sigs.k8s.io/cluster-api@v1.7.1/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: kubeadmconfigs.bootstrap.cluster.x-k8s.io 8 spec: 9 group: bootstrap.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: KubeadmConfig 14 listKind: KubeadmConfigList 15 plural: kubeadmconfigs 16 singular: kubeadmconfig 17 scope: Namespaced 18 versions: 19 - deprecated: true 20 name: v1alpha3 21 schema: 22 openAPIV3Schema: 23 description: |- 24 KubeadmConfig is the Schema for the kubeadmconfigs API. 25 26 27 Deprecated: This type will be removed in one of the next releases. 28 properties: 29 apiVersion: 30 description: |- 31 APIVersion defines the versioned schema of this representation of an object. 32 Servers should convert recognized schemas to the latest internal value, and 33 may reject unrecognized values. 34 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 35 type: string 36 kind: 37 description: |- 38 Kind is a string value representing the REST resource this object represents. 39 Servers may infer this from the endpoint the client submits requests to. 40 Cannot be updated. 41 In CamelCase. 42 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 43 type: string 44 metadata: 45 type: object 46 spec: 47 description: |- 48 KubeadmConfigSpec defines the desired state of KubeadmConfig. 49 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 50 properties: 51 clusterConfiguration: 52 description: ClusterConfiguration along with InitConfiguration are 53 the configurations necessary for the init command 54 properties: 55 apiServer: 56 description: APIServer contains extra settings for the API server 57 control plane component 58 properties: 59 certSANs: 60 description: CertSANs sets extra Subject Alternative Names 61 for the API Server signing cert. 62 items: 63 type: string 64 type: array 65 extraArgs: 66 additionalProperties: 67 type: string 68 description: |- 69 ExtraArgs is an extra set of flags to pass to the control plane component. 70 TODO: This is temporary and ideally we would like to switch all components to 71 use ComponentConfig + ConfigMaps. 72 type: object 73 extraVolumes: 74 description: ExtraVolumes is an extra set of host volumes, 75 mounted to the control plane component. 76 items: 77 description: |- 78 HostPathMount contains elements describing volumes that are mounted from the 79 host. 80 properties: 81 hostPath: 82 description: |- 83 HostPath is the path in the host that will be mounted inside 84 the pod. 85 type: string 86 mountPath: 87 description: MountPath is the path inside the pod where 88 hostPath will be mounted. 89 type: string 90 name: 91 description: Name of the volume inside the pod template. 92 type: string 93 pathType: 94 description: PathType is the type of the HostPath. 95 type: string 96 readOnly: 97 description: ReadOnly controls write access to the volume 98 type: boolean 99 required: 100 - hostPath 101 - mountPath 102 - name 103 type: object 104 type: array 105 timeoutForControlPlane: 106 description: TimeoutForControlPlane controls the timeout that 107 we use for API server to appear 108 type: string 109 type: object 110 apiVersion: 111 description: |- 112 APIVersion defines the versioned schema of this representation of an object. 113 Servers should convert recognized schemas to the latest internal value, and 114 may reject unrecognized values. 115 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 116 type: string 117 certificatesDir: 118 description: |- 119 CertificatesDir specifies where to store or look for all required certificates. 120 NB: if not provided, this will default to `/etc/kubernetes/pki` 121 type: string 122 clusterName: 123 description: The cluster name 124 type: string 125 controlPlaneEndpoint: 126 description: |- 127 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 128 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 129 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 130 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 131 the BindPort is used. 132 Possible usages are: 133 e.g. In a cluster with more than one control plane instances, this field should be 134 assigned the address of the external load balancer in front of the 135 control plane instances. 136 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 137 could be used for assigning a stable DNS to the control plane. 138 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 139 type: string 140 controllerManager: 141 description: ControllerManager contains extra settings for the 142 controller manager control plane component 143 properties: 144 extraArgs: 145 additionalProperties: 146 type: string 147 description: |- 148 ExtraArgs is an extra set of flags to pass to the control plane component. 149 TODO: This is temporary and ideally we would like to switch all components to 150 use ComponentConfig + ConfigMaps. 151 type: object 152 extraVolumes: 153 description: ExtraVolumes is an extra set of host volumes, 154 mounted to the control plane component. 155 items: 156 description: |- 157 HostPathMount contains elements describing volumes that are mounted from the 158 host. 159 properties: 160 hostPath: 161 description: |- 162 HostPath is the path in the host that will be mounted inside 163 the pod. 164 type: string 165 mountPath: 166 description: MountPath is the path inside the pod where 167 hostPath will be mounted. 168 type: string 169 name: 170 description: Name of the volume inside the pod template. 171 type: string 172 pathType: 173 description: PathType is the type of the HostPath. 174 type: string 175 readOnly: 176 description: ReadOnly controls write access to the volume 177 type: boolean 178 required: 179 - hostPath 180 - mountPath 181 - name 182 type: object 183 type: array 184 type: object 185 dns: 186 description: DNS defines the options for the DNS add-on installed 187 in the cluster. 188 properties: 189 imageRepository: 190 description: |- 191 ImageRepository sets the container registry to pull images from. 192 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 193 type: string 194 imageTag: 195 description: |- 196 ImageTag allows to specify a tag for the image. 197 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 198 type: string 199 type: 200 description: Type defines the DNS add-on to be used 201 type: string 202 type: object 203 etcd: 204 description: |- 205 Etcd holds configuration for etcd. 206 NB: This value defaults to a Local (stacked) etcd 207 properties: 208 external: 209 description: |- 210 External describes how to connect to an external etcd cluster 211 Local and External are mutually exclusive 212 properties: 213 caFile: 214 description: |- 215 CAFile is an SSL Certificate Authority file used to secure etcd communication. 216 Required if using a TLS connection. 217 type: string 218 certFile: 219 description: |- 220 CertFile is an SSL certification file used to secure etcd communication. 221 Required if using a TLS connection. 222 type: string 223 endpoints: 224 description: Endpoints of etcd members. Required for ExternalEtcd. 225 items: 226 type: string 227 type: array 228 keyFile: 229 description: |- 230 KeyFile is an SSL key file used to secure etcd communication. 231 Required if using a TLS connection. 232 type: string 233 required: 234 - caFile 235 - certFile 236 - endpoints 237 - keyFile 238 type: object 239 local: 240 description: |- 241 Local provides configuration knobs for configuring the local etcd instance 242 Local and External are mutually exclusive 243 properties: 244 dataDir: 245 description: |- 246 DataDir is the directory etcd will place its data. 247 Defaults to "/var/lib/etcd". 248 type: string 249 extraArgs: 250 additionalProperties: 251 type: string 252 description: |- 253 ExtraArgs are extra arguments provided to the etcd binary 254 when run inside a static pod. 255 type: object 256 imageRepository: 257 description: |- 258 ImageRepository sets the container registry to pull images from. 259 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 260 type: string 261 imageTag: 262 description: |- 263 ImageTag allows to specify a tag for the image. 264 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 265 type: string 266 peerCertSANs: 267 description: PeerCertSANs sets extra Subject Alternative 268 Names for the etcd peer signing cert. 269 items: 270 type: string 271 type: array 272 serverCertSANs: 273 description: ServerCertSANs sets extra Subject Alternative 274 Names for the etcd server signing cert. 275 items: 276 type: string 277 type: array 278 type: object 279 type: object 280 featureGates: 281 additionalProperties: 282 type: boolean 283 description: FeatureGates enabled by the user. 284 type: object 285 imageRepository: 286 description: |- 287 ImageRepository sets the container registry to pull images from. 288 If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 289 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` 290 will be used for all the other images. 291 type: string 292 kind: 293 description: |- 294 Kind is a string value representing the REST resource this object represents. 295 Servers may infer this from the endpoint the client submits requests to. 296 Cannot be updated. 297 In CamelCase. 298 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 299 type: string 300 kubernetesVersion: 301 description: |- 302 KubernetesVersion is the target version of the control plane. 303 NB: This value defaults to the Machine object spec.version 304 type: string 305 networking: 306 description: |- 307 Networking holds configuration for the networking topology of the cluster. 308 NB: This value defaults to the Cluster object spec.clusterNetwork. 309 properties: 310 dnsDomain: 311 description: DNSDomain is the dns domain used by k8s services. 312 Defaults to "cluster.local". 313 type: string 314 podSubnet: 315 description: |- 316 PodSubnet is the subnet used by pods. 317 If unset, the API server will not allocate CIDR ranges for every node. 318 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 319 type: string 320 serviceSubnet: 321 description: |- 322 ServiceSubnet is the subnet used by k8s services. 323 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 324 to "10.96.0.0/12" if that's unset. 325 type: string 326 type: object 327 scheduler: 328 description: Scheduler contains extra settings for the scheduler 329 control plane component 330 properties: 331 extraArgs: 332 additionalProperties: 333 type: string 334 description: |- 335 ExtraArgs is an extra set of flags to pass to the control plane component. 336 TODO: This is temporary and ideally we would like to switch all components to 337 use ComponentConfig + ConfigMaps. 338 type: object 339 extraVolumes: 340 description: ExtraVolumes is an extra set of host volumes, 341 mounted to the control plane component. 342 items: 343 description: |- 344 HostPathMount contains elements describing volumes that are mounted from the 345 host. 346 properties: 347 hostPath: 348 description: |- 349 HostPath is the path in the host that will be mounted inside 350 the pod. 351 type: string 352 mountPath: 353 description: MountPath is the path inside the pod where 354 hostPath will be mounted. 355 type: string 356 name: 357 description: Name of the volume inside the pod template. 358 type: string 359 pathType: 360 description: PathType is the type of the HostPath. 361 type: string 362 readOnly: 363 description: ReadOnly controls write access to the volume 364 type: boolean 365 required: 366 - hostPath 367 - mountPath 368 - name 369 type: object 370 type: array 371 type: object 372 useHyperKubeImage: 373 description: UseHyperKubeImage controls if hyperkube should be 374 used for Kubernetes components instead of their respective separate 375 images 376 type: boolean 377 type: object 378 diskSetup: 379 description: DiskSetup specifies options for the creation of partition 380 tables and file systems on devices. 381 properties: 382 filesystems: 383 description: Filesystems specifies the list of file systems to 384 setup. 385 items: 386 description: Filesystem defines the file systems to be created. 387 properties: 388 device: 389 description: Device specifies the device name 390 type: string 391 extraOpts: 392 description: ExtraOpts defined extra options to add to the 393 command for creating the file system. 394 items: 395 type: string 396 type: array 397 filesystem: 398 description: Filesystem specifies the file system type. 399 type: string 400 label: 401 description: Label specifies the file system label to be 402 used. If set to None, no label is used. 403 type: string 404 overwrite: 405 description: |- 406 Overwrite defines whether or not to overwrite any existing filesystem. 407 If true, any pre-existing file system will be destroyed. Use with Caution. 408 type: boolean 409 partition: 410 description: 'Partition specifies the partition to use. 411 The valid options are: "auto|any", "auto", "any", "none", 412 and <NUM>, where NUM is the actual partition number.' 413 type: string 414 replaceFS: 415 description: |- 416 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 417 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 418 type: string 419 required: 420 - device 421 - filesystem 422 - label 423 type: object 424 type: array 425 partitions: 426 description: Partitions specifies the list of the partitions to 427 setup. 428 items: 429 description: Partition defines how to create and layout a partition. 430 properties: 431 device: 432 description: Device is the name of the device. 433 type: string 434 layout: 435 description: |- 436 Layout specifies the device layout. 437 If it is true, a single partition will be created for the entire device. 438 When layout is false, it means don't partition or ignore existing partitioning. 439 type: boolean 440 overwrite: 441 description: |- 442 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 443 Use with caution. Default is 'false'. 444 type: boolean 445 tableType: 446 description: |- 447 TableType specifies the tupe of partition table. The following are supported: 448 'mbr': default and setups a MS-DOS partition table 449 'gpt': setups a GPT partition table 450 type: string 451 required: 452 - device 453 - layout 454 type: object 455 type: array 456 type: object 457 files: 458 description: Files specifies extra files to be passed to user_data 459 upon creation. 460 items: 461 description: File defines the input for generating write_files in 462 cloud-init. 463 properties: 464 content: 465 description: Content is the actual content of the file. 466 type: string 467 contentFrom: 468 description: ContentFrom is a referenced source of content to 469 populate the file. 470 properties: 471 secret: 472 description: Secret represents a secret that should populate 473 this file. 474 properties: 475 key: 476 description: Key is the key in the secret's data map 477 for this value. 478 type: string 479 name: 480 description: Name of the secret in the KubeadmBootstrapConfig's 481 namespace to use. 482 type: string 483 required: 484 - key 485 - name 486 type: object 487 required: 488 - secret 489 type: object 490 encoding: 491 description: Encoding specifies the encoding of the file contents. 492 enum: 493 - base64 494 - gzip 495 - gzip+base64 496 type: string 497 owner: 498 description: Owner specifies the ownership of the file, e.g. 499 "root:root". 500 type: string 501 path: 502 description: Path specifies the full path on disk where to store 503 the file. 504 type: string 505 permissions: 506 description: Permissions specifies the permissions to assign 507 to the file, e.g. "0640". 508 type: string 509 required: 510 - path 511 type: object 512 type: array 513 format: 514 description: Format specifies the output format of the bootstrap data 515 enum: 516 - cloud-config 517 type: string 518 initConfiguration: 519 description: InitConfiguration along with ClusterConfiguration are 520 the configurations necessary for the init command 521 properties: 522 apiVersion: 523 description: |- 524 APIVersion defines the versioned schema of this representation of an object. 525 Servers should convert recognized schemas to the latest internal value, and 526 may reject unrecognized values. 527 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 528 type: string 529 bootstrapTokens: 530 description: |- 531 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 532 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 533 items: 534 description: BootstrapToken describes one bootstrap token, stored 535 as a Secret in the cluster. 536 properties: 537 description: 538 description: |- 539 Description sets a human-friendly message why this token exists and what it's used 540 for, so other administrators can know its purpose. 541 type: string 542 expires: 543 description: |- 544 Expires specifies the timestamp when this token expires. Defaults to being set 545 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 546 format: date-time 547 type: string 548 groups: 549 description: |- 550 Groups specifies the extra groups that this token will authenticate as when/if 551 used for authentication 552 items: 553 type: string 554 type: array 555 token: 556 description: |- 557 Token is used for establishing bidirectional trust between nodes and control-planes. 558 Used for joining nodes in the cluster. 559 type: string 560 ttl: 561 description: |- 562 TTL defines the time to live for this token. Defaults to 24h. 563 Expires and TTL are mutually exclusive. 564 type: string 565 usages: 566 description: |- 567 Usages describes the ways in which this token can be used. Can by default be used 568 for establishing bidirectional trust, but that can be changed here. 569 items: 570 type: string 571 type: array 572 required: 573 - token 574 type: object 575 type: array 576 kind: 577 description: |- 578 Kind is a string value representing the REST resource this object represents. 579 Servers may infer this from the endpoint the client submits requests to. 580 Cannot be updated. 581 In CamelCase. 582 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 583 type: string 584 localAPIEndpoint: 585 description: |- 586 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 587 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 588 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 589 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 590 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 591 fails you may set the desired value here. 592 properties: 593 advertiseAddress: 594 description: AdvertiseAddress sets the IP address for the 595 API server to advertise. 596 type: string 597 bindPort: 598 description: |- 599 BindPort sets the secure port for the API Server to bind to. 600 Defaults to 6443. 601 format: int32 602 type: integer 603 required: 604 - advertiseAddress 605 - bindPort 606 type: object 607 nodeRegistration: 608 description: |- 609 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 610 When used in the context of control plane nodes, NodeRegistration should remain consistent 611 across both InitConfiguration and JoinConfiguration 612 properties: 613 criSocket: 614 description: CRISocket is used to retrieve container runtime 615 info. This information will be annotated to the Node API 616 object, for later re-use 617 type: string 618 kubeletExtraArgs: 619 additionalProperties: 620 type: string 621 description: |- 622 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 623 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 624 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 625 type: object 626 name: 627 description: |- 628 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 629 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 630 Defaults to the hostname of the node if not provided. 631 type: string 632 taints: 633 description: |- 634 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 635 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 636 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 637 items: 638 description: |- 639 The node this Taint is attached to has the "effect" on 640 any pod that does not tolerate the Taint. 641 properties: 642 effect: 643 description: |- 644 Required. The effect of the taint on pods 645 that do not tolerate the taint. 646 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 647 type: string 648 key: 649 description: Required. The taint key to be applied to 650 a node. 651 type: string 652 timeAdded: 653 description: |- 654 TimeAdded represents the time at which the taint was added. 655 It is only written for NoExecute taints. 656 format: date-time 657 type: string 658 value: 659 description: The taint value corresponding to the taint 660 key. 661 type: string 662 required: 663 - effect 664 - key 665 type: object 666 type: array 667 type: object 668 type: object 669 joinConfiguration: 670 description: JoinConfiguration is the kubeadm configuration for the 671 join command 672 properties: 673 apiVersion: 674 description: |- 675 APIVersion defines the versioned schema of this representation of an object. 676 Servers should convert recognized schemas to the latest internal value, and 677 may reject unrecognized values. 678 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 679 type: string 680 caCertPath: 681 description: |- 682 CACertPath is the path to the SSL certificate authority used to 683 secure comunications between node and control-plane. 684 Defaults to "/etc/kubernetes/pki/ca.crt". 685 TODO: revisit when there is defaulting from k/k 686 type: string 687 controlPlane: 688 description: |- 689 ControlPlane defines the additional control plane instance to be deployed on the joining node. 690 If nil, no additional control plane instance will be deployed. 691 properties: 692 localAPIEndpoint: 693 description: LocalAPIEndpoint represents the endpoint of the 694 API server instance to be deployed on this node. 695 properties: 696 advertiseAddress: 697 description: AdvertiseAddress sets the IP address for 698 the API server to advertise. 699 type: string 700 bindPort: 701 description: |- 702 BindPort sets the secure port for the API Server to bind to. 703 Defaults to 6443. 704 format: int32 705 type: integer 706 required: 707 - advertiseAddress 708 - bindPort 709 type: object 710 type: object 711 discovery: 712 description: |- 713 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 714 TODO: revisit when there is defaulting from k/k 715 properties: 716 bootstrapToken: 717 description: |- 718 BootstrapToken is used to set the options for bootstrap token based discovery 719 BootstrapToken and File are mutually exclusive 720 properties: 721 apiServerEndpoint: 722 description: APIServerEndpoint is an IP or domain name 723 to the API server from which info will be fetched. 724 type: string 725 caCertHashes: 726 description: |- 727 CACertHashes specifies a set of public key pins to verify 728 when token-based discovery is used. The root CA found during discovery 729 must match one of these values. Specifying an empty set disables root CA 730 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 731 where the only currently supported type is "sha256". This is a hex-encoded 732 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 733 ASN.1. These hashes can be calculated using, for example, OpenSSL: 734 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 735 items: 736 type: string 737 type: array 738 token: 739 description: |- 740 Token is a token used to validate cluster information 741 fetched from the control-plane. 742 type: string 743 unsafeSkipCAVerification: 744 description: |- 745 UnsafeSkipCAVerification allows token-based discovery 746 without CA verification via CACertHashes. This can weaken 747 the security of kubeadm since other nodes can impersonate the control-plane. 748 type: boolean 749 required: 750 - token 751 - unsafeSkipCAVerification 752 type: object 753 file: 754 description: |- 755 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 756 BootstrapToken and File are mutually exclusive 757 properties: 758 kubeConfigPath: 759 description: KubeConfigPath is used to specify the actual 760 file path or URL to the kubeconfig file from which to 761 load cluster information 762 type: string 763 required: 764 - kubeConfigPath 765 type: object 766 timeout: 767 description: Timeout modifies the discovery timeout 768 type: string 769 tlsBootstrapToken: 770 description: |- 771 TLSBootstrapToken is a token used for TLS bootstrapping. 772 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 773 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 774 TODO: revisit when there is defaulting from k/k 775 type: string 776 type: object 777 kind: 778 description: |- 779 Kind is a string value representing the REST resource this object represents. 780 Servers may infer this from the endpoint the client submits requests to. 781 Cannot be updated. 782 In CamelCase. 783 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 784 type: string 785 nodeRegistration: 786 description: |- 787 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 788 When used in the context of control plane nodes, NodeRegistration should remain consistent 789 across both InitConfiguration and JoinConfiguration 790 properties: 791 criSocket: 792 description: CRISocket is used to retrieve container runtime 793 info. This information will be annotated to the Node API 794 object, for later re-use 795 type: string 796 kubeletExtraArgs: 797 additionalProperties: 798 type: string 799 description: |- 800 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 801 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 802 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 803 type: object 804 name: 805 description: |- 806 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 807 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 808 Defaults to the hostname of the node if not provided. 809 type: string 810 taints: 811 description: |- 812 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 813 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 814 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 815 items: 816 description: |- 817 The node this Taint is attached to has the "effect" on 818 any pod that does not tolerate the Taint. 819 properties: 820 effect: 821 description: |- 822 Required. The effect of the taint on pods 823 that do not tolerate the taint. 824 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 825 type: string 826 key: 827 description: Required. The taint key to be applied to 828 a node. 829 type: string 830 timeAdded: 831 description: |- 832 TimeAdded represents the time at which the taint was added. 833 It is only written for NoExecute taints. 834 format: date-time 835 type: string 836 value: 837 description: The taint value corresponding to the taint 838 key. 839 type: string 840 required: 841 - effect 842 - key 843 type: object 844 type: array 845 type: object 846 type: object 847 mounts: 848 description: Mounts specifies a list of mount points to be setup. 849 items: 850 description: MountPoints defines input for generated mounts in cloud-init. 851 items: 852 type: string 853 type: array 854 type: array 855 ntp: 856 description: NTP specifies NTP configuration 857 properties: 858 enabled: 859 description: Enabled specifies whether NTP should be enabled 860 type: boolean 861 servers: 862 description: Servers specifies which NTP servers to use 863 items: 864 type: string 865 type: array 866 type: object 867 postKubeadmCommands: 868 description: PostKubeadmCommands specifies extra commands to run after 869 kubeadm runs 870 items: 871 type: string 872 type: array 873 preKubeadmCommands: 874 description: PreKubeadmCommands specifies extra commands to run before 875 kubeadm runs 876 items: 877 type: string 878 type: array 879 useExperimentalRetryJoin: 880 description: |- 881 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 882 script with retries for joins. 883 884 885 This is meant to be an experimental temporary workaround on some environments 886 where joins fail due to timing (and other issues). The long term goal is to add retries to 887 kubeadm proper and use that functionality. 888 889 890 This will add about 40KB to userdata 891 892 893 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 894 type: boolean 895 users: 896 description: Users specifies extra users to add 897 items: 898 description: User defines the input for a generated user in cloud-init. 899 properties: 900 gecos: 901 description: Gecos specifies the gecos to use for the user 902 type: string 903 groups: 904 description: Groups specifies the additional groups for the 905 user 906 type: string 907 homeDir: 908 description: HomeDir specifies the home directory to use for 909 the user 910 type: string 911 inactive: 912 description: Inactive specifies whether to mark the user as 913 inactive 914 type: boolean 915 lockPassword: 916 description: LockPassword specifies if password login should 917 be disabled 918 type: boolean 919 name: 920 description: Name specifies the user name 921 type: string 922 passwd: 923 description: Passwd specifies a hashed password for the user 924 type: string 925 primaryGroup: 926 description: PrimaryGroup specifies the primary group for the 927 user 928 type: string 929 shell: 930 description: Shell specifies the user's shell 931 type: string 932 sshAuthorizedKeys: 933 description: SSHAuthorizedKeys specifies a list of ssh authorized 934 keys for the user 935 items: 936 type: string 937 type: array 938 sudo: 939 description: Sudo specifies a sudo role for the user 940 type: string 941 required: 942 - name 943 type: object 944 type: array 945 verbosity: 946 description: |- 947 Verbosity is the number for the kubeadm log level verbosity. 948 It overrides the `--v` flag in kubeadm commands. 949 format: int32 950 type: integer 951 type: object 952 status: 953 description: KubeadmConfigStatus defines the observed state of KubeadmConfig. 954 properties: 955 bootstrapData: 956 description: |- 957 BootstrapData will be a cloud-init script for now. 958 959 960 Deprecated: Switch to DataSecretName. 961 format: byte 962 type: string 963 conditions: 964 description: Conditions defines current service state of the KubeadmConfig. 965 items: 966 description: Condition defines an observation of a Cluster API resource 967 operational state. 968 properties: 969 lastTransitionTime: 970 description: |- 971 Last time the condition transitioned from one status to another. 972 This should be when the underlying condition changed. If that is not known, then using the time when 973 the API field changed is acceptable. 974 format: date-time 975 type: string 976 message: 977 description: |- 978 A human readable message indicating details about the transition. 979 This field may be empty. 980 type: string 981 reason: 982 description: |- 983 The reason for the condition's last transition in CamelCase. 984 The specific API may choose whether or not this field is considered a guaranteed API. 985 This field may not be empty. 986 type: string 987 severity: 988 description: |- 989 Severity provides an explicit classification of Reason code, so the users or machines can immediately 990 understand the current situation and act accordingly. 991 The Severity field MUST be set only when Status=False. 992 type: string 993 status: 994 description: Status of the condition, one of True, False, Unknown. 995 type: string 996 type: 997 description: |- 998 Type of condition in CamelCase or in foo.example.com/CamelCase. 999 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions 1000 can be useful (see .node.status.conditions), the ability to deconflict is important. 1001 type: string 1002 required: 1003 - status 1004 - type 1005 type: object 1006 type: array 1007 dataSecretName: 1008 description: DataSecretName is the name of the secret that stores 1009 the bootstrap data script. 1010 type: string 1011 failureMessage: 1012 description: FailureMessage will be set on non-retryable errors 1013 type: string 1014 failureReason: 1015 description: FailureReason will be set on non-retryable errors 1016 type: string 1017 observedGeneration: 1018 description: ObservedGeneration is the latest generation observed 1019 by the controller. 1020 format: int64 1021 type: integer 1022 ready: 1023 description: Ready indicates the BootstrapData field is ready to be 1024 consumed 1025 type: boolean 1026 type: object 1027 type: object 1028 served: false 1029 storage: false 1030 subresources: 1031 status: {} 1032 - additionalPrinterColumns: 1033 - description: Time duration since creation of KubeadmConfig 1034 jsonPath: .metadata.creationTimestamp 1035 name: Age 1036 type: date 1037 deprecated: true 1038 name: v1alpha4 1039 schema: 1040 openAPIV3Schema: 1041 description: |- 1042 KubeadmConfig is the Schema for the kubeadmconfigs API. 1043 1044 1045 Deprecated: This type will be removed in one of the next releases. 1046 properties: 1047 apiVersion: 1048 description: |- 1049 APIVersion defines the versioned schema of this representation of an object. 1050 Servers should convert recognized schemas to the latest internal value, and 1051 may reject unrecognized values. 1052 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1053 type: string 1054 kind: 1055 description: |- 1056 Kind is a string value representing the REST resource this object represents. 1057 Servers may infer this from the endpoint the client submits requests to. 1058 Cannot be updated. 1059 In CamelCase. 1060 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1061 type: string 1062 metadata: 1063 type: object 1064 spec: 1065 description: |- 1066 KubeadmConfigSpec defines the desired state of KubeadmConfig. 1067 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 1068 properties: 1069 clusterConfiguration: 1070 description: ClusterConfiguration along with InitConfiguration are 1071 the configurations necessary for the init command 1072 properties: 1073 apiServer: 1074 description: APIServer contains extra settings for the API server 1075 control plane component 1076 properties: 1077 certSANs: 1078 description: CertSANs sets extra Subject Alternative Names 1079 for the API Server signing cert. 1080 items: 1081 type: string 1082 type: array 1083 extraArgs: 1084 additionalProperties: 1085 type: string 1086 description: |- 1087 ExtraArgs is an extra set of flags to pass to the control plane component. 1088 TODO: This is temporary and ideally we would like to switch all components to 1089 use ComponentConfig + ConfigMaps. 1090 type: object 1091 extraVolumes: 1092 description: ExtraVolumes is an extra set of host volumes, 1093 mounted to the control plane component. 1094 items: 1095 description: |- 1096 HostPathMount contains elements describing volumes that are mounted from the 1097 host. 1098 properties: 1099 hostPath: 1100 description: |- 1101 HostPath is the path in the host that will be mounted inside 1102 the pod. 1103 type: string 1104 mountPath: 1105 description: MountPath is the path inside the pod where 1106 hostPath will be mounted. 1107 type: string 1108 name: 1109 description: Name of the volume inside the pod template. 1110 type: string 1111 pathType: 1112 description: PathType is the type of the HostPath. 1113 type: string 1114 readOnly: 1115 description: ReadOnly controls write access to the volume 1116 type: boolean 1117 required: 1118 - hostPath 1119 - mountPath 1120 - name 1121 type: object 1122 type: array 1123 timeoutForControlPlane: 1124 description: TimeoutForControlPlane controls the timeout that 1125 we use for API server to appear 1126 type: string 1127 type: object 1128 apiVersion: 1129 description: |- 1130 APIVersion defines the versioned schema of this representation of an object. 1131 Servers should convert recognized schemas to the latest internal value, and 1132 may reject unrecognized values. 1133 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1134 type: string 1135 certificatesDir: 1136 description: |- 1137 CertificatesDir specifies where to store or look for all required certificates. 1138 NB: if not provided, this will default to `/etc/kubernetes/pki` 1139 type: string 1140 clusterName: 1141 description: The cluster name 1142 type: string 1143 controlPlaneEndpoint: 1144 description: |- 1145 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 1146 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 1147 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 1148 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 1149 the BindPort is used. 1150 Possible usages are: 1151 e.g. In a cluster with more than one control plane instances, this field should be 1152 assigned the address of the external load balancer in front of the 1153 control plane instances. 1154 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 1155 could be used for assigning a stable DNS to the control plane. 1156 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 1157 type: string 1158 controllerManager: 1159 description: ControllerManager contains extra settings for the 1160 controller manager control plane component 1161 properties: 1162 extraArgs: 1163 additionalProperties: 1164 type: string 1165 description: |- 1166 ExtraArgs is an extra set of flags to pass to the control plane component. 1167 TODO: This is temporary and ideally we would like to switch all components to 1168 use ComponentConfig + ConfigMaps. 1169 type: object 1170 extraVolumes: 1171 description: ExtraVolumes is an extra set of host volumes, 1172 mounted to the control plane component. 1173 items: 1174 description: |- 1175 HostPathMount contains elements describing volumes that are mounted from the 1176 host. 1177 properties: 1178 hostPath: 1179 description: |- 1180 HostPath is the path in the host that will be mounted inside 1181 the pod. 1182 type: string 1183 mountPath: 1184 description: MountPath is the path inside the pod where 1185 hostPath will be mounted. 1186 type: string 1187 name: 1188 description: Name of the volume inside the pod template. 1189 type: string 1190 pathType: 1191 description: PathType is the type of the HostPath. 1192 type: string 1193 readOnly: 1194 description: ReadOnly controls write access to the volume 1195 type: boolean 1196 required: 1197 - hostPath 1198 - mountPath 1199 - name 1200 type: object 1201 type: array 1202 type: object 1203 dns: 1204 description: DNS defines the options for the DNS add-on installed 1205 in the cluster. 1206 properties: 1207 imageRepository: 1208 description: |- 1209 ImageRepository sets the container registry to pull images from. 1210 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1211 type: string 1212 imageTag: 1213 description: |- 1214 ImageTag allows to specify a tag for the image. 1215 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1216 type: string 1217 type: object 1218 etcd: 1219 description: |- 1220 Etcd holds configuration for etcd. 1221 NB: This value defaults to a Local (stacked) etcd 1222 properties: 1223 external: 1224 description: |- 1225 External describes how to connect to an external etcd cluster 1226 Local and External are mutually exclusive 1227 properties: 1228 caFile: 1229 description: |- 1230 CAFile is an SSL Certificate Authority file used to secure etcd communication. 1231 Required if using a TLS connection. 1232 type: string 1233 certFile: 1234 description: |- 1235 CertFile is an SSL certification file used to secure etcd communication. 1236 Required if using a TLS connection. 1237 type: string 1238 endpoints: 1239 description: Endpoints of etcd members. Required for ExternalEtcd. 1240 items: 1241 type: string 1242 type: array 1243 keyFile: 1244 description: |- 1245 KeyFile is an SSL key file used to secure etcd communication. 1246 Required if using a TLS connection. 1247 type: string 1248 required: 1249 - caFile 1250 - certFile 1251 - endpoints 1252 - keyFile 1253 type: object 1254 local: 1255 description: |- 1256 Local provides configuration knobs for configuring the local etcd instance 1257 Local and External are mutually exclusive 1258 properties: 1259 dataDir: 1260 description: |- 1261 DataDir is the directory etcd will place its data. 1262 Defaults to "/var/lib/etcd". 1263 type: string 1264 extraArgs: 1265 additionalProperties: 1266 type: string 1267 description: |- 1268 ExtraArgs are extra arguments provided to the etcd binary 1269 when run inside a static pod. 1270 type: object 1271 imageRepository: 1272 description: |- 1273 ImageRepository sets the container registry to pull images from. 1274 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1275 type: string 1276 imageTag: 1277 description: |- 1278 ImageTag allows to specify a tag for the image. 1279 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1280 type: string 1281 peerCertSANs: 1282 description: PeerCertSANs sets extra Subject Alternative 1283 Names for the etcd peer signing cert. 1284 items: 1285 type: string 1286 type: array 1287 serverCertSANs: 1288 description: ServerCertSANs sets extra Subject Alternative 1289 Names for the etcd server signing cert. 1290 items: 1291 type: string 1292 type: array 1293 type: object 1294 type: object 1295 featureGates: 1296 additionalProperties: 1297 type: boolean 1298 description: FeatureGates enabled by the user. 1299 type: object 1300 imageRepository: 1301 description: |- 1302 ImageRepository sets the container registry to pull images from. 1303 If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 1304 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` 1305 will be used for all the other images. 1306 type: string 1307 kind: 1308 description: |- 1309 Kind is a string value representing the REST resource this object represents. 1310 Servers may infer this from the endpoint the client submits requests to. 1311 Cannot be updated. 1312 In CamelCase. 1313 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1314 type: string 1315 kubernetesVersion: 1316 description: |- 1317 KubernetesVersion is the target version of the control plane. 1318 NB: This value defaults to the Machine object spec.version 1319 type: string 1320 networking: 1321 description: |- 1322 Networking holds configuration for the networking topology of the cluster. 1323 NB: This value defaults to the Cluster object spec.clusterNetwork. 1324 properties: 1325 dnsDomain: 1326 description: DNSDomain is the dns domain used by k8s services. 1327 Defaults to "cluster.local". 1328 type: string 1329 podSubnet: 1330 description: |- 1331 PodSubnet is the subnet used by pods. 1332 If unset, the API server will not allocate CIDR ranges for every node. 1333 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 1334 type: string 1335 serviceSubnet: 1336 description: |- 1337 ServiceSubnet is the subnet used by k8s services. 1338 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 1339 to "10.96.0.0/12" if that's unset. 1340 type: string 1341 type: object 1342 scheduler: 1343 description: Scheduler contains extra settings for the scheduler 1344 control plane component 1345 properties: 1346 extraArgs: 1347 additionalProperties: 1348 type: string 1349 description: |- 1350 ExtraArgs is an extra set of flags to pass to the control plane component. 1351 TODO: This is temporary and ideally we would like to switch all components to 1352 use ComponentConfig + ConfigMaps. 1353 type: object 1354 extraVolumes: 1355 description: ExtraVolumes is an extra set of host volumes, 1356 mounted to the control plane component. 1357 items: 1358 description: |- 1359 HostPathMount contains elements describing volumes that are mounted from the 1360 host. 1361 properties: 1362 hostPath: 1363 description: |- 1364 HostPath is the path in the host that will be mounted inside 1365 the pod. 1366 type: string 1367 mountPath: 1368 description: MountPath is the path inside the pod where 1369 hostPath will be mounted. 1370 type: string 1371 name: 1372 description: Name of the volume inside the pod template. 1373 type: string 1374 pathType: 1375 description: PathType is the type of the HostPath. 1376 type: string 1377 readOnly: 1378 description: ReadOnly controls write access to the volume 1379 type: boolean 1380 required: 1381 - hostPath 1382 - mountPath 1383 - name 1384 type: object 1385 type: array 1386 type: object 1387 type: object 1388 diskSetup: 1389 description: DiskSetup specifies options for the creation of partition 1390 tables and file systems on devices. 1391 properties: 1392 filesystems: 1393 description: Filesystems specifies the list of file systems to 1394 setup. 1395 items: 1396 description: Filesystem defines the file systems to be created. 1397 properties: 1398 device: 1399 description: Device specifies the device name 1400 type: string 1401 extraOpts: 1402 description: ExtraOpts defined extra options to add to the 1403 command for creating the file system. 1404 items: 1405 type: string 1406 type: array 1407 filesystem: 1408 description: Filesystem specifies the file system type. 1409 type: string 1410 label: 1411 description: Label specifies the file system label to be 1412 used. If set to None, no label is used. 1413 type: string 1414 overwrite: 1415 description: |- 1416 Overwrite defines whether or not to overwrite any existing filesystem. 1417 If true, any pre-existing file system will be destroyed. Use with Caution. 1418 type: boolean 1419 partition: 1420 description: 'Partition specifies the partition to use. 1421 The valid options are: "auto|any", "auto", "any", "none", 1422 and <NUM>, where NUM is the actual partition number.' 1423 type: string 1424 replaceFS: 1425 description: |- 1426 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 1427 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 1428 type: string 1429 required: 1430 - device 1431 - filesystem 1432 - label 1433 type: object 1434 type: array 1435 partitions: 1436 description: Partitions specifies the list of the partitions to 1437 setup. 1438 items: 1439 description: Partition defines how to create and layout a partition. 1440 properties: 1441 device: 1442 description: Device is the name of the device. 1443 type: string 1444 layout: 1445 description: |- 1446 Layout specifies the device layout. 1447 If it is true, a single partition will be created for the entire device. 1448 When layout is false, it means don't partition or ignore existing partitioning. 1449 type: boolean 1450 overwrite: 1451 description: |- 1452 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 1453 Use with caution. Default is 'false'. 1454 type: boolean 1455 tableType: 1456 description: |- 1457 TableType specifies the tupe of partition table. The following are supported: 1458 'mbr': default and setups a MS-DOS partition table 1459 'gpt': setups a GPT partition table 1460 type: string 1461 required: 1462 - device 1463 - layout 1464 type: object 1465 type: array 1466 type: object 1467 files: 1468 description: Files specifies extra files to be passed to user_data 1469 upon creation. 1470 items: 1471 description: File defines the input for generating write_files in 1472 cloud-init. 1473 properties: 1474 content: 1475 description: Content is the actual content of the file. 1476 type: string 1477 contentFrom: 1478 description: ContentFrom is a referenced source of content to 1479 populate the file. 1480 properties: 1481 secret: 1482 description: Secret represents a secret that should populate 1483 this file. 1484 properties: 1485 key: 1486 description: Key is the key in the secret's data map 1487 for this value. 1488 type: string 1489 name: 1490 description: Name of the secret in the KubeadmBootstrapConfig's 1491 namespace to use. 1492 type: string 1493 required: 1494 - key 1495 - name 1496 type: object 1497 required: 1498 - secret 1499 type: object 1500 encoding: 1501 description: Encoding specifies the encoding of the file contents. 1502 enum: 1503 - base64 1504 - gzip 1505 - gzip+base64 1506 type: string 1507 owner: 1508 description: Owner specifies the ownership of the file, e.g. 1509 "root:root". 1510 type: string 1511 path: 1512 description: Path specifies the full path on disk where to store 1513 the file. 1514 type: string 1515 permissions: 1516 description: Permissions specifies the permissions to assign 1517 to the file, e.g. "0640". 1518 type: string 1519 required: 1520 - path 1521 type: object 1522 type: array 1523 format: 1524 description: Format specifies the output format of the bootstrap data 1525 enum: 1526 - cloud-config 1527 type: string 1528 initConfiguration: 1529 description: InitConfiguration along with ClusterConfiguration are 1530 the configurations necessary for the init command 1531 properties: 1532 apiVersion: 1533 description: |- 1534 APIVersion defines the versioned schema of this representation of an object. 1535 Servers should convert recognized schemas to the latest internal value, and 1536 may reject unrecognized values. 1537 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1538 type: string 1539 bootstrapTokens: 1540 description: |- 1541 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 1542 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 1543 items: 1544 description: BootstrapToken describes one bootstrap token, stored 1545 as a Secret in the cluster. 1546 properties: 1547 description: 1548 description: |- 1549 Description sets a human-friendly message why this token exists and what it's used 1550 for, so other administrators can know its purpose. 1551 type: string 1552 expires: 1553 description: |- 1554 Expires specifies the timestamp when this token expires. Defaults to being set 1555 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 1556 format: date-time 1557 type: string 1558 groups: 1559 description: |- 1560 Groups specifies the extra groups that this token will authenticate as when/if 1561 used for authentication 1562 items: 1563 type: string 1564 type: array 1565 token: 1566 description: |- 1567 Token is used for establishing bidirectional trust between nodes and control-planes. 1568 Used for joining nodes in the cluster. 1569 type: string 1570 ttl: 1571 description: |- 1572 TTL defines the time to live for this token. Defaults to 24h. 1573 Expires and TTL are mutually exclusive. 1574 type: string 1575 usages: 1576 description: |- 1577 Usages describes the ways in which this token can be used. Can by default be used 1578 for establishing bidirectional trust, but that can be changed here. 1579 items: 1580 type: string 1581 type: array 1582 required: 1583 - token 1584 type: object 1585 type: array 1586 kind: 1587 description: |- 1588 Kind is a string value representing the REST resource this object represents. 1589 Servers may infer this from the endpoint the client submits requests to. 1590 Cannot be updated. 1591 In CamelCase. 1592 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1593 type: string 1594 localAPIEndpoint: 1595 description: |- 1596 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 1597 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 1598 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 1599 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 1600 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 1601 fails you may set the desired value here. 1602 properties: 1603 advertiseAddress: 1604 description: AdvertiseAddress sets the IP address for the 1605 API server to advertise. 1606 type: string 1607 bindPort: 1608 description: |- 1609 BindPort sets the secure port for the API Server to bind to. 1610 Defaults to 6443. 1611 format: int32 1612 type: integer 1613 type: object 1614 nodeRegistration: 1615 description: |- 1616 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 1617 When used in the context of control plane nodes, NodeRegistration should remain consistent 1618 across both InitConfiguration and JoinConfiguration 1619 properties: 1620 criSocket: 1621 description: CRISocket is used to retrieve container runtime 1622 info. This information will be annotated to the Node API 1623 object, for later re-use 1624 type: string 1625 ignorePreflightErrors: 1626 description: IgnorePreflightErrors provides a slice of pre-flight 1627 errors to be ignored when the current node is registered. 1628 items: 1629 type: string 1630 type: array 1631 kubeletExtraArgs: 1632 additionalProperties: 1633 type: string 1634 description: |- 1635 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 1636 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 1637 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 1638 type: object 1639 name: 1640 description: |- 1641 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 1642 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 1643 Defaults to the hostname of the node if not provided. 1644 type: string 1645 taints: 1646 description: |- 1647 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 1648 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 1649 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 1650 items: 1651 description: |- 1652 The node this Taint is attached to has the "effect" on 1653 any pod that does not tolerate the Taint. 1654 properties: 1655 effect: 1656 description: |- 1657 Required. The effect of the taint on pods 1658 that do not tolerate the taint. 1659 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 1660 type: string 1661 key: 1662 description: Required. The taint key to be applied to 1663 a node. 1664 type: string 1665 timeAdded: 1666 description: |- 1667 TimeAdded represents the time at which the taint was added. 1668 It is only written for NoExecute taints. 1669 format: date-time 1670 type: string 1671 value: 1672 description: The taint value corresponding to the taint 1673 key. 1674 type: string 1675 required: 1676 - effect 1677 - key 1678 type: object 1679 type: array 1680 type: object 1681 type: object 1682 joinConfiguration: 1683 description: JoinConfiguration is the kubeadm configuration for the 1684 join command 1685 properties: 1686 apiVersion: 1687 description: |- 1688 APIVersion defines the versioned schema of this representation of an object. 1689 Servers should convert recognized schemas to the latest internal value, and 1690 may reject unrecognized values. 1691 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1692 type: string 1693 caCertPath: 1694 description: |- 1695 CACertPath is the path to the SSL certificate authority used to 1696 secure comunications between node and control-plane. 1697 Defaults to "/etc/kubernetes/pki/ca.crt". 1698 TODO: revisit when there is defaulting from k/k 1699 type: string 1700 controlPlane: 1701 description: |- 1702 ControlPlane defines the additional control plane instance to be deployed on the joining node. 1703 If nil, no additional control plane instance will be deployed. 1704 properties: 1705 localAPIEndpoint: 1706 description: LocalAPIEndpoint represents the endpoint of the 1707 API server instance to be deployed on this node. 1708 properties: 1709 advertiseAddress: 1710 description: AdvertiseAddress sets the IP address for 1711 the API server to advertise. 1712 type: string 1713 bindPort: 1714 description: |- 1715 BindPort sets the secure port for the API Server to bind to. 1716 Defaults to 6443. 1717 format: int32 1718 type: integer 1719 type: object 1720 type: object 1721 discovery: 1722 description: |- 1723 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 1724 TODO: revisit when there is defaulting from k/k 1725 properties: 1726 bootstrapToken: 1727 description: |- 1728 BootstrapToken is used to set the options for bootstrap token based discovery 1729 BootstrapToken and File are mutually exclusive 1730 properties: 1731 apiServerEndpoint: 1732 description: APIServerEndpoint is an IP or domain name 1733 to the API server from which info will be fetched. 1734 type: string 1735 caCertHashes: 1736 description: |- 1737 CACertHashes specifies a set of public key pins to verify 1738 when token-based discovery is used. The root CA found during discovery 1739 must match one of these values. Specifying an empty set disables root CA 1740 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 1741 where the only currently supported type is "sha256". This is a hex-encoded 1742 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 1743 ASN.1. These hashes can be calculated using, for example, OpenSSL: 1744 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 1745 items: 1746 type: string 1747 type: array 1748 token: 1749 description: |- 1750 Token is a token used to validate cluster information 1751 fetched from the control-plane. 1752 type: string 1753 unsafeSkipCAVerification: 1754 description: |- 1755 UnsafeSkipCAVerification allows token-based discovery 1756 without CA verification via CACertHashes. This can weaken 1757 the security of kubeadm since other nodes can impersonate the control-plane. 1758 type: boolean 1759 required: 1760 - token 1761 type: object 1762 file: 1763 description: |- 1764 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 1765 BootstrapToken and File are mutually exclusive 1766 properties: 1767 kubeConfigPath: 1768 description: KubeConfigPath is used to specify the actual 1769 file path or URL to the kubeconfig file from which to 1770 load cluster information 1771 type: string 1772 required: 1773 - kubeConfigPath 1774 type: object 1775 timeout: 1776 description: Timeout modifies the discovery timeout 1777 type: string 1778 tlsBootstrapToken: 1779 description: |- 1780 TLSBootstrapToken is a token used for TLS bootstrapping. 1781 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 1782 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 1783 type: string 1784 type: object 1785 kind: 1786 description: |- 1787 Kind is a string value representing the REST resource this object represents. 1788 Servers may infer this from the endpoint the client submits requests to. 1789 Cannot be updated. 1790 In CamelCase. 1791 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1792 type: string 1793 nodeRegistration: 1794 description: |- 1795 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 1796 When used in the context of control plane nodes, NodeRegistration should remain consistent 1797 across both InitConfiguration and JoinConfiguration 1798 properties: 1799 criSocket: 1800 description: CRISocket is used to retrieve container runtime 1801 info. This information will be annotated to the Node API 1802 object, for later re-use 1803 type: string 1804 ignorePreflightErrors: 1805 description: IgnorePreflightErrors provides a slice of pre-flight 1806 errors to be ignored when the current node is registered. 1807 items: 1808 type: string 1809 type: array 1810 kubeletExtraArgs: 1811 additionalProperties: 1812 type: string 1813 description: |- 1814 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 1815 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 1816 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 1817 type: object 1818 name: 1819 description: |- 1820 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 1821 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 1822 Defaults to the hostname of the node if not provided. 1823 type: string 1824 taints: 1825 description: |- 1826 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 1827 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 1828 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 1829 items: 1830 description: |- 1831 The node this Taint is attached to has the "effect" on 1832 any pod that does not tolerate the Taint. 1833 properties: 1834 effect: 1835 description: |- 1836 Required. The effect of the taint on pods 1837 that do not tolerate the taint. 1838 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 1839 type: string 1840 key: 1841 description: Required. The taint key to be applied to 1842 a node. 1843 type: string 1844 timeAdded: 1845 description: |- 1846 TimeAdded represents the time at which the taint was added. 1847 It is only written for NoExecute taints. 1848 format: date-time 1849 type: string 1850 value: 1851 description: The taint value corresponding to the taint 1852 key. 1853 type: string 1854 required: 1855 - effect 1856 - key 1857 type: object 1858 type: array 1859 type: object 1860 type: object 1861 mounts: 1862 description: Mounts specifies a list of mount points to be setup. 1863 items: 1864 description: MountPoints defines input for generated mounts in cloud-init. 1865 items: 1866 type: string 1867 type: array 1868 type: array 1869 ntp: 1870 description: NTP specifies NTP configuration 1871 properties: 1872 enabled: 1873 description: Enabled specifies whether NTP should be enabled 1874 type: boolean 1875 servers: 1876 description: Servers specifies which NTP servers to use 1877 items: 1878 type: string 1879 type: array 1880 type: object 1881 postKubeadmCommands: 1882 description: PostKubeadmCommands specifies extra commands to run after 1883 kubeadm runs 1884 items: 1885 type: string 1886 type: array 1887 preKubeadmCommands: 1888 description: PreKubeadmCommands specifies extra commands to run before 1889 kubeadm runs 1890 items: 1891 type: string 1892 type: array 1893 useExperimentalRetryJoin: 1894 description: |- 1895 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 1896 script with retries for joins. 1897 1898 1899 This is meant to be an experimental temporary workaround on some environments 1900 where joins fail due to timing (and other issues). The long term goal is to add retries to 1901 kubeadm proper and use that functionality. 1902 1903 1904 This will add about 40KB to userdata 1905 1906 1907 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 1908 type: boolean 1909 users: 1910 description: Users specifies extra users to add 1911 items: 1912 description: User defines the input for a generated user in cloud-init. 1913 properties: 1914 gecos: 1915 description: Gecos specifies the gecos to use for the user 1916 type: string 1917 groups: 1918 description: Groups specifies the additional groups for the 1919 user 1920 type: string 1921 homeDir: 1922 description: HomeDir specifies the home directory to use for 1923 the user 1924 type: string 1925 inactive: 1926 description: Inactive specifies whether to mark the user as 1927 inactive 1928 type: boolean 1929 lockPassword: 1930 description: LockPassword specifies if password login should 1931 be disabled 1932 type: boolean 1933 name: 1934 description: Name specifies the user name 1935 type: string 1936 passwd: 1937 description: Passwd specifies a hashed password for the user 1938 type: string 1939 primaryGroup: 1940 description: PrimaryGroup specifies the primary group for the 1941 user 1942 type: string 1943 shell: 1944 description: Shell specifies the user's shell 1945 type: string 1946 sshAuthorizedKeys: 1947 description: SSHAuthorizedKeys specifies a list of ssh authorized 1948 keys for the user 1949 items: 1950 type: string 1951 type: array 1952 sudo: 1953 description: Sudo specifies a sudo role for the user 1954 type: string 1955 required: 1956 - name 1957 type: object 1958 type: array 1959 verbosity: 1960 description: |- 1961 Verbosity is the number for the kubeadm log level verbosity. 1962 It overrides the `--v` flag in kubeadm commands. 1963 format: int32 1964 type: integer 1965 type: object 1966 status: 1967 description: KubeadmConfigStatus defines the observed state of KubeadmConfig. 1968 properties: 1969 conditions: 1970 description: Conditions defines current service state of the KubeadmConfig. 1971 items: 1972 description: Condition defines an observation of a Cluster API resource 1973 operational state. 1974 properties: 1975 lastTransitionTime: 1976 description: |- 1977 Last time the condition transitioned from one status to another. 1978 This should be when the underlying condition changed. If that is not known, then using the time when 1979 the API field changed is acceptable. 1980 format: date-time 1981 type: string 1982 message: 1983 description: |- 1984 A human readable message indicating details about the transition. 1985 This field may be empty. 1986 type: string 1987 reason: 1988 description: |- 1989 The reason for the condition's last transition in CamelCase. 1990 The specific API may choose whether or not this field is considered a guaranteed API. 1991 This field may not be empty. 1992 type: string 1993 severity: 1994 description: |- 1995 Severity provides an explicit classification of Reason code, so the users or machines can immediately 1996 understand the current situation and act accordingly. 1997 The Severity field MUST be set only when Status=False. 1998 type: string 1999 status: 2000 description: Status of the condition, one of True, False, Unknown. 2001 type: string 2002 type: 2003 description: |- 2004 Type of condition in CamelCase or in foo.example.com/CamelCase. 2005 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions 2006 can be useful (see .node.status.conditions), the ability to deconflict is important. 2007 type: string 2008 required: 2009 - status 2010 - type 2011 type: object 2012 type: array 2013 dataSecretName: 2014 description: DataSecretName is the name of the secret that stores 2015 the bootstrap data script. 2016 type: string 2017 failureMessage: 2018 description: FailureMessage will be set on non-retryable errors 2019 type: string 2020 failureReason: 2021 description: FailureReason will be set on non-retryable errors 2022 type: string 2023 observedGeneration: 2024 description: ObservedGeneration is the latest generation observed 2025 by the controller. 2026 format: int64 2027 type: integer 2028 ready: 2029 description: Ready indicates the BootstrapData field is ready to be 2030 consumed 2031 type: boolean 2032 type: object 2033 type: object 2034 served: false 2035 storage: false 2036 subresources: 2037 status: {} 2038 - additionalPrinterColumns: 2039 - description: Cluster 2040 jsonPath: .metadata.labels['cluster\.x-k8s\.io/cluster-name'] 2041 name: Cluster 2042 type: string 2043 - description: Time duration since creation of KubeadmConfig 2044 jsonPath: .metadata.creationTimestamp 2045 name: Age 2046 type: date 2047 name: v1beta1 2048 schema: 2049 openAPIV3Schema: 2050 description: KubeadmConfig is the Schema for the kubeadmconfigs API. 2051 properties: 2052 apiVersion: 2053 description: |- 2054 APIVersion defines the versioned schema of this representation of an object. 2055 Servers should convert recognized schemas to the latest internal value, and 2056 may reject unrecognized values. 2057 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2058 type: string 2059 kind: 2060 description: |- 2061 Kind is a string value representing the REST resource this object represents. 2062 Servers may infer this from the endpoint the client submits requests to. 2063 Cannot be updated. 2064 In CamelCase. 2065 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2066 type: string 2067 metadata: 2068 type: object 2069 spec: 2070 description: |- 2071 KubeadmConfigSpec defines the desired state of KubeadmConfig. 2072 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 2073 properties: 2074 clusterConfiguration: 2075 description: ClusterConfiguration along with InitConfiguration are 2076 the configurations necessary for the init command 2077 properties: 2078 apiServer: 2079 description: APIServer contains extra settings for the API server 2080 control plane component 2081 properties: 2082 certSANs: 2083 description: CertSANs sets extra Subject Alternative Names 2084 for the API Server signing cert. 2085 items: 2086 type: string 2087 type: array 2088 extraArgs: 2089 additionalProperties: 2090 type: string 2091 description: |- 2092 ExtraArgs is an extra set of flags to pass to the control plane component. 2093 TODO: This is temporary and ideally we would like to switch all components to 2094 use ComponentConfig + ConfigMaps. 2095 type: object 2096 extraVolumes: 2097 description: ExtraVolumes is an extra set of host volumes, 2098 mounted to the control plane component. 2099 items: 2100 description: |- 2101 HostPathMount contains elements describing volumes that are mounted from the 2102 host. 2103 properties: 2104 hostPath: 2105 description: |- 2106 HostPath is the path in the host that will be mounted inside 2107 the pod. 2108 type: string 2109 mountPath: 2110 description: MountPath is the path inside the pod where 2111 hostPath will be mounted. 2112 type: string 2113 name: 2114 description: Name of the volume inside the pod template. 2115 type: string 2116 pathType: 2117 description: PathType is the type of the HostPath. 2118 type: string 2119 readOnly: 2120 description: ReadOnly controls write access to the volume 2121 type: boolean 2122 required: 2123 - hostPath 2124 - mountPath 2125 - name 2126 type: object 2127 type: array 2128 timeoutForControlPlane: 2129 description: TimeoutForControlPlane controls the timeout that 2130 we use for API server to appear 2131 type: string 2132 type: object 2133 apiVersion: 2134 description: |- 2135 APIVersion defines the versioned schema of this representation of an object. 2136 Servers should convert recognized schemas to the latest internal value, and 2137 may reject unrecognized values. 2138 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2139 type: string 2140 certificatesDir: 2141 description: |- 2142 CertificatesDir specifies where to store or look for all required certificates. 2143 NB: if not provided, this will default to `/etc/kubernetes/pki` 2144 type: string 2145 clusterName: 2146 description: The cluster name 2147 type: string 2148 controlPlaneEndpoint: 2149 description: |- 2150 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 2151 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 2152 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 2153 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 2154 the BindPort is used. 2155 Possible usages are: 2156 e.g. In a cluster with more than one control plane instances, this field should be 2157 assigned the address of the external load balancer in front of the 2158 control plane instances. 2159 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 2160 could be used for assigning a stable DNS to the control plane. 2161 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 2162 type: string 2163 controllerManager: 2164 description: ControllerManager contains extra settings for the 2165 controller manager control plane component 2166 properties: 2167 extraArgs: 2168 additionalProperties: 2169 type: string 2170 description: |- 2171 ExtraArgs is an extra set of flags to pass to the control plane component. 2172 TODO: This is temporary and ideally we would like to switch all components to 2173 use ComponentConfig + ConfigMaps. 2174 type: object 2175 extraVolumes: 2176 description: ExtraVolumes is an extra set of host volumes, 2177 mounted to the control plane component. 2178 items: 2179 description: |- 2180 HostPathMount contains elements describing volumes that are mounted from the 2181 host. 2182 properties: 2183 hostPath: 2184 description: |- 2185 HostPath is the path in the host that will be mounted inside 2186 the pod. 2187 type: string 2188 mountPath: 2189 description: MountPath is the path inside the pod where 2190 hostPath will be mounted. 2191 type: string 2192 name: 2193 description: Name of the volume inside the pod template. 2194 type: string 2195 pathType: 2196 description: PathType is the type of the HostPath. 2197 type: string 2198 readOnly: 2199 description: ReadOnly controls write access to the volume 2200 type: boolean 2201 required: 2202 - hostPath 2203 - mountPath 2204 - name 2205 type: object 2206 type: array 2207 type: object 2208 dns: 2209 description: DNS defines the options for the DNS add-on installed 2210 in the cluster. 2211 properties: 2212 imageRepository: 2213 description: |- 2214 ImageRepository sets the container registry to pull images from. 2215 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 2216 type: string 2217 imageTag: 2218 description: |- 2219 ImageTag allows to specify a tag for the image. 2220 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 2221 type: string 2222 type: object 2223 etcd: 2224 description: |- 2225 Etcd holds configuration for etcd. 2226 NB: This value defaults to a Local (stacked) etcd 2227 properties: 2228 external: 2229 description: |- 2230 External describes how to connect to an external etcd cluster 2231 Local and External are mutually exclusive 2232 properties: 2233 caFile: 2234 description: |- 2235 CAFile is an SSL Certificate Authority file used to secure etcd communication. 2236 Required if using a TLS connection. 2237 type: string 2238 certFile: 2239 description: |- 2240 CertFile is an SSL certification file used to secure etcd communication. 2241 Required if using a TLS connection. 2242 type: string 2243 endpoints: 2244 description: Endpoints of etcd members. Required for ExternalEtcd. 2245 items: 2246 type: string 2247 type: array 2248 keyFile: 2249 description: |- 2250 KeyFile is an SSL key file used to secure etcd communication. 2251 Required if using a TLS connection. 2252 type: string 2253 required: 2254 - caFile 2255 - certFile 2256 - endpoints 2257 - keyFile 2258 type: object 2259 local: 2260 description: |- 2261 Local provides configuration knobs for configuring the local etcd instance 2262 Local and External are mutually exclusive 2263 properties: 2264 dataDir: 2265 description: |- 2266 DataDir is the directory etcd will place its data. 2267 Defaults to "/var/lib/etcd". 2268 type: string 2269 extraArgs: 2270 additionalProperties: 2271 type: string 2272 description: |- 2273 ExtraArgs are extra arguments provided to the etcd binary 2274 when run inside a static pod. 2275 type: object 2276 imageRepository: 2277 description: |- 2278 ImageRepository sets the container registry to pull images from. 2279 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 2280 type: string 2281 imageTag: 2282 description: |- 2283 ImageTag allows to specify a tag for the image. 2284 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 2285 type: string 2286 peerCertSANs: 2287 description: PeerCertSANs sets extra Subject Alternative 2288 Names for the etcd peer signing cert. 2289 items: 2290 type: string 2291 type: array 2292 serverCertSANs: 2293 description: ServerCertSANs sets extra Subject Alternative 2294 Names for the etcd server signing cert. 2295 items: 2296 type: string 2297 type: array 2298 type: object 2299 type: object 2300 featureGates: 2301 additionalProperties: 2302 type: boolean 2303 description: FeatureGates enabled by the user. 2304 type: object 2305 imageRepository: 2306 description: |- 2307 ImageRepository sets the container registry to pull images from. 2308 * If not set, the default registry of kubeadm will be used, i.e. 2309 * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 2310 * k8s.gcr.io (old registry): all older versions 2311 Please note that when imageRepository is not set we don't allow upgrades to 2312 versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use 2313 a newer patch version with the new registry instead (i.e. >= v1.22.17, 2314 >= v1.23.15, >= v1.24.9, >= v1.25.0). 2315 * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 2316 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components 2317 and for kube-proxy, while `registry.k8s.io` will be used for all the other images. 2318 type: string 2319 kind: 2320 description: |- 2321 Kind is a string value representing the REST resource this object represents. 2322 Servers may infer this from the endpoint the client submits requests to. 2323 Cannot be updated. 2324 In CamelCase. 2325 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2326 type: string 2327 kubernetesVersion: 2328 description: |- 2329 KubernetesVersion is the target version of the control plane. 2330 NB: This value defaults to the Machine object spec.version 2331 type: string 2332 networking: 2333 description: |- 2334 Networking holds configuration for the networking topology of the cluster. 2335 NB: This value defaults to the Cluster object spec.clusterNetwork. 2336 properties: 2337 dnsDomain: 2338 description: DNSDomain is the dns domain used by k8s services. 2339 Defaults to "cluster.local". 2340 type: string 2341 podSubnet: 2342 description: |- 2343 PodSubnet is the subnet used by pods. 2344 If unset, the API server will not allocate CIDR ranges for every node. 2345 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 2346 type: string 2347 serviceSubnet: 2348 description: |- 2349 ServiceSubnet is the subnet used by k8s services. 2350 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 2351 to "10.96.0.0/12" if that's unset. 2352 type: string 2353 type: object 2354 scheduler: 2355 description: Scheduler contains extra settings for the scheduler 2356 control plane component 2357 properties: 2358 extraArgs: 2359 additionalProperties: 2360 type: string 2361 description: |- 2362 ExtraArgs is an extra set of flags to pass to the control plane component. 2363 TODO: This is temporary and ideally we would like to switch all components to 2364 use ComponentConfig + ConfigMaps. 2365 type: object 2366 extraVolumes: 2367 description: ExtraVolumes is an extra set of host volumes, 2368 mounted to the control plane component. 2369 items: 2370 description: |- 2371 HostPathMount contains elements describing volumes that are mounted from the 2372 host. 2373 properties: 2374 hostPath: 2375 description: |- 2376 HostPath is the path in the host that will be mounted inside 2377 the pod. 2378 type: string 2379 mountPath: 2380 description: MountPath is the path inside the pod where 2381 hostPath will be mounted. 2382 type: string 2383 name: 2384 description: Name of the volume inside the pod template. 2385 type: string 2386 pathType: 2387 description: PathType is the type of the HostPath. 2388 type: string 2389 readOnly: 2390 description: ReadOnly controls write access to the volume 2391 type: boolean 2392 required: 2393 - hostPath 2394 - mountPath 2395 - name 2396 type: object 2397 type: array 2398 type: object 2399 type: object 2400 diskSetup: 2401 description: DiskSetup specifies options for the creation of partition 2402 tables and file systems on devices. 2403 properties: 2404 filesystems: 2405 description: Filesystems specifies the list of file systems to 2406 setup. 2407 items: 2408 description: Filesystem defines the file systems to be created. 2409 properties: 2410 device: 2411 description: Device specifies the device name 2412 type: string 2413 extraOpts: 2414 description: ExtraOpts defined extra options to add to the 2415 command for creating the file system. 2416 items: 2417 type: string 2418 type: array 2419 filesystem: 2420 description: Filesystem specifies the file system type. 2421 type: string 2422 label: 2423 description: Label specifies the file system label to be 2424 used. If set to None, no label is used. 2425 type: string 2426 overwrite: 2427 description: |- 2428 Overwrite defines whether or not to overwrite any existing filesystem. 2429 If true, any pre-existing file system will be destroyed. Use with Caution. 2430 type: boolean 2431 partition: 2432 description: 'Partition specifies the partition to use. 2433 The valid options are: "auto|any", "auto", "any", "none", 2434 and <NUM>, where NUM is the actual partition number.' 2435 type: string 2436 replaceFS: 2437 description: |- 2438 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 2439 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 2440 type: string 2441 required: 2442 - device 2443 - filesystem 2444 - label 2445 type: object 2446 type: array 2447 partitions: 2448 description: Partitions specifies the list of the partitions to 2449 setup. 2450 items: 2451 description: Partition defines how to create and layout a partition. 2452 properties: 2453 device: 2454 description: Device is the name of the device. 2455 type: string 2456 layout: 2457 description: |- 2458 Layout specifies the device layout. 2459 If it is true, a single partition will be created for the entire device. 2460 When layout is false, it means don't partition or ignore existing partitioning. 2461 type: boolean 2462 overwrite: 2463 description: |- 2464 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 2465 Use with caution. Default is 'false'. 2466 type: boolean 2467 tableType: 2468 description: |- 2469 TableType specifies the tupe of partition table. The following are supported: 2470 'mbr': default and setups a MS-DOS partition table 2471 'gpt': setups a GPT partition table 2472 type: string 2473 required: 2474 - device 2475 - layout 2476 type: object 2477 type: array 2478 type: object 2479 files: 2480 description: Files specifies extra files to be passed to user_data 2481 upon creation. 2482 items: 2483 description: File defines the input for generating write_files in 2484 cloud-init. 2485 properties: 2486 append: 2487 description: Append specifies whether to append Content to existing 2488 file if Path exists. 2489 type: boolean 2490 content: 2491 description: Content is the actual content of the file. 2492 type: string 2493 contentFrom: 2494 description: ContentFrom is a referenced source of content to 2495 populate the file. 2496 properties: 2497 secret: 2498 description: Secret represents a secret that should populate 2499 this file. 2500 properties: 2501 key: 2502 description: Key is the key in the secret's data map 2503 for this value. 2504 type: string 2505 name: 2506 description: Name of the secret in the KubeadmBootstrapConfig's 2507 namespace to use. 2508 type: string 2509 required: 2510 - key 2511 - name 2512 type: object 2513 required: 2514 - secret 2515 type: object 2516 encoding: 2517 description: Encoding specifies the encoding of the file contents. 2518 enum: 2519 - base64 2520 - gzip 2521 - gzip+base64 2522 type: string 2523 owner: 2524 description: Owner specifies the ownership of the file, e.g. 2525 "root:root". 2526 type: string 2527 path: 2528 description: Path specifies the full path on disk where to store 2529 the file. 2530 type: string 2531 permissions: 2532 description: Permissions specifies the permissions to assign 2533 to the file, e.g. "0640". 2534 type: string 2535 required: 2536 - path 2537 type: object 2538 type: array 2539 format: 2540 description: Format specifies the output format of the bootstrap data 2541 enum: 2542 - cloud-config 2543 - ignition 2544 type: string 2545 ignition: 2546 description: Ignition contains Ignition specific configuration. 2547 properties: 2548 containerLinuxConfig: 2549 description: ContainerLinuxConfig contains CLC specific configuration. 2550 properties: 2551 additionalConfig: 2552 description: |- 2553 AdditionalConfig contains additional configuration to be merged with the Ignition 2554 configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 2555 2556 2557 The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ 2558 type: string 2559 strict: 2560 description: Strict controls if AdditionalConfig should be 2561 strictly parsed. If so, warnings are treated as errors. 2562 type: boolean 2563 type: object 2564 type: object 2565 initConfiguration: 2566 description: InitConfiguration along with ClusterConfiguration are 2567 the configurations necessary for the init command 2568 properties: 2569 apiVersion: 2570 description: |- 2571 APIVersion defines the versioned schema of this representation of an object. 2572 Servers should convert recognized schemas to the latest internal value, and 2573 may reject unrecognized values. 2574 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2575 type: string 2576 bootstrapTokens: 2577 description: |- 2578 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 2579 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 2580 items: 2581 description: BootstrapToken describes one bootstrap token, stored 2582 as a Secret in the cluster. 2583 properties: 2584 description: 2585 description: |- 2586 Description sets a human-friendly message why this token exists and what it's used 2587 for, so other administrators can know its purpose. 2588 type: string 2589 expires: 2590 description: |- 2591 Expires specifies the timestamp when this token expires. Defaults to being set 2592 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 2593 format: date-time 2594 type: string 2595 groups: 2596 description: |- 2597 Groups specifies the extra groups that this token will authenticate as when/if 2598 used for authentication 2599 items: 2600 type: string 2601 type: array 2602 token: 2603 description: |- 2604 Token is used for establishing bidirectional trust between nodes and control-planes. 2605 Used for joining nodes in the cluster. 2606 type: string 2607 ttl: 2608 description: |- 2609 TTL defines the time to live for this token. Defaults to 24h. 2610 Expires and TTL are mutually exclusive. 2611 type: string 2612 usages: 2613 description: |- 2614 Usages describes the ways in which this token can be used. Can by default be used 2615 for establishing bidirectional trust, but that can be changed here. 2616 items: 2617 type: string 2618 type: array 2619 required: 2620 - token 2621 type: object 2622 type: array 2623 kind: 2624 description: |- 2625 Kind is a string value representing the REST resource this object represents. 2626 Servers may infer this from the endpoint the client submits requests to. 2627 Cannot be updated. 2628 In CamelCase. 2629 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2630 type: string 2631 localAPIEndpoint: 2632 description: |- 2633 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 2634 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 2635 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 2636 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 2637 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 2638 fails you may set the desired value here. 2639 properties: 2640 advertiseAddress: 2641 description: AdvertiseAddress sets the IP address for the 2642 API server to advertise. 2643 type: string 2644 bindPort: 2645 description: |- 2646 BindPort sets the secure port for the API Server to bind to. 2647 Defaults to 6443. 2648 format: int32 2649 type: integer 2650 type: object 2651 nodeRegistration: 2652 description: |- 2653 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 2654 When used in the context of control plane nodes, NodeRegistration should remain consistent 2655 across both InitConfiguration and JoinConfiguration 2656 properties: 2657 criSocket: 2658 description: CRISocket is used to retrieve container runtime 2659 info. This information will be annotated to the Node API 2660 object, for later re-use 2661 type: string 2662 ignorePreflightErrors: 2663 description: IgnorePreflightErrors provides a slice of pre-flight 2664 errors to be ignored when the current node is registered. 2665 items: 2666 type: string 2667 type: array 2668 imagePullPolicy: 2669 description: |- 2670 ImagePullPolicy specifies the policy for image pulling 2671 during kubeadm "init" and "join" operations. The value of 2672 this field must be one of "Always", "IfNotPresent" or 2673 "Never". Defaults to "IfNotPresent". This can be used only 2674 with Kubernetes version equal to 1.22 and later. 2675 enum: 2676 - Always 2677 - IfNotPresent 2678 - Never 2679 type: string 2680 kubeletExtraArgs: 2681 additionalProperties: 2682 type: string 2683 description: |- 2684 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 2685 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 2686 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 2687 type: object 2688 name: 2689 description: |- 2690 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 2691 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 2692 Defaults to the hostname of the node if not provided. 2693 type: string 2694 taints: 2695 description: |- 2696 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 2697 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 2698 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 2699 items: 2700 description: |- 2701 The node this Taint is attached to has the "effect" on 2702 any pod that does not tolerate the Taint. 2703 properties: 2704 effect: 2705 description: |- 2706 Required. The effect of the taint on pods 2707 that do not tolerate the taint. 2708 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 2709 type: string 2710 key: 2711 description: Required. The taint key to be applied to 2712 a node. 2713 type: string 2714 timeAdded: 2715 description: |- 2716 TimeAdded represents the time at which the taint was added. 2717 It is only written for NoExecute taints. 2718 format: date-time 2719 type: string 2720 value: 2721 description: The taint value corresponding to the taint 2722 key. 2723 type: string 2724 required: 2725 - effect 2726 - key 2727 type: object 2728 type: array 2729 type: object 2730 patches: 2731 description: |- 2732 Patches contains options related to applying patches to components deployed by kubeadm during 2733 "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 2734 properties: 2735 directory: 2736 description: |- 2737 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 2738 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 2739 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 2740 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 2741 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 2742 "suffix" is an optional string that can be used to determine which patches are applied 2743 first alpha-numerically. 2744 These files can be written into the target directory via KubeadmConfig.Files which 2745 specifies additional files to be created on the machine, either with content inline or 2746 by referencing a secret. 2747 type: string 2748 type: object 2749 skipPhases: 2750 description: |- 2751 SkipPhases is a list of phases to skip during command execution. 2752 The list of phases can be obtained with the "kubeadm init --help" command. 2753 This option takes effect only on Kubernetes >=1.22.0. 2754 items: 2755 type: string 2756 type: array 2757 type: object 2758 joinConfiguration: 2759 description: JoinConfiguration is the kubeadm configuration for the 2760 join command 2761 properties: 2762 apiVersion: 2763 description: |- 2764 APIVersion defines the versioned schema of this representation of an object. 2765 Servers should convert recognized schemas to the latest internal value, and 2766 may reject unrecognized values. 2767 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2768 type: string 2769 caCertPath: 2770 description: |- 2771 CACertPath is the path to the SSL certificate authority used to 2772 secure comunications between node and control-plane. 2773 Defaults to "/etc/kubernetes/pki/ca.crt". 2774 TODO: revisit when there is defaulting from k/k 2775 type: string 2776 controlPlane: 2777 description: |- 2778 ControlPlane defines the additional control plane instance to be deployed on the joining node. 2779 If nil, no additional control plane instance will be deployed. 2780 properties: 2781 localAPIEndpoint: 2782 description: LocalAPIEndpoint represents the endpoint of the 2783 API server instance to be deployed on this node. 2784 properties: 2785 advertiseAddress: 2786 description: AdvertiseAddress sets the IP address for 2787 the API server to advertise. 2788 type: string 2789 bindPort: 2790 description: |- 2791 BindPort sets the secure port for the API Server to bind to. 2792 Defaults to 6443. 2793 format: int32 2794 type: integer 2795 type: object 2796 type: object 2797 discovery: 2798 description: |- 2799 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 2800 TODO: revisit when there is defaulting from k/k 2801 properties: 2802 bootstrapToken: 2803 description: |- 2804 BootstrapToken is used to set the options for bootstrap token based discovery 2805 BootstrapToken and File are mutually exclusive 2806 properties: 2807 apiServerEndpoint: 2808 description: APIServerEndpoint is an IP or domain name 2809 to the API server from which info will be fetched. 2810 type: string 2811 caCertHashes: 2812 description: |- 2813 CACertHashes specifies a set of public key pins to verify 2814 when token-based discovery is used. The root CA found during discovery 2815 must match one of these values. Specifying an empty set disables root CA 2816 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 2817 where the only currently supported type is "sha256". This is a hex-encoded 2818 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 2819 ASN.1. These hashes can be calculated using, for example, OpenSSL: 2820 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 2821 items: 2822 type: string 2823 type: array 2824 token: 2825 description: |- 2826 Token is a token used to validate cluster information 2827 fetched from the control-plane. 2828 type: string 2829 unsafeSkipCAVerification: 2830 description: |- 2831 UnsafeSkipCAVerification allows token-based discovery 2832 without CA verification via CACertHashes. This can weaken 2833 the security of kubeadm since other nodes can impersonate the control-plane. 2834 type: boolean 2835 required: 2836 - token 2837 type: object 2838 file: 2839 description: |- 2840 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 2841 BootstrapToken and File are mutually exclusive 2842 properties: 2843 kubeConfigPath: 2844 description: KubeConfigPath is used to specify the actual 2845 file path or URL to the kubeconfig file from which to 2846 load cluster information 2847 type: string 2848 required: 2849 - kubeConfigPath 2850 type: object 2851 timeout: 2852 description: Timeout modifies the discovery timeout 2853 type: string 2854 tlsBootstrapToken: 2855 description: |- 2856 TLSBootstrapToken is a token used for TLS bootstrapping. 2857 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 2858 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 2859 type: string 2860 type: object 2861 kind: 2862 description: |- 2863 Kind is a string value representing the REST resource this object represents. 2864 Servers may infer this from the endpoint the client submits requests to. 2865 Cannot be updated. 2866 In CamelCase. 2867 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2868 type: string 2869 nodeRegistration: 2870 description: |- 2871 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 2872 When used in the context of control plane nodes, NodeRegistration should remain consistent 2873 across both InitConfiguration and JoinConfiguration 2874 properties: 2875 criSocket: 2876 description: CRISocket is used to retrieve container runtime 2877 info. This information will be annotated to the Node API 2878 object, for later re-use 2879 type: string 2880 ignorePreflightErrors: 2881 description: IgnorePreflightErrors provides a slice of pre-flight 2882 errors to be ignored when the current node is registered. 2883 items: 2884 type: string 2885 type: array 2886 imagePullPolicy: 2887 description: |- 2888 ImagePullPolicy specifies the policy for image pulling 2889 during kubeadm "init" and "join" operations. The value of 2890 this field must be one of "Always", "IfNotPresent" or 2891 "Never". Defaults to "IfNotPresent". This can be used only 2892 with Kubernetes version equal to 1.22 and later. 2893 enum: 2894 - Always 2895 - IfNotPresent 2896 - Never 2897 type: string 2898 kubeletExtraArgs: 2899 additionalProperties: 2900 type: string 2901 description: |- 2902 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 2903 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 2904 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 2905 type: object 2906 name: 2907 description: |- 2908 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 2909 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 2910 Defaults to the hostname of the node if not provided. 2911 type: string 2912 taints: 2913 description: |- 2914 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 2915 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 2916 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 2917 items: 2918 description: |- 2919 The node this Taint is attached to has the "effect" on 2920 any pod that does not tolerate the Taint. 2921 properties: 2922 effect: 2923 description: |- 2924 Required. The effect of the taint on pods 2925 that do not tolerate the taint. 2926 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 2927 type: string 2928 key: 2929 description: Required. The taint key to be applied to 2930 a node. 2931 type: string 2932 timeAdded: 2933 description: |- 2934 TimeAdded represents the time at which the taint was added. 2935 It is only written for NoExecute taints. 2936 format: date-time 2937 type: string 2938 value: 2939 description: The taint value corresponding to the taint 2940 key. 2941 type: string 2942 required: 2943 - effect 2944 - key 2945 type: object 2946 type: array 2947 type: object 2948 patches: 2949 description: |- 2950 Patches contains options related to applying patches to components deployed by kubeadm during 2951 "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 2952 properties: 2953 directory: 2954 description: |- 2955 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 2956 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 2957 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 2958 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 2959 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 2960 "suffix" is an optional string that can be used to determine which patches are applied 2961 first alpha-numerically. 2962 These files can be written into the target directory via KubeadmConfig.Files which 2963 specifies additional files to be created on the machine, either with content inline or 2964 by referencing a secret. 2965 type: string 2966 type: object 2967 skipPhases: 2968 description: |- 2969 SkipPhases is a list of phases to skip during command execution. 2970 The list of phases can be obtained with the "kubeadm init --help" command. 2971 This option takes effect only on Kubernetes >=1.22.0. 2972 items: 2973 type: string 2974 type: array 2975 type: object 2976 mounts: 2977 description: Mounts specifies a list of mount points to be setup. 2978 items: 2979 description: MountPoints defines input for generated mounts in cloud-init. 2980 items: 2981 type: string 2982 type: array 2983 type: array 2984 ntp: 2985 description: NTP specifies NTP configuration 2986 properties: 2987 enabled: 2988 description: Enabled specifies whether NTP should be enabled 2989 type: boolean 2990 servers: 2991 description: Servers specifies which NTP servers to use 2992 items: 2993 type: string 2994 type: array 2995 type: object 2996 postKubeadmCommands: 2997 description: PostKubeadmCommands specifies extra commands to run after 2998 kubeadm runs 2999 items: 3000 type: string 3001 type: array 3002 preKubeadmCommands: 3003 description: PreKubeadmCommands specifies extra commands to run before 3004 kubeadm runs 3005 items: 3006 type: string 3007 type: array 3008 useExperimentalRetryJoin: 3009 description: |- 3010 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 3011 script with retries for joins. 3012 3013 3014 This is meant to be an experimental temporary workaround on some environments 3015 where joins fail due to timing (and other issues). The long term goal is to add retries to 3016 kubeadm proper and use that functionality. 3017 3018 3019 This will add about 40KB to userdata 3020 3021 3022 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 3023 3024 3025 Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. 3026 When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml 3027 type: boolean 3028 users: 3029 description: Users specifies extra users to add 3030 items: 3031 description: User defines the input for a generated user in cloud-init. 3032 properties: 3033 gecos: 3034 description: Gecos specifies the gecos to use for the user 3035 type: string 3036 groups: 3037 description: Groups specifies the additional groups for the 3038 user 3039 type: string 3040 homeDir: 3041 description: HomeDir specifies the home directory to use for 3042 the user 3043 type: string 3044 inactive: 3045 description: Inactive specifies whether to mark the user as 3046 inactive 3047 type: boolean 3048 lockPassword: 3049 description: LockPassword specifies if password login should 3050 be disabled 3051 type: boolean 3052 name: 3053 description: Name specifies the user name 3054 type: string 3055 passwd: 3056 description: Passwd specifies a hashed password for the user 3057 type: string 3058 passwdFrom: 3059 description: PasswdFrom is a referenced source of passwd to 3060 populate the passwd. 3061 properties: 3062 secret: 3063 description: Secret represents a secret that should populate 3064 this password. 3065 properties: 3066 key: 3067 description: Key is the key in the secret's data map 3068 for this value. 3069 type: string 3070 name: 3071 description: Name of the secret in the KubeadmBootstrapConfig's 3072 namespace to use. 3073 type: string 3074 required: 3075 - key 3076 - name 3077 type: object 3078 required: 3079 - secret 3080 type: object 3081 primaryGroup: 3082 description: PrimaryGroup specifies the primary group for the 3083 user 3084 type: string 3085 shell: 3086 description: Shell specifies the user's shell 3087 type: string 3088 sshAuthorizedKeys: 3089 description: SSHAuthorizedKeys specifies a list of ssh authorized 3090 keys for the user 3091 items: 3092 type: string 3093 type: array 3094 sudo: 3095 description: Sudo specifies a sudo role for the user 3096 type: string 3097 required: 3098 - name 3099 type: object 3100 type: array 3101 verbosity: 3102 description: |- 3103 Verbosity is the number for the kubeadm log level verbosity. 3104 It overrides the `--v` flag in kubeadm commands. 3105 format: int32 3106 type: integer 3107 type: object 3108 status: 3109 description: KubeadmConfigStatus defines the observed state of KubeadmConfig. 3110 properties: 3111 conditions: 3112 description: Conditions defines current service state of the KubeadmConfig. 3113 items: 3114 description: Condition defines an observation of a Cluster API resource 3115 operational state. 3116 properties: 3117 lastTransitionTime: 3118 description: |- 3119 Last time the condition transitioned from one status to another. 3120 This should be when the underlying condition changed. If that is not known, then using the time when 3121 the API field changed is acceptable. 3122 format: date-time 3123 type: string 3124 message: 3125 description: |- 3126 A human readable message indicating details about the transition. 3127 This field may be empty. 3128 type: string 3129 reason: 3130 description: |- 3131 The reason for the condition's last transition in CamelCase. 3132 The specific API may choose whether or not this field is considered a guaranteed API. 3133 This field may not be empty. 3134 type: string 3135 severity: 3136 description: |- 3137 Severity provides an explicit classification of Reason code, so the users or machines can immediately 3138 understand the current situation and act accordingly. 3139 The Severity field MUST be set only when Status=False. 3140 type: string 3141 status: 3142 description: Status of the condition, one of True, False, Unknown. 3143 type: string 3144 type: 3145 description: |- 3146 Type of condition in CamelCase or in foo.example.com/CamelCase. 3147 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions 3148 can be useful (see .node.status.conditions), the ability to deconflict is important. 3149 type: string 3150 required: 3151 - lastTransitionTime 3152 - status 3153 - type 3154 type: object 3155 type: array 3156 dataSecretName: 3157 description: DataSecretName is the name of the secret that stores 3158 the bootstrap data script. 3159 type: string 3160 failureMessage: 3161 description: FailureMessage will be set on non-retryable errors 3162 type: string 3163 failureReason: 3164 description: FailureReason will be set on non-retryable errors 3165 type: string 3166 observedGeneration: 3167 description: ObservedGeneration is the latest generation observed 3168 by the controller. 3169 format: int64 3170 type: integer 3171 ready: 3172 description: Ready indicates the BootstrapData field is ready to be 3173 consumed 3174 type: boolean 3175 type: object 3176 type: object 3177 served: true 3178 storage: true 3179 subresources: 3180 status: {}