The minimum kubernetes version needed to support 2727 Patches is v1.22 2728 properties: 2729 directory: 2730 description: Directory is a path to a directory that 2731 contains files named "target[suffix][+patchtype].extension". 2732 For example, "kube-apiserver0+merge.yaml" or just 2733 "etcd.json". "target" can be one of "kube-apiserver", 2734 "kube-controller-manager", "kube-scheduler", "etcd". 2735 "patchtype" can be one of "strategic" "merge" or 2736 "json" and they match the patch formats supported 2737 by kubectl. The default "patchtype" is "strategic". 2738 "extension" must be either "json" or "yaml". "suffix" 2739 is an optional string that can be used to determine 2740 which patches are applied first alpha-numerically. 2741 These files can be written into the target directory 2742 via KubeadmConfig.Files which specifies additional 2743 files to be created on the machine, either with 2744 content inline or by referencing a secret. 2745 type: string 2746 type: object 2747 skipPhases: 2748 description: SkipPhases is a list of phases to skip during 2749 command execution. The list of phases can be obtained 2750 with the "kubeadm init --help" command. This option 2751 takes effect only on Kubernetes >=1.22.0. 2752 items: 2753 type: string 2754 type: array 2755 type: object 2756 joinConfiguration: 2757 description: JoinConfiguration is the kubeadm configuration 2758 for the join command 2759 properties: 2760 apiVersion: 2761 description: 'APIVersion defines the versioned schema 2762 of this representation of an object. Servers should 2763 convert recognized schemas to the latest internal value, 2764 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2765 type: string 2766 caCertPath: 2767 description: 'CACertPath is the path to the SSL certificate 2768 authority used to secure comunications between node 2769 and control-plane. Defaults to "/etc/kubernetes/pki/ca.crt". 2770 TODO: revisit when there is defaulting from k/k' 2771 type: string 2772 controlPlane: 2773 description: ControlPlane defines the additional control 2774 plane instance to be deployed on the joining node. If 2775 nil, no additional control plane instance will be deployed. 2776 properties: 2777 localAPIEndpoint: 2778 description: LocalAPIEndpoint represents the endpoint 2779 of the API server instance to be deployed on this 2780 node. 2781 properties: 2782 advertiseAddress: 2783 description: AdvertiseAddress sets the IP address 2784 for the API server to advertise. 2785 type: string 2786 bindPort: 2787 description: BindPort sets the secure port for 2788 the API Server to bind to. Defaults to 6443. 2789 format: int32 2790 type: integer 2791 type: object 2792 type: object 2793 discovery: 2794 description: 'Discovery specifies the options for the 2795 kubelet to use during the TLS Bootstrap process TODO: 2796 revisit when there is defaulting from k/k' 2797 properties: 2798 bootstrapToken: 2799 description: BootstrapToken is used to set the options 2800 for bootstrap token based discovery BootstrapToken 2801 and File are mutually exclusive 2802 properties: 2803 apiServerEndpoint: 2804 description: APIServerEndpoint is an IP or domain 2805 name to the API server from which info will 2806 be fetched. 2807 type: string 2808 caCertHashes: 2809 description: 'CACertHashes specifies a set of 2810 public key pins to verify when token-based discovery 2811 is used. The root CA found during discovery 2812 must match one of these values. Specifying an 2813 empty set disables root CA pinning, which can 2814 be unsafe. Each hash is specified as "<type>:<value>", 2815 where the only currently supported type is "sha256". 2816 This is a hex-encoded SHA-256 hash of the Subject 2817 Public Key Info (SPKI) object in DER-encoded 2818 ASN.1. These hashes can be calculated using, 2819 for example, OpenSSL: openssl x509 -pubkey -in 2820 ca.crt openssl rsa -pubin -outform der 2>&/dev/null 2821 | openssl dgst -sha256 -hex' 2822 items: 2823 type: string 2824 type: array 2825 token: 2826 description: Token is a token used to validate 2827 cluster information fetched from the control-plane. 2828 type: string 2829 unsafeSkipCAVerification: 2830 description: UnsafeSkipCAVerification allows token-based 2831 discovery without CA verification via CACertHashes. 2832 This can weaken the security of kubeadm since 2833 other nodes can impersonate the control-plane. 2834 type: boolean 2835 required: 2836 - token 2837 type: object 2838 file: 2839 description: File is used to specify a file or URL 2840 to a kubeconfig file from which to load cluster 2841 information BootstrapToken and File are mutually 2842 exclusive 2843 properties: 2844 kubeConfigPath: 2845 description: KubeConfigPath is used to specify 2846 the actual file path or URL to the kubeconfig 2847 file from which to load cluster information 2848 type: string 2849 required: 2850 - kubeConfigPath 2851 type: object 2852 timeout: 2853 description: Timeout modifies the discovery timeout 2854 type: string 2855 tlsBootstrapToken: 2856 description: TLSBootstrapToken is a token used for 2857 TLS bootstrapping. If .BootstrapToken is set, this 2858 field is defaulted to .BootstrapToken.Token, but 2859 can be overridden. If .File is set, this field **must 2860 be set** in case the KubeConfigFile does not contain 2861 any other authentication information 2862 type: string 2863 type: object 2864 kind: 2865 description: 'Kind is a string value representing the 2866 REST resource this object represents. Servers may infer 2867 this from the endpoint the client submits requests to. 2868 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2869 type: string 2870 nodeRegistration: 2871 description: NodeRegistration holds fields that relate 2872 to registering the new control-plane node to the cluster. 2873 When used in the context of control plane nodes, NodeRegistration 2874 should remain consistent across both InitConfiguration 2875 and JoinConfiguration 2876 properties: 2877 criSocket: 2878 description: CRISocket is used to retrieve container 2879 runtime info. This information will be annotated 2880 to the Node API object, for later re-use 2881 type: string 2882 ignorePreflightErrors: 2883 description: IgnorePreflightErrors provides a slice 2884 of pre-flight errors to be ignored when the current 2885 node is registered. 2886 items: 2887 type: string 2888 type: array 2889 imagePullPolicy: 2890 description: ImagePullPolicy specifies the policy 2891 for image pulling during kubeadm "init" and "join" 2892 operations. The value of this field must be one 2893 of "Always", "IfNotPresent" or "Never". Defaults 2894 to "IfNotPresent". This can be used only with Kubernetes 2895 version equal to 1.22 and later. 2896 enum: 2897 - Always 2898 - IfNotPresent 2899 - Never 2900 type: string 2901 kubeletExtraArgs: 2902 additionalProperties: 2903 type: string 2904 description: KubeletExtraArgs passes through extra 2905 arguments to the kubelet. The arguments here are 2906 passed to the kubelet command line via the environment 2907 file kubeadm writes at runtime for the kubelet to 2908 source. This overrides the generic base-level configuration 2909 in the kubelet-config-1.X ConfigMap Flags have higher 2910 priority when parsing. These values are local and 2911 specific to the node kubeadm is executing on. 2912 type: object 2913 name: 2914 description: Name is the `.Metadata.Name` field of 2915 the Node API object that will be created in this 2916 `kubeadm init` or `kubeadm join` operation. This 2917 field is also used in the CommonName field of the 2918 kubelet's client certificate to the API server. 2919 Defaults to the hostname of the node if not provided. 2920 type: string 2921 taints: 2922 description: 'Taints specifies the taints the Node 2923 API object should be registered with. If this field 2924 is unset, i.e. nil, in the `kubeadm init` process 2925 it will be defaulted to []v1.Taint{''node-role.kubernetes.io/master=""''}. 2926 If you don''t want to taint your control-plane node, 2927 set this field to an empty slice, i.e. `taints: 2928 []` in the YAML file. This field is solely used 2929 for Node registration.' 2930 items: 2931 description: The node this Taint is attached to 2932 has the "effect" on any pod that does not tolerate 2933 the Taint. 2934 properties: 2935 effect: 2936 description: Required. The effect of the taint 2937 on pods that do not tolerate the taint. Valid 2938 effects are NoSchedule, PreferNoSchedule and 2939 NoExecute. 2940 type: string 2941 key: 2942 description: Required. The taint key to be applied 2943 to a node. 2944 type: string 2945 timeAdded: 2946 description: TimeAdded represents the time at 2947 which the taint was added. It is only written 2948 for NoExecute taints. 2949 format: date-time 2950 type: string 2951 value: 2952 description: The taint value corresponding to 2953 the taint key. 2954 type: string 2955 required: 2956 - effect 2957 - key 2958 type: object 2959 type: array 2960 type: object 2961 patches: 2962 description: Patches contains options related to applying 2963 patches to components deployed by kubeadm during "kubeadm 2964 join". The minimum kubernetes version needed to support 2965 Patches is v1.22 2966 properties: 2967 directory: 2968 description: Directory is a path to a directory that 2969 contains files named "target[suffix][+patchtype].extension". 2970 For example, "kube-apiserver0+merge.yaml" or just 2971 "etcd.json". "target" can be one of "kube-apiserver", 2972 "kube-controller-manager", "kube-scheduler", "etcd". 2973 "patchtype" can be one of "strategic" "merge" or 2974 "json" and they match the patch formats supported 2975 by kubectl. The default "patchtype" is "strategic". 2976 "extension" must be either "json" or "yaml". "suffix" 2977 is an optional string that can be used to determine 2978 which patches are applied first alpha-numerically. 2979 These files can be written into the target directory 2980 via KubeadmConfig.Files which specifies additional 2981 files to be created on the machine, either with 2982 content inline or by referencing a secret. 2983 type: string 2984 type: object 2985 skipPhases: 2986 description: SkipPhases is a list of phases to skip during 2987 command execution. The list of phases can be obtained 2988 with the "kubeadm init --help" command. This option 2989 takes effect only on Kubernetes >=1.22.0. 2990 items: 2991 type: string 2992 type: array 2993 type: object 2994 mounts: 2995 description: Mounts specifies a list of mount points to be 2996 setup. 2997 items: 2998 description: MountPoints defines input for generated mounts 2999 in cloud-init. 3000 items: 3001 type: string 3002 type: array 3003 type: array 3004 ntp: 3005 description: NTP specifies NTP configuration 3006 properties: 3007 enabled: 3008 description: Enabled specifies whether NTP should be enabled 3009 type: boolean 3010 servers: 3011 description: Servers specifies which NTP servers to use 3012 items: 3013 type: string 3014 type: array 3015 type: object 3016 postKubeadmCommands: 3017 description: PostKubeadmCommands specifies extra commands 3018 to run after kubeadm runs 3019 items: 3020 type: string 3021 type: array 3022 preKubeadmCommands: 3023 description: PreKubeadmCommands specifies extra commands to 3024 run before kubeadm runs 3025 items: 3026 type: string 3027 type: array 3028 useExperimentalRetryJoin: 3029 description: "UseExperimentalRetryJoin replaces a basic kubeadm 3030 command with a shell script with retries for joins. \n This 3031 is meant to be an experimental temporary workaround on some 3032 environments where joins fail due to timing (and other issues). 3033 The long term goal is to add retries to kubeadm proper and 3034 use that functionality. \n This will add about 40KB to userdata 3035 \n For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 3036 \n Deprecated: This experimental fix is no longer needed 3037 and this field will be removed in a future release. When 3038 removing also remove from staticcheck exclude-rules for 3039 SA1019 in golangci.yml" 3040 type: boolean 3041 users: 3042 description: Users specifies extra users to add 3043 items: 3044 description: User defines the input for a generated user 3045 in cloud-init. 3046 properties: 3047 gecos: 3048 description: Gecos specifies the gecos to use for the 3049 user 3050 type: string 3051 groups: 3052 description: Groups specifies the additional groups 3053 for the user 3054 type: string 3055 homeDir: 3056 description: HomeDir specifies the home directory to 3057 use for the user 3058 type: string 3059 inactive: 3060 description: Inactive specifies whether to mark the 3061 user as inactive 3062 type: boolean 3063 lockPassword: 3064 description: LockPassword specifies if password login 3065 should be disabled 3066 type: boolean 3067 name: 3068 description: Name specifies the user name 3069 type: string 3070 passwd: 3071 description: Passwd specifies a hashed password for 3072 the user 3073 type: string 3074 passwdFrom: 3075 description: PasswdFrom is a referenced source of passwd 3076 to populate the passwd. 3077 properties: 3078 secret: 3079 description: Secret represents a secret that should 3080 populate this password. 3081 properties: 3082 key: 3083 description: Key is the key in the secret's 3084 data map for this value. 3085 type: string 3086 name: 3087 description: Name of the secret in the KubeadmBootstrapConfig's 3088 namespace to use. 3089 type: string 3090 required: 3091 - key 3092 - name 3093 type: object 3094 required: 3095 - secret 3096 type: object 3097 primaryGroup: 3098 description: PrimaryGroup specifies the primary group 3099 for the user 3100 type: string 3101 shell: 3102 description: Shell specifies the user's shell 3103 type: string 3104 sshAuthorizedKeys: 3105 description: SSHAuthorizedKeys specifies a list of ssh 3106 authorized keys for the user 3107 items: 3108 type: string 3109 type: array 3110 sudo: 3111 description: Sudo specifies a sudo role for the user 3112 type: string 3113 required: 3114 - name 3115 type: object 3116 type: array 3117 verbosity: 3118 description: Verbosity is the number for the kubeadm log level 3119 verbosity. It overrides the `--v` flag in kubeadm commands. 3120 format: int32 3121 type: integer 3122 type: object 3123 type: object 3124 required: 3125 - template 3126 type: object 3127 type: object 3128 served: true 3129 storage: true 3130 subresources: {}