sigs.k8s.io/cluster-api@v1.7.1/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: kubeadmconfigtemplates.bootstrap.cluster.x-k8s.io 8 spec: 9 group: bootstrap.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: KubeadmConfigTemplate 14 listKind: KubeadmConfigTemplateList 15 plural: kubeadmconfigtemplates 16 singular: kubeadmconfigtemplate 17 scope: Namespaced 18 versions: 19 - deprecated: true 20 name: v1alpha3 21 schema: 22 openAPIV3Schema: 23 description: |- 24 KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. 25 26 27 Deprecated: This type will be removed in one of the next releases. 28 properties: 29 apiVersion: 30 description: |- 31 APIVersion defines the versioned schema of this representation of an object. 32 Servers should convert recognized schemas to the latest internal value, and 33 may reject unrecognized values. 34 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 35 type: string 36 kind: 37 description: |- 38 Kind is a string value representing the REST resource this object represents. 39 Servers may infer this from the endpoint the client submits requests to. 40 Cannot be updated. 41 In CamelCase. 42 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 43 type: string 44 metadata: 45 type: object 46 spec: 47 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 48 properties: 49 template: 50 description: KubeadmConfigTemplateResource defines the Template structure. 51 properties: 52 spec: 53 description: |- 54 KubeadmConfigSpec defines the desired state of KubeadmConfig. 55 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 56 properties: 57 clusterConfiguration: 58 description: ClusterConfiguration along with InitConfiguration 59 are the configurations necessary for the init command 60 properties: 61 apiServer: 62 description: APIServer contains extra settings for the 63 API server control plane component 64 properties: 65 certSANs: 66 description: CertSANs sets extra Subject Alternative 67 Names for the API Server signing cert. 68 items: 69 type: string 70 type: array 71 extraArgs: 72 additionalProperties: 73 type: string 74 description: |- 75 ExtraArgs is an extra set of flags to pass to the control plane component. 76 TODO: This is temporary and ideally we would like to switch all components to 77 use ComponentConfig + ConfigMaps. 78 type: object 79 extraVolumes: 80 description: ExtraVolumes is an extra set of host 81 volumes, mounted to the control plane component. 82 items: 83 description: |- 84 HostPathMount contains elements describing volumes that are mounted from the 85 host. 86 properties: 87 hostPath: 88 description: |- 89 HostPath is the path in the host that will be mounted inside 90 the pod. 91 type: string 92 mountPath: 93 description: MountPath is the path inside the 94 pod where hostPath will be mounted. 95 type: string 96 name: 97 description: Name of the volume inside the pod 98 template. 99 type: string 100 pathType: 101 description: PathType is the type of the HostPath. 102 type: string 103 readOnly: 104 description: ReadOnly controls write access 105 to the volume 106 type: boolean 107 required: 108 - hostPath 109 - mountPath 110 - name 111 type: object 112 type: array 113 timeoutForControlPlane: 114 description: TimeoutForControlPlane controls the timeout 115 that we use for API server to appear 116 type: string 117 type: object 118 apiVersion: 119 description: |- 120 APIVersion defines the versioned schema of this representation of an object. 121 Servers should convert recognized schemas to the latest internal value, and 122 may reject unrecognized values. 123 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 124 type: string 125 certificatesDir: 126 description: |- 127 CertificatesDir specifies where to store or look for all required certificates. 128 NB: if not provided, this will default to `/etc/kubernetes/pki` 129 type: string 130 clusterName: 131 description: The cluster name 132 type: string 133 controlPlaneEndpoint: 134 description: |- 135 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 136 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 137 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 138 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 139 the BindPort is used. 140 Possible usages are: 141 e.g. In a cluster with more than one control plane instances, this field should be 142 assigned the address of the external load balancer in front of the 143 control plane instances. 144 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 145 could be used for assigning a stable DNS to the control plane. 146 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 147 type: string 148 controllerManager: 149 description: ControllerManager contains extra settings 150 for the controller manager control plane component 151 properties: 152 extraArgs: 153 additionalProperties: 154 type: string 155 description: |- 156 ExtraArgs is an extra set of flags to pass to the control plane component. 157 TODO: This is temporary and ideally we would like to switch all components to 158 use ComponentConfig + ConfigMaps. 159 type: object 160 extraVolumes: 161 description: ExtraVolumes is an extra set of host 162 volumes, mounted to the control plane component. 163 items: 164 description: |- 165 HostPathMount contains elements describing volumes that are mounted from the 166 host. 167 properties: 168 hostPath: 169 description: |- 170 HostPath is the path in the host that will be mounted inside 171 the pod. 172 type: string 173 mountPath: 174 description: MountPath is the path inside the 175 pod where hostPath will be mounted. 176 type: string 177 name: 178 description: Name of the volume inside the pod 179 template. 180 type: string 181 pathType: 182 description: PathType is the type of the HostPath. 183 type: string 184 readOnly: 185 description: ReadOnly controls write access 186 to the volume 187 type: boolean 188 required: 189 - hostPath 190 - mountPath 191 - name 192 type: object 193 type: array 194 type: object 195 dns: 196 description: DNS defines the options for the DNS add-on 197 installed in the cluster. 198 properties: 199 imageRepository: 200 description: |- 201 ImageRepository sets the container registry to pull images from. 202 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 203 type: string 204 imageTag: 205 description: |- 206 ImageTag allows to specify a tag for the image. 207 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 208 type: string 209 type: 210 description: Type defines the DNS add-on to be used 211 type: string 212 type: object 213 etcd: 214 description: |- 215 Etcd holds configuration for etcd. 216 NB: This value defaults to a Local (stacked) etcd 217 properties: 218 external: 219 description: |- 220 External describes how to connect to an external etcd cluster 221 Local and External are mutually exclusive 222 properties: 223 caFile: 224 description: |- 225 CAFile is an SSL Certificate Authority file used to secure etcd communication. 226 Required if using a TLS connection. 227 type: string 228 certFile: 229 description: |- 230 CertFile is an SSL certification file used to secure etcd communication. 231 Required if using a TLS connection. 232 type: string 233 endpoints: 234 description: Endpoints of etcd members. Required 235 for ExternalEtcd. 236 items: 237 type: string 238 type: array 239 keyFile: 240 description: |- 241 KeyFile is an SSL key file used to secure etcd communication. 242 Required if using a TLS connection. 243 type: string 244 required: 245 - caFile 246 - certFile 247 - endpoints 248 - keyFile 249 type: object 250 local: 251 description: |- 252 Local provides configuration knobs for configuring the local etcd instance 253 Local and External are mutually exclusive 254 properties: 255 dataDir: 256 description: |- 257 DataDir is the directory etcd will place its data. 258 Defaults to "/var/lib/etcd". 259 type: string 260 extraArgs: 261 additionalProperties: 262 type: string 263 description: |- 264 ExtraArgs are extra arguments provided to the etcd binary 265 when run inside a static pod. 266 type: object 267 imageRepository: 268 description: |- 269 ImageRepository sets the container registry to pull images from. 270 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 271 type: string 272 imageTag: 273 description: |- 274 ImageTag allows to specify a tag for the image. 275 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 276 type: string 277 peerCertSANs: 278 description: PeerCertSANs sets extra Subject Alternative 279 Names for the etcd peer signing cert. 280 items: 281 type: string 282 type: array 283 serverCertSANs: 284 description: ServerCertSANs sets extra Subject 285 Alternative Names for the etcd server signing 286 cert. 287 items: 288 type: string 289 type: array 290 type: object 291 type: object 292 featureGates: 293 additionalProperties: 294 type: boolean 295 description: FeatureGates enabled by the user. 296 type: object 297 imageRepository: 298 description: |- 299 ImageRepository sets the container registry to pull images from. 300 If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 301 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` 302 will be used for all the other images. 303 type: string 304 kind: 305 description: |- 306 Kind is a string value representing the REST resource this object represents. 307 Servers may infer this from the endpoint the client submits requests to. 308 Cannot be updated. 309 In CamelCase. 310 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 311 type: string 312 kubernetesVersion: 313 description: |- 314 KubernetesVersion is the target version of the control plane. 315 NB: This value defaults to the Machine object spec.version 316 type: string 317 networking: 318 description: |- 319 Networking holds configuration for the networking topology of the cluster. 320 NB: This value defaults to the Cluster object spec.clusterNetwork. 321 properties: 322 dnsDomain: 323 description: DNSDomain is the dns domain used by k8s 324 services. Defaults to "cluster.local". 325 type: string 326 podSubnet: 327 description: |- 328 PodSubnet is the subnet used by pods. 329 If unset, the API server will not allocate CIDR ranges for every node. 330 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 331 type: string 332 serviceSubnet: 333 description: |- 334 ServiceSubnet is the subnet used by k8s services. 335 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 336 to "10.96.0.0/12" if that's unset. 337 type: string 338 type: object 339 scheduler: 340 description: Scheduler contains extra settings for the 341 scheduler control plane component 342 properties: 343 extraArgs: 344 additionalProperties: 345 type: string 346 description: |- 347 ExtraArgs is an extra set of flags to pass to the control plane component. 348 TODO: This is temporary and ideally we would like to switch all components to 349 use ComponentConfig + ConfigMaps. 350 type: object 351 extraVolumes: 352 description: ExtraVolumes is an extra set of host 353 volumes, mounted to the control plane component. 354 items: 355 description: |- 356 HostPathMount contains elements describing volumes that are mounted from the 357 host. 358 properties: 359 hostPath: 360 description: |- 361 HostPath is the path in the host that will be mounted inside 362 the pod. 363 type: string 364 mountPath: 365 description: MountPath is the path inside the 366 pod where hostPath will be mounted. 367 type: string 368 name: 369 description: Name of the volume inside the pod 370 template. 371 type: string 372 pathType: 373 description: PathType is the type of the HostPath. 374 type: string 375 readOnly: 376 description: ReadOnly controls write access 377 to the volume 378 type: boolean 379 required: 380 - hostPath 381 - mountPath 382 - name 383 type: object 384 type: array 385 type: object 386 useHyperKubeImage: 387 description: UseHyperKubeImage controls if hyperkube should 388 be used for Kubernetes components instead of their respective 389 separate images 390 type: boolean 391 type: object 392 diskSetup: 393 description: DiskSetup specifies options for the creation 394 of partition tables and file systems on devices. 395 properties: 396 filesystems: 397 description: Filesystems specifies the list of file systems 398 to setup. 399 items: 400 description: Filesystem defines the file systems to 401 be created. 402 properties: 403 device: 404 description: Device specifies the device name 405 type: string 406 extraOpts: 407 description: ExtraOpts defined extra options to 408 add to the command for creating the file system. 409 items: 410 type: string 411 type: array 412 filesystem: 413 description: Filesystem specifies the file system 414 type. 415 type: string 416 label: 417 description: Label specifies the file system label 418 to be used. If set to None, no label is used. 419 type: string 420 overwrite: 421 description: |- 422 Overwrite defines whether or not to overwrite any existing filesystem. 423 If true, any pre-existing file system will be destroyed. Use with Caution. 424 type: boolean 425 partition: 426 description: 'Partition specifies the partition 427 to use. The valid options are: "auto|any", "auto", 428 "any", "none", and <NUM>, where NUM is the actual 429 partition number.' 430 type: string 431 replaceFS: 432 description: |- 433 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 434 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 435 type: string 436 required: 437 - device 438 - filesystem 439 - label 440 type: object 441 type: array 442 partitions: 443 description: Partitions specifies the list of the partitions 444 to setup. 445 items: 446 description: Partition defines how to create and layout 447 a partition. 448 properties: 449 device: 450 description: Device is the name of the device. 451 type: string 452 layout: 453 description: |- 454 Layout specifies the device layout. 455 If it is true, a single partition will be created for the entire device. 456 When layout is false, it means don't partition or ignore existing partitioning. 457 type: boolean 458 overwrite: 459 description: |- 460 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 461 Use with caution. Default is 'false'. 462 type: boolean 463 tableType: 464 description: |- 465 TableType specifies the tupe of partition table. The following are supported: 466 'mbr': default and setups a MS-DOS partition table 467 'gpt': setups a GPT partition table 468 type: string 469 required: 470 - device 471 - layout 472 type: object 473 type: array 474 type: object 475 files: 476 description: Files specifies extra files to be passed to user_data 477 upon creation. 478 items: 479 description: File defines the input for generating write_files 480 in cloud-init. 481 properties: 482 content: 483 description: Content is the actual content of the file. 484 type: string 485 contentFrom: 486 description: ContentFrom is a referenced source of content 487 to populate the file. 488 properties: 489 secret: 490 description: Secret represents a secret that should 491 populate this file. 492 properties: 493 key: 494 description: Key is the key in the secret's 495 data map for this value. 496 type: string 497 name: 498 description: Name of the secret in the KubeadmBootstrapConfig's 499 namespace to use. 500 type: string 501 required: 502 - key 503 - name 504 type: object 505 required: 506 - secret 507 type: object 508 encoding: 509 description: Encoding specifies the encoding of the 510 file contents. 511 enum: 512 - base64 513 - gzip 514 - gzip+base64 515 type: string 516 owner: 517 description: Owner specifies the ownership of the file, 518 e.g. "root:root". 519 type: string 520 path: 521 description: Path specifies the full path on disk where 522 to store the file. 523 type: string 524 permissions: 525 description: Permissions specifies the permissions to 526 assign to the file, e.g. "0640". 527 type: string 528 required: 529 - path 530 type: object 531 type: array 532 format: 533 description: Format specifies the output format of the bootstrap 534 data 535 enum: 536 - cloud-config 537 type: string 538 initConfiguration: 539 description: InitConfiguration along with ClusterConfiguration 540 are the configurations necessary for the init command 541 properties: 542 apiVersion: 543 description: |- 544 APIVersion defines the versioned schema of this representation of an object. 545 Servers should convert recognized schemas to the latest internal value, and 546 may reject unrecognized values. 547 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 548 type: string 549 bootstrapTokens: 550 description: |- 551 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 552 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 553 items: 554 description: BootstrapToken describes one bootstrap 555 token, stored as a Secret in the cluster. 556 properties: 557 description: 558 description: |- 559 Description sets a human-friendly message why this token exists and what it's used 560 for, so other administrators can know its purpose. 561 type: string 562 expires: 563 description: |- 564 Expires specifies the timestamp when this token expires. Defaults to being set 565 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 566 format: date-time 567 type: string 568 groups: 569 description: |- 570 Groups specifies the extra groups that this token will authenticate as when/if 571 used for authentication 572 items: 573 type: string 574 type: array 575 token: 576 description: |- 577 Token is used for establishing bidirectional trust between nodes and control-planes. 578 Used for joining nodes in the cluster. 579 type: string 580 ttl: 581 description: |- 582 TTL defines the time to live for this token. Defaults to 24h. 583 Expires and TTL are mutually exclusive. 584 type: string 585 usages: 586 description: |- 587 Usages describes the ways in which this token can be used. Can by default be used 588 for establishing bidirectional trust, but that can be changed here. 589 items: 590 type: string 591 type: array 592 required: 593 - token 594 type: object 595 type: array 596 kind: 597 description: |- 598 Kind is a string value representing the REST resource this object represents. 599 Servers may infer this from the endpoint the client submits requests to. 600 Cannot be updated. 601 In CamelCase. 602 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 603 type: string 604 localAPIEndpoint: 605 description: |- 606 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 607 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 608 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 609 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 610 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 611 fails you may set the desired value here. 612 properties: 613 advertiseAddress: 614 description: AdvertiseAddress sets the IP address 615 for the API server to advertise. 616 type: string 617 bindPort: 618 description: |- 619 BindPort sets the secure port for the API Server to bind to. 620 Defaults to 6443. 621 format: int32 622 type: integer 623 required: 624 - advertiseAddress 625 - bindPort 626 type: object 627 nodeRegistration: 628 description: |- 629 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 630 When used in the context of control plane nodes, NodeRegistration should remain consistent 631 across both InitConfiguration and JoinConfiguration 632 properties: 633 criSocket: 634 description: CRISocket is used to retrieve container 635 runtime info. This information will be annotated 636 to the Node API object, for later re-use 637 type: string 638 kubeletExtraArgs: 639 additionalProperties: 640 type: string 641 description: |- 642 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 643 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 644 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 645 type: object 646 name: 647 description: |- 648 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 649 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 650 Defaults to the hostname of the node if not provided. 651 type: string 652 taints: 653 description: |- 654 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 655 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 656 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 657 items: 658 description: |- 659 The node this Taint is attached to has the "effect" on 660 any pod that does not tolerate the Taint. 661 properties: 662 effect: 663 description: |- 664 Required. The effect of the taint on pods 665 that do not tolerate the taint. 666 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 667 type: string 668 key: 669 description: Required. The taint key to be applied 670 to a node. 671 type: string 672 timeAdded: 673 description: |- 674 TimeAdded represents the time at which the taint was added. 675 It is only written for NoExecute taints. 676 format: date-time 677 type: string 678 value: 679 description: The taint value corresponding to 680 the taint key. 681 type: string 682 required: 683 - effect 684 - key 685 type: object 686 type: array 687 type: object 688 type: object 689 joinConfiguration: 690 description: JoinConfiguration is the kubeadm configuration 691 for the join command 692 properties: 693 apiVersion: 694 description: |- 695 APIVersion defines the versioned schema of this representation of an object. 696 Servers should convert recognized schemas to the latest internal value, and 697 may reject unrecognized values. 698 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 699 type: string 700 caCertPath: 701 description: |- 702 CACertPath is the path to the SSL certificate authority used to 703 secure comunications between node and control-plane. 704 Defaults to "/etc/kubernetes/pki/ca.crt". 705 TODO: revisit when there is defaulting from k/k 706 type: string 707 controlPlane: 708 description: |- 709 ControlPlane defines the additional control plane instance to be deployed on the joining node. 710 If nil, no additional control plane instance will be deployed. 711 properties: 712 localAPIEndpoint: 713 description: LocalAPIEndpoint represents the endpoint 714 of the API server instance to be deployed on this 715 node. 716 properties: 717 advertiseAddress: 718 description: AdvertiseAddress sets the IP address 719 for the API server to advertise. 720 type: string 721 bindPort: 722 description: |- 723 BindPort sets the secure port for the API Server to bind to. 724 Defaults to 6443. 725 format: int32 726 type: integer 727 required: 728 - advertiseAddress 729 - bindPort 730 type: object 731 type: object 732 discovery: 733 description: |- 734 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 735 TODO: revisit when there is defaulting from k/k 736 properties: 737 bootstrapToken: 738 description: |- 739 BootstrapToken is used to set the options for bootstrap token based discovery 740 BootstrapToken and File are mutually exclusive 741 properties: 742 apiServerEndpoint: 743 description: APIServerEndpoint is an IP or domain 744 name to the API server from which info will 745 be fetched. 746 type: string 747 caCertHashes: 748 description: |- 749 CACertHashes specifies a set of public key pins to verify 750 when token-based discovery is used. The root CA found during discovery 751 must match one of these values. Specifying an empty set disables root CA 752 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 753 where the only currently supported type is "sha256". This is a hex-encoded 754 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 755 ASN.1. These hashes can be calculated using, for example, OpenSSL: 756 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 757 items: 758 type: string 759 type: array 760 token: 761 description: |- 762 Token is a token used to validate cluster information 763 fetched from the control-plane. 764 type: string 765 unsafeSkipCAVerification: 766 description: |- 767 UnsafeSkipCAVerification allows token-based discovery 768 without CA verification via CACertHashes. This can weaken 769 the security of kubeadm since other nodes can impersonate the control-plane. 770 type: boolean 771 required: 772 - token 773 - unsafeSkipCAVerification 774 type: object 775 file: 776 description: |- 777 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 778 BootstrapToken and File are mutually exclusive 779 properties: 780 kubeConfigPath: 781 description: KubeConfigPath is used to specify 782 the actual file path or URL to the kubeconfig 783 file from which to load cluster information 784 type: string 785 required: 786 - kubeConfigPath 787 type: object 788 timeout: 789 description: Timeout modifies the discovery timeout 790 type: string 791 tlsBootstrapToken: 792 description: |- 793 TLSBootstrapToken is a token used for TLS bootstrapping. 794 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 795 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 796 TODO: revisit when there is defaulting from k/k 797 type: string 798 type: object 799 kind: 800 description: |- 801 Kind is a string value representing the REST resource this object represents. 802 Servers may infer this from the endpoint the client submits requests to. 803 Cannot be updated. 804 In CamelCase. 805 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 806 type: string 807 nodeRegistration: 808 description: |- 809 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 810 When used in the context of control plane nodes, NodeRegistration should remain consistent 811 across both InitConfiguration and JoinConfiguration 812 properties: 813 criSocket: 814 description: CRISocket is used to retrieve container 815 runtime info. This information will be annotated 816 to the Node API object, for later re-use 817 type: string 818 kubeletExtraArgs: 819 additionalProperties: 820 type: string 821 description: |- 822 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 823 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 824 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 825 type: object 826 name: 827 description: |- 828 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 829 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 830 Defaults to the hostname of the node if not provided. 831 type: string 832 taints: 833 description: |- 834 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 835 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 836 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 837 items: 838 description: |- 839 The node this Taint is attached to has the "effect" on 840 any pod that does not tolerate the Taint. 841 properties: 842 effect: 843 description: |- 844 Required. The effect of the taint on pods 845 that do not tolerate the taint. 846 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 847 type: string 848 key: 849 description: Required. The taint key to be applied 850 to a node. 851 type: string 852 timeAdded: 853 description: |- 854 TimeAdded represents the time at which the taint was added. 855 It is only written for NoExecute taints. 856 format: date-time 857 type: string 858 value: 859 description: The taint value corresponding to 860 the taint key. 861 type: string 862 required: 863 - effect 864 - key 865 type: object 866 type: array 867 type: object 868 type: object 869 mounts: 870 description: Mounts specifies a list of mount points to be 871 setup. 872 items: 873 description: MountPoints defines input for generated mounts 874 in cloud-init. 875 items: 876 type: string 877 type: array 878 type: array 879 ntp: 880 description: NTP specifies NTP configuration 881 properties: 882 enabled: 883 description: Enabled specifies whether NTP should be enabled 884 type: boolean 885 servers: 886 description: Servers specifies which NTP servers to use 887 items: 888 type: string 889 type: array 890 type: object 891 postKubeadmCommands: 892 description: PostKubeadmCommands specifies extra commands 893 to run after kubeadm runs 894 items: 895 type: string 896 type: array 897 preKubeadmCommands: 898 description: PreKubeadmCommands specifies extra commands to 899 run before kubeadm runs 900 items: 901 type: string 902 type: array 903 useExperimentalRetryJoin: 904 description: |- 905 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 906 script with retries for joins. 907 908 909 This is meant to be an experimental temporary workaround on some environments 910 where joins fail due to timing (and other issues). The long term goal is to add retries to 911 kubeadm proper and use that functionality. 912 913 914 This will add about 40KB to userdata 915 916 917 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 918 type: boolean 919 users: 920 description: Users specifies extra users to add 921 items: 922 description: User defines the input for a generated user 923 in cloud-init. 924 properties: 925 gecos: 926 description: Gecos specifies the gecos to use for the 927 user 928 type: string 929 groups: 930 description: Groups specifies the additional groups 931 for the user 932 type: string 933 homeDir: 934 description: HomeDir specifies the home directory to 935 use for the user 936 type: string 937 inactive: 938 description: Inactive specifies whether to mark the 939 user as inactive 940 type: boolean 941 lockPassword: 942 description: LockPassword specifies if password login 943 should be disabled 944 type: boolean 945 name: 946 description: Name specifies the user name 947 type: string 948 passwd: 949 description: Passwd specifies a hashed password for 950 the user 951 type: string 952 primaryGroup: 953 description: PrimaryGroup specifies the primary group 954 for the user 955 type: string 956 shell: 957 description: Shell specifies the user's shell 958 type: string 959 sshAuthorizedKeys: 960 description: SSHAuthorizedKeys specifies a list of ssh 961 authorized keys for the user 962 items: 963 type: string 964 type: array 965 sudo: 966 description: Sudo specifies a sudo role for the user 967 type: string 968 required: 969 - name 970 type: object 971 type: array 972 verbosity: 973 description: |- 974 Verbosity is the number for the kubeadm log level verbosity. 975 It overrides the `--v` flag in kubeadm commands. 976 format: int32 977 type: integer 978 type: object 979 type: object 980 required: 981 - template 982 type: object 983 type: object 984 served: false 985 storage: false 986 - additionalPrinterColumns: 987 - description: Time duration since creation of KubeadmConfigTemplate 988 jsonPath: .metadata.creationTimestamp 989 name: Age 990 type: date 991 deprecated: true 992 name: v1alpha4 993 schema: 994 openAPIV3Schema: 995 description: |- 996 KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API. 997 998 999 Deprecated: This type will be removed in one of the next releases. 1000 properties: 1001 apiVersion: 1002 description: |- 1003 APIVersion defines the versioned schema of this representation of an object. 1004 Servers should convert recognized schemas to the latest internal value, and 1005 may reject unrecognized values. 1006 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1007 type: string 1008 kind: 1009 description: |- 1010 Kind is a string value representing the REST resource this object represents. 1011 Servers may infer this from the endpoint the client submits requests to. 1012 Cannot be updated. 1013 In CamelCase. 1014 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1015 type: string 1016 metadata: 1017 type: object 1018 spec: 1019 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 1020 properties: 1021 template: 1022 description: KubeadmConfigTemplateResource defines the Template structure. 1023 properties: 1024 spec: 1025 description: |- 1026 KubeadmConfigSpec defines the desired state of KubeadmConfig. 1027 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 1028 properties: 1029 clusterConfiguration: 1030 description: ClusterConfiguration along with InitConfiguration 1031 are the configurations necessary for the init command 1032 properties: 1033 apiServer: 1034 description: APIServer contains extra settings for the 1035 API server control plane component 1036 properties: 1037 certSANs: 1038 description: CertSANs sets extra Subject Alternative 1039 Names for the API Server signing cert. 1040 items: 1041 type: string 1042 type: array 1043 extraArgs: 1044 additionalProperties: 1045 type: string 1046 description: |- 1047 ExtraArgs is an extra set of flags to pass to the control plane component. 1048 TODO: This is temporary and ideally we would like to switch all components to 1049 use ComponentConfig + ConfigMaps. 1050 type: object 1051 extraVolumes: 1052 description: ExtraVolumes is an extra set of host 1053 volumes, mounted to the control plane component. 1054 items: 1055 description: |- 1056 HostPathMount contains elements describing volumes that are mounted from the 1057 host. 1058 properties: 1059 hostPath: 1060 description: |- 1061 HostPath is the path in the host that will be mounted inside 1062 the pod. 1063 type: string 1064 mountPath: 1065 description: MountPath is the path inside the 1066 pod where hostPath will be mounted. 1067 type: string 1068 name: 1069 description: Name of the volume inside the pod 1070 template. 1071 type: string 1072 pathType: 1073 description: PathType is the type of the HostPath. 1074 type: string 1075 readOnly: 1076 description: ReadOnly controls write access 1077 to the volume 1078 type: boolean 1079 required: 1080 - hostPath 1081 - mountPath 1082 - name 1083 type: object 1084 type: array 1085 timeoutForControlPlane: 1086 description: TimeoutForControlPlane controls the timeout 1087 that we use for API server to appear 1088 type: string 1089 type: object 1090 apiVersion: 1091 description: |- 1092 APIVersion defines the versioned schema of this representation of an object. 1093 Servers should convert recognized schemas to the latest internal value, and 1094 may reject unrecognized values. 1095 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1096 type: string 1097 certificatesDir: 1098 description: |- 1099 CertificatesDir specifies where to store or look for all required certificates. 1100 NB: if not provided, this will default to `/etc/kubernetes/pki` 1101 type: string 1102 clusterName: 1103 description: The cluster name 1104 type: string 1105 controlPlaneEndpoint: 1106 description: |- 1107 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 1108 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 1109 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 1110 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 1111 the BindPort is used. 1112 Possible usages are: 1113 e.g. In a cluster with more than one control plane instances, this field should be 1114 assigned the address of the external load balancer in front of the 1115 control plane instances. 1116 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 1117 could be used for assigning a stable DNS to the control plane. 1118 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 1119 type: string 1120 controllerManager: 1121 description: ControllerManager contains extra settings 1122 for the controller manager control plane component 1123 properties: 1124 extraArgs: 1125 additionalProperties: 1126 type: string 1127 description: |- 1128 ExtraArgs is an extra set of flags to pass to the control plane component. 1129 TODO: This is temporary and ideally we would like to switch all components to 1130 use ComponentConfig + ConfigMaps. 1131 type: object 1132 extraVolumes: 1133 description: ExtraVolumes is an extra set of host 1134 volumes, mounted to the control plane component. 1135 items: 1136 description: |- 1137 HostPathMount contains elements describing volumes that are mounted from the 1138 host. 1139 properties: 1140 hostPath: 1141 description: |- 1142 HostPath is the path in the host that will be mounted inside 1143 the pod. 1144 type: string 1145 mountPath: 1146 description: MountPath is the path inside the 1147 pod where hostPath will be mounted. 1148 type: string 1149 name: 1150 description: Name of the volume inside the pod 1151 template. 1152 type: string 1153 pathType: 1154 description: PathType is the type of the HostPath. 1155 type: string 1156 readOnly: 1157 description: ReadOnly controls write access 1158 to the volume 1159 type: boolean 1160 required: 1161 - hostPath 1162 - mountPath 1163 - name 1164 type: object 1165 type: array 1166 type: object 1167 dns: 1168 description: DNS defines the options for the DNS add-on 1169 installed in the cluster. 1170 properties: 1171 imageRepository: 1172 description: |- 1173 ImageRepository sets the container registry to pull images from. 1174 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1175 type: string 1176 imageTag: 1177 description: |- 1178 ImageTag allows to specify a tag for the image. 1179 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1180 type: string 1181 type: object 1182 etcd: 1183 description: |- 1184 Etcd holds configuration for etcd. 1185 NB: This value defaults to a Local (stacked) etcd 1186 properties: 1187 external: 1188 description: |- 1189 External describes how to connect to an external etcd cluster 1190 Local and External are mutually exclusive 1191 properties: 1192 caFile: 1193 description: |- 1194 CAFile is an SSL Certificate Authority file used to secure etcd communication. 1195 Required if using a TLS connection. 1196 type: string 1197 certFile: 1198 description: |- 1199 CertFile is an SSL certification file used to secure etcd communication. 1200 Required if using a TLS connection. 1201 type: string 1202 endpoints: 1203 description: Endpoints of etcd members. Required 1204 for ExternalEtcd. 1205 items: 1206 type: string 1207 type: array 1208 keyFile: 1209 description: |- 1210 KeyFile is an SSL key file used to secure etcd communication. 1211 Required if using a TLS connection. 1212 type: string 1213 required: 1214 - caFile 1215 - certFile 1216 - endpoints 1217 - keyFile 1218 type: object 1219 local: 1220 description: |- 1221 Local provides configuration knobs for configuring the local etcd instance 1222 Local and External are mutually exclusive 1223 properties: 1224 dataDir: 1225 description: |- 1226 DataDir is the directory etcd will place its data. 1227 Defaults to "/var/lib/etcd". 1228 type: string 1229 extraArgs: 1230 additionalProperties: 1231 type: string 1232 description: |- 1233 ExtraArgs are extra arguments provided to the etcd binary 1234 when run inside a static pod. 1235 type: object 1236 imageRepository: 1237 description: |- 1238 ImageRepository sets the container registry to pull images from. 1239 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1240 type: string 1241 imageTag: 1242 description: |- 1243 ImageTag allows to specify a tag for the image. 1244 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1245 type: string 1246 peerCertSANs: 1247 description: PeerCertSANs sets extra Subject Alternative 1248 Names for the etcd peer signing cert. 1249 items: 1250 type: string 1251 type: array 1252 serverCertSANs: 1253 description: ServerCertSANs sets extra Subject 1254 Alternative Names for the etcd server signing 1255 cert. 1256 items: 1257 type: string 1258 type: array 1259 type: object 1260 type: object 1261 featureGates: 1262 additionalProperties: 1263 type: boolean 1264 description: FeatureGates enabled by the user. 1265 type: object 1266 imageRepository: 1267 description: |- 1268 ImageRepository sets the container registry to pull images from. 1269 If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 1270 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` 1271 will be used for all the other images. 1272 type: string 1273 kind: 1274 description: |- 1275 Kind is a string value representing the REST resource this object represents. 1276 Servers may infer this from the endpoint the client submits requests to. 1277 Cannot be updated. 1278 In CamelCase. 1279 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1280 type: string 1281 kubernetesVersion: 1282 description: |- 1283 KubernetesVersion is the target version of the control plane. 1284 NB: This value defaults to the Machine object spec.version 1285 type: string 1286 networking: 1287 description: |- 1288 Networking holds configuration for the networking topology of the cluster. 1289 NB: This value defaults to the Cluster object spec.clusterNetwork. 1290 properties: 1291 dnsDomain: 1292 description: DNSDomain is the dns domain used by k8s 1293 services. Defaults to "cluster.local". 1294 type: string 1295 podSubnet: 1296 description: |- 1297 PodSubnet is the subnet used by pods. 1298 If unset, the API server will not allocate CIDR ranges for every node. 1299 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 1300 type: string 1301 serviceSubnet: 1302 description: |- 1303 ServiceSubnet is the subnet used by k8s services. 1304 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 1305 to "10.96.0.0/12" if that's unset. 1306 type: string 1307 type: object 1308 scheduler: 1309 description: Scheduler contains extra settings for the 1310 scheduler control plane component 1311 properties: 1312 extraArgs: 1313 additionalProperties: 1314 type: string 1315 description: |- 1316 ExtraArgs is an extra set of flags to pass to the control plane component. 1317 TODO: This is temporary and ideally we would like to switch all components to 1318 use ComponentConfig + ConfigMaps. 1319 type: object 1320 extraVolumes: 1321 description: ExtraVolumes is an extra set of host 1322 volumes, mounted to the control plane component. 1323 items: 1324 description: |- 1325 HostPathMount contains elements describing volumes that are mounted from the 1326 host. 1327 properties: 1328 hostPath: 1329 description: |- 1330 HostPath is the path in the host that will be mounted inside 1331 the pod. 1332 type: string 1333 mountPath: 1334 description: MountPath is the path inside the 1335 pod where hostPath will be mounted. 1336 type: string 1337 name: 1338 description: Name of the volume inside the pod 1339 template. 1340 type: string 1341 pathType: 1342 description: PathType is the type of the HostPath. 1343 type: string 1344 readOnly: 1345 description: ReadOnly controls write access 1346 to the volume 1347 type: boolean 1348 required: 1349 - hostPath 1350 - mountPath 1351 - name 1352 type: object 1353 type: array 1354 type: object 1355 type: object 1356 diskSetup: 1357 description: DiskSetup specifies options for the creation 1358 of partition tables and file systems on devices. 1359 properties: 1360 filesystems: 1361 description: Filesystems specifies the list of file systems 1362 to setup. 1363 items: 1364 description: Filesystem defines the file systems to 1365 be created. 1366 properties: 1367 device: 1368 description: Device specifies the device name 1369 type: string 1370 extraOpts: 1371 description: ExtraOpts defined extra options to 1372 add to the command for creating the file system. 1373 items: 1374 type: string 1375 type: array 1376 filesystem: 1377 description: Filesystem specifies the file system 1378 type. 1379 type: string 1380 label: 1381 description: Label specifies the file system label 1382 to be used. If set to None, no label is used. 1383 type: string 1384 overwrite: 1385 description: |- 1386 Overwrite defines whether or not to overwrite any existing filesystem. 1387 If true, any pre-existing file system will be destroyed. Use with Caution. 1388 type: boolean 1389 partition: 1390 description: 'Partition specifies the partition 1391 to use. The valid options are: "auto|any", "auto", 1392 "any", "none", and <NUM>, where NUM is the actual 1393 partition number.' 1394 type: string 1395 replaceFS: 1396 description: |- 1397 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 1398 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 1399 type: string 1400 required: 1401 - device 1402 - filesystem 1403 - label 1404 type: object 1405 type: array 1406 partitions: 1407 description: Partitions specifies the list of the partitions 1408 to setup. 1409 items: 1410 description: Partition defines how to create and layout 1411 a partition. 1412 properties: 1413 device: 1414 description: Device is the name of the device. 1415 type: string 1416 layout: 1417 description: |- 1418 Layout specifies the device layout. 1419 If it is true, a single partition will be created for the entire device. 1420 When layout is false, it means don't partition or ignore existing partitioning. 1421 type: boolean 1422 overwrite: 1423 description: |- 1424 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 1425 Use with caution. Default is 'false'. 1426 type: boolean 1427 tableType: 1428 description: |- 1429 TableType specifies the tupe of partition table. The following are supported: 1430 'mbr': default and setups a MS-DOS partition table 1431 'gpt': setups a GPT partition table 1432 type: string 1433 required: 1434 - device 1435 - layout 1436 type: object 1437 type: array 1438 type: object 1439 files: 1440 description: Files specifies extra files to be passed to user_data 1441 upon creation. 1442 items: 1443 description: File defines the input for generating write_files 1444 in cloud-init. 1445 properties: 1446 content: 1447 description: Content is the actual content of the file. 1448 type: string 1449 contentFrom: 1450 description: ContentFrom is a referenced source of content 1451 to populate the file. 1452 properties: 1453 secret: 1454 description: Secret represents a secret that should 1455 populate this file. 1456 properties: 1457 key: 1458 description: Key is the key in the secret's 1459 data map for this value. 1460 type: string 1461 name: 1462 description: Name of the secret in the KubeadmBootstrapConfig's 1463 namespace to use. 1464 type: string 1465 required: 1466 - key 1467 - name 1468 type: object 1469 required: 1470 - secret 1471 type: object 1472 encoding: 1473 description: Encoding specifies the encoding of the 1474 file contents. 1475 enum: 1476 - base64 1477 - gzip 1478 - gzip+base64 1479 type: string 1480 owner: 1481 description: Owner specifies the ownership of the file, 1482 e.g. "root:root". 1483 type: string 1484 path: 1485 description: Path specifies the full path on disk where 1486 to store the file. 1487 type: string 1488 permissions: 1489 description: Permissions specifies the permissions to 1490 assign to the file, e.g. "0640". 1491 type: string 1492 required: 1493 - path 1494 type: object 1495 type: array 1496 format: 1497 description: Format specifies the output format of the bootstrap 1498 data 1499 enum: 1500 - cloud-config 1501 type: string 1502 initConfiguration: 1503 description: InitConfiguration along with ClusterConfiguration 1504 are the configurations necessary for the init command 1505 properties: 1506 apiVersion: 1507 description: |- 1508 APIVersion defines the versioned schema of this representation of an object. 1509 Servers should convert recognized schemas to the latest internal value, and 1510 may reject unrecognized values. 1511 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1512 type: string 1513 bootstrapTokens: 1514 description: |- 1515 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 1516 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 1517 items: 1518 description: BootstrapToken describes one bootstrap 1519 token, stored as a Secret in the cluster. 1520 properties: 1521 description: 1522 description: |- 1523 Description sets a human-friendly message why this token exists and what it's used 1524 for, so other administrators can know its purpose. 1525 type: string 1526 expires: 1527 description: |- 1528 Expires specifies the timestamp when this token expires. Defaults to being set 1529 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 1530 format: date-time 1531 type: string 1532 groups: 1533 description: |- 1534 Groups specifies the extra groups that this token will authenticate as when/if 1535 used for authentication 1536 items: 1537 type: string 1538 type: array 1539 token: 1540 description: |- 1541 Token is used for establishing bidirectional trust between nodes and control-planes. 1542 Used for joining nodes in the cluster. 1543 type: string 1544 ttl: 1545 description: |- 1546 TTL defines the time to live for this token. Defaults to 24h. 1547 Expires and TTL are mutually exclusive. 1548 type: string 1549 usages: 1550 description: |- 1551 Usages describes the ways in which this token can be used. Can by default be used 1552 for establishing bidirectional trust, but that can be changed here. 1553 items: 1554 type: string 1555 type: array 1556 required: 1557 - token 1558 type: object 1559 type: array 1560 kind: 1561 description: |- 1562 Kind is a string value representing the REST resource this object represents. 1563 Servers may infer this from the endpoint the client submits requests to. 1564 Cannot be updated. 1565 In CamelCase. 1566 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1567 type: string 1568 localAPIEndpoint: 1569 description: |- 1570 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 1571 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 1572 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 1573 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 1574 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 1575 fails you may set the desired value here. 1576 properties: 1577 advertiseAddress: 1578 description: AdvertiseAddress sets the IP address 1579 for the API server to advertise. 1580 type: string 1581 bindPort: 1582 description: |- 1583 BindPort sets the secure port for the API Server to bind to. 1584 Defaults to 6443. 1585 format: int32 1586 type: integer 1587 type: object 1588 nodeRegistration: 1589 description: |- 1590 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 1591 When used in the context of control plane nodes, NodeRegistration should remain consistent 1592 across both InitConfiguration and JoinConfiguration 1593 properties: 1594 criSocket: 1595 description: CRISocket is used to retrieve container 1596 runtime info. This information will be annotated 1597 to the Node API object, for later re-use 1598 type: string 1599 ignorePreflightErrors: 1600 description: IgnorePreflightErrors provides a slice 1601 of pre-flight errors to be ignored when the current 1602 node is registered. 1603 items: 1604 type: string 1605 type: array 1606 kubeletExtraArgs: 1607 additionalProperties: 1608 type: string 1609 description: |- 1610 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 1611 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 1612 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 1613 type: object 1614 name: 1615 description: |- 1616 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 1617 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 1618 Defaults to the hostname of the node if not provided. 1619 type: string 1620 taints: 1621 description: |- 1622 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 1623 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 1624 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 1625 items: 1626 description: |- 1627 The node this Taint is attached to has the "effect" on 1628 any pod that does not tolerate the Taint. 1629 properties: 1630 effect: 1631 description: |- 1632 Required. The effect of the taint on pods 1633 that do not tolerate the taint. 1634 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 1635 type: string 1636 key: 1637 description: Required. The taint key to be applied 1638 to a node. 1639 type: string 1640 timeAdded: 1641 description: |- 1642 TimeAdded represents the time at which the taint was added. 1643 It is only written for NoExecute taints. 1644 format: date-time 1645 type: string 1646 value: 1647 description: The taint value corresponding to 1648 the taint key. 1649 type: string 1650 required: 1651 - effect 1652 - key 1653 type: object 1654 type: array 1655 type: object 1656 type: object 1657 joinConfiguration: 1658 description: JoinConfiguration is the kubeadm configuration 1659 for the join command 1660 properties: 1661 apiVersion: 1662 description: |- 1663 APIVersion defines the versioned schema of this representation of an object. 1664 Servers should convert recognized schemas to the latest internal value, and 1665 may reject unrecognized values. 1666 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1667 type: string 1668 caCertPath: 1669 description: |- 1670 CACertPath is the path to the SSL certificate authority used to 1671 secure comunications between node and control-plane. 1672 Defaults to "/etc/kubernetes/pki/ca.crt". 1673 TODO: revisit when there is defaulting from k/k 1674 type: string 1675 controlPlane: 1676 description: |- 1677 ControlPlane defines the additional control plane instance to be deployed on the joining node. 1678 If nil, no additional control plane instance will be deployed. 1679 properties: 1680 localAPIEndpoint: 1681 description: LocalAPIEndpoint represents the endpoint 1682 of the API server instance to be deployed on this 1683 node. 1684 properties: 1685 advertiseAddress: 1686 description: AdvertiseAddress sets the IP address 1687 for the API server to advertise. 1688 type: string 1689 bindPort: 1690 description: |- 1691 BindPort sets the secure port for the API Server to bind to. 1692 Defaults to 6443. 1693 format: int32 1694 type: integer 1695 type: object 1696 type: object 1697 discovery: 1698 description: |- 1699 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 1700 TODO: revisit when there is defaulting from k/k 1701 properties: 1702 bootstrapToken: 1703 description: |- 1704 BootstrapToken is used to set the options for bootstrap token based discovery 1705 BootstrapToken and File are mutually exclusive 1706 properties: 1707 apiServerEndpoint: 1708 description: APIServerEndpoint is an IP or domain 1709 name to the API server from which info will 1710 be fetched. 1711 type: string 1712 caCertHashes: 1713 description: |- 1714 CACertHashes specifies a set of public key pins to verify 1715 when token-based discovery is used. The root CA found during discovery 1716 must match one of these values. Specifying an empty set disables root CA 1717 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 1718 where the only currently supported type is "sha256". This is a hex-encoded 1719 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 1720 ASN.1. These hashes can be calculated using, for example, OpenSSL: 1721 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 1722 items: 1723 type: string 1724 type: array 1725 token: 1726 description: |- 1727 Token is a token used to validate cluster information 1728 fetched from the control-plane. 1729 type: string 1730 unsafeSkipCAVerification: 1731 description: |- 1732 UnsafeSkipCAVerification allows token-based discovery 1733 without CA verification via CACertHashes. This can weaken 1734 the security of kubeadm since other nodes can impersonate the control-plane. 1735 type: boolean 1736 required: 1737 - token 1738 type: object 1739 file: 1740 description: |- 1741 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 1742 BootstrapToken and File are mutually exclusive 1743 properties: 1744 kubeConfigPath: 1745 description: KubeConfigPath is used to specify 1746 the actual file path or URL to the kubeconfig 1747 file from which to load cluster information 1748 type: string 1749 required: 1750 - kubeConfigPath 1751 type: object 1752 timeout: 1753 description: Timeout modifies the discovery timeout 1754 type: string 1755 tlsBootstrapToken: 1756 description: |- 1757 TLSBootstrapToken is a token used for TLS bootstrapping. 1758 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 1759 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 1760 type: string 1761 type: object 1762 kind: 1763 description: |- 1764 Kind is a string value representing the REST resource this object represents. 1765 Servers may infer this from the endpoint the client submits requests to. 1766 Cannot be updated. 1767 In CamelCase. 1768 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1769 type: string 1770 nodeRegistration: 1771 description: |- 1772 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 1773 When used in the context of control plane nodes, NodeRegistration should remain consistent 1774 across both InitConfiguration and JoinConfiguration 1775 properties: 1776 criSocket: 1777 description: CRISocket is used to retrieve container 1778 runtime info. This information will be annotated 1779 to the Node API object, for later re-use 1780 type: string 1781 ignorePreflightErrors: 1782 description: IgnorePreflightErrors provides a slice 1783 of pre-flight errors to be ignored when the current 1784 node is registered. 1785 items: 1786 type: string 1787 type: array 1788 kubeletExtraArgs: 1789 additionalProperties: 1790 type: string 1791 description: |- 1792 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 1793 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 1794 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 1795 type: object 1796 name: 1797 description: |- 1798 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 1799 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 1800 Defaults to the hostname of the node if not provided. 1801 type: string 1802 taints: 1803 description: |- 1804 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 1805 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 1806 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 1807 items: 1808 description: |- 1809 The node this Taint is attached to has the "effect" on 1810 any pod that does not tolerate the Taint. 1811 properties: 1812 effect: 1813 description: |- 1814 Required. The effect of the taint on pods 1815 that do not tolerate the taint. 1816 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 1817 type: string 1818 key: 1819 description: Required. The taint key to be applied 1820 to a node. 1821 type: string 1822 timeAdded: 1823 description: |- 1824 TimeAdded represents the time at which the taint was added. 1825 It is only written for NoExecute taints. 1826 format: date-time 1827 type: string 1828 value: 1829 description: The taint value corresponding to 1830 the taint key. 1831 type: string 1832 required: 1833 - effect 1834 - key 1835 type: object 1836 type: array 1837 type: object 1838 type: object 1839 mounts: 1840 description: Mounts specifies a list of mount points to be 1841 setup. 1842 items: 1843 description: MountPoints defines input for generated mounts 1844 in cloud-init. 1845 items: 1846 type: string 1847 type: array 1848 type: array 1849 ntp: 1850 description: NTP specifies NTP configuration 1851 properties: 1852 enabled: 1853 description: Enabled specifies whether NTP should be enabled 1854 type: boolean 1855 servers: 1856 description: Servers specifies which NTP servers to use 1857 items: 1858 type: string 1859 type: array 1860 type: object 1861 postKubeadmCommands: 1862 description: PostKubeadmCommands specifies extra commands 1863 to run after kubeadm runs 1864 items: 1865 type: string 1866 type: array 1867 preKubeadmCommands: 1868 description: PreKubeadmCommands specifies extra commands to 1869 run before kubeadm runs 1870 items: 1871 type: string 1872 type: array 1873 useExperimentalRetryJoin: 1874 description: |- 1875 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 1876 script with retries for joins. 1877 1878 1879 This is meant to be an experimental temporary workaround on some environments 1880 where joins fail due to timing (and other issues). The long term goal is to add retries to 1881 kubeadm proper and use that functionality. 1882 1883 1884 This will add about 40KB to userdata 1885 1886 1887 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 1888 type: boolean 1889 users: 1890 description: Users specifies extra users to add 1891 items: 1892 description: User defines the input for a generated user 1893 in cloud-init. 1894 properties: 1895 gecos: 1896 description: Gecos specifies the gecos to use for the 1897 user 1898 type: string 1899 groups: 1900 description: Groups specifies the additional groups 1901 for the user 1902 type: string 1903 homeDir: 1904 description: HomeDir specifies the home directory to 1905 use for the user 1906 type: string 1907 inactive: 1908 description: Inactive specifies whether to mark the 1909 user as inactive 1910 type: boolean 1911 lockPassword: 1912 description: LockPassword specifies if password login 1913 should be disabled 1914 type: boolean 1915 name: 1916 description: Name specifies the user name 1917 type: string 1918 passwd: 1919 description: Passwd specifies a hashed password for 1920 the user 1921 type: string 1922 primaryGroup: 1923 description: PrimaryGroup specifies the primary group 1924 for the user 1925 type: string 1926 shell: 1927 description: Shell specifies the user's shell 1928 type: string 1929 sshAuthorizedKeys: 1930 description: SSHAuthorizedKeys specifies a list of ssh 1931 authorized keys for the user 1932 items: 1933 type: string 1934 type: array 1935 sudo: 1936 description: Sudo specifies a sudo role for the user 1937 type: string 1938 required: 1939 - name 1940 type: object 1941 type: array 1942 verbosity: 1943 description: |- 1944 Verbosity is the number for the kubeadm log level verbosity. 1945 It overrides the `--v` flag in kubeadm commands. 1946 format: int32 1947 type: integer 1948 type: object 1949 type: object 1950 required: 1951 - template 1952 type: object 1953 type: object 1954 served: false 1955 storage: false 1956 subresources: {} 1957 - additionalPrinterColumns: 1958 - description: Time duration since creation of KubeadmConfigTemplate 1959 jsonPath: .metadata.creationTimestamp 1960 name: Age 1961 type: date 1962 name: v1beta1 1963 schema: 1964 openAPIV3Schema: 1965 description: KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates 1966 API. 1967 properties: 1968 apiVersion: 1969 description: |- 1970 APIVersion defines the versioned schema of this representation of an object. 1971 Servers should convert recognized schemas to the latest internal value, and 1972 may reject unrecognized values. 1973 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1974 type: string 1975 kind: 1976 description: |- 1977 Kind is a string value representing the REST resource this object represents. 1978 Servers may infer this from the endpoint the client submits requests to. 1979 Cannot be updated. 1980 In CamelCase. 1981 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1982 type: string 1983 metadata: 1984 type: object 1985 spec: 1986 description: KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate. 1987 properties: 1988 template: 1989 description: KubeadmConfigTemplateResource defines the Template structure. 1990 properties: 1991 metadata: 1992 description: |- 1993 Standard object's metadata. 1994 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1995 properties: 1996 annotations: 1997 additionalProperties: 1998 type: string 1999 description: |- 2000 Annotations is an unstructured key value map stored with a resource that may be 2001 set by external tools to store and retrieve arbitrary metadata. They are not 2002 queryable and should be preserved when modifying objects. 2003 More info: http://kubernetes.io/docs/user-guide/annotations 2004 type: object 2005 labels: 2006 additionalProperties: 2007 type: string 2008 description: |- 2009 Map of string keys and values that can be used to organize and categorize 2010 (scope and select) objects. May match selectors of replication controllers 2011 and services. 2012 More info: http://kubernetes.io/docs/user-guide/labels 2013 type: object 2014 type: object 2015 spec: 2016 description: |- 2017 KubeadmConfigSpec defines the desired state of KubeadmConfig. 2018 Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined. 2019 properties: 2020 clusterConfiguration: 2021 description: ClusterConfiguration along with InitConfiguration 2022 are the configurations necessary for the init command 2023 properties: 2024 apiServer: 2025 description: APIServer contains extra settings for the 2026 API server control plane component 2027 properties: 2028 certSANs: 2029 description: CertSANs sets extra Subject Alternative 2030 Names for the API Server signing cert. 2031 items: 2032 type: string 2033 type: array 2034 extraArgs: 2035 additionalProperties: 2036 type: string 2037 description: |- 2038 ExtraArgs is an extra set of flags to pass to the control plane component. 2039 TODO: This is temporary and ideally we would like to switch all components to 2040 use ComponentConfig + ConfigMaps. 2041 type: object 2042 extraVolumes: 2043 description: ExtraVolumes is an extra set of host 2044 volumes, mounted to the control plane component. 2045 items: 2046 description: |- 2047 HostPathMount contains elements describing volumes that are mounted from the 2048 host. 2049 properties: 2050 hostPath: 2051 description: |- 2052 HostPath is the path in the host that will be mounted inside 2053 the pod. 2054 type: string 2055 mountPath: 2056 description: MountPath is the path inside the 2057 pod where hostPath will be mounted. 2058 type: string 2059 name: 2060 description: Name of the volume inside the pod 2061 template. 2062 type: string 2063 pathType: 2064 description: PathType is the type of the HostPath. 2065 type: string 2066 readOnly: 2067 description: ReadOnly controls write access 2068 to the volume 2069 type: boolean 2070 required: 2071 - hostPath 2072 - mountPath 2073 - name 2074 type: object 2075 type: array 2076 timeoutForControlPlane: 2077 description: TimeoutForControlPlane controls the timeout 2078 that we use for API server to appear 2079 type: string 2080 type: object 2081 apiVersion: 2082 description: |- 2083 APIVersion defines the versioned schema of this representation of an object. 2084 Servers should convert recognized schemas to the latest internal value, and 2085 may reject unrecognized values. 2086 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2087 type: string 2088 certificatesDir: 2089 description: |- 2090 CertificatesDir specifies where to store or look for all required certificates. 2091 NB: if not provided, this will default to `/etc/kubernetes/pki` 2092 type: string 2093 clusterName: 2094 description: The cluster name 2095 type: string 2096 controlPlaneEndpoint: 2097 description: |- 2098 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 2099 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 2100 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 2101 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 2102 the BindPort is used. 2103 Possible usages are: 2104 e.g. In a cluster with more than one control plane instances, this field should be 2105 assigned the address of the external load balancer in front of the 2106 control plane instances. 2107 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 2108 could be used for assigning a stable DNS to the control plane. 2109 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 2110 type: string 2111 controllerManager: 2112 description: ControllerManager contains extra settings 2113 for the controller manager control plane component 2114 properties: 2115 extraArgs: 2116 additionalProperties: 2117 type: string 2118 description: |- 2119 ExtraArgs is an extra set of flags to pass to the control plane component. 2120 TODO: This is temporary and ideally we would like to switch all components to 2121 use ComponentConfig + ConfigMaps. 2122 type: object 2123 extraVolumes: 2124 description: ExtraVolumes is an extra set of host 2125 volumes, mounted to the control plane component. 2126 items: 2127 description: |- 2128 HostPathMount contains elements describing volumes that are mounted from the 2129 host. 2130 properties: 2131 hostPath: 2132 description: |- 2133 HostPath is the path in the host that will be mounted inside 2134 the pod. 2135 type: string 2136 mountPath: 2137 description: MountPath is the path inside the 2138 pod where hostPath will be mounted. 2139 type: string 2140 name: 2141 description: Name of the volume inside the pod 2142 template. 2143 type: string 2144 pathType: 2145 description: PathType is the type of the HostPath. 2146 type: string 2147 readOnly: 2148 description: ReadOnly controls write access 2149 to the volume 2150 type: boolean 2151 required: 2152 - hostPath 2153 - mountPath 2154 - name 2155 type: object 2156 type: array 2157 type: object 2158 dns: 2159 description: DNS defines the options for the DNS add-on 2160 installed in the cluster. 2161 properties: 2162 imageRepository: 2163 description: |- 2164 ImageRepository sets the container registry to pull images from. 2165 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 2166 type: string 2167 imageTag: 2168 description: |- 2169 ImageTag allows to specify a tag for the image. 2170 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 2171 type: string 2172 type: object 2173 etcd: 2174 description: |- 2175 Etcd holds configuration for etcd. 2176 NB: This value defaults to a Local (stacked) etcd 2177 properties: 2178 external: 2179 description: |- 2180 External describes how to connect to an external etcd cluster 2181 Local and External are mutually exclusive 2182 properties: 2183 caFile: 2184 description: |- 2185 CAFile is an SSL Certificate Authority file used to secure etcd communication. 2186 Required if using a TLS connection. 2187 type: string 2188 certFile: 2189 description: |- 2190 CertFile is an SSL certification file used to secure etcd communication. 2191 Required if using a TLS connection. 2192 type: string 2193 endpoints: 2194 description: Endpoints of etcd members. Required 2195 for ExternalEtcd. 2196 items: 2197 type: string 2198 type: array 2199 keyFile: 2200 description: |- 2201 KeyFile is an SSL key file used to secure etcd communication. 2202 Required if using a TLS connection. 2203 type: string 2204 required: 2205 - caFile 2206 - certFile 2207 - endpoints 2208 - keyFile 2209 type: object 2210 local: 2211 description: |- 2212 Local provides configuration knobs for configuring the local etcd instance 2213 Local and External are mutually exclusive 2214 properties: 2215 dataDir: 2216 description: |- 2217 DataDir is the directory etcd will place its data. 2218 Defaults to "/var/lib/etcd". 2219 type: string 2220 extraArgs: 2221 additionalProperties: 2222 type: string 2223 description: |- 2224 ExtraArgs are extra arguments provided to the etcd binary 2225 when run inside a static pod. 2226 type: object 2227 imageRepository: 2228 description: |- 2229 ImageRepository sets the container registry to pull images from. 2230 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 2231 type: string 2232 imageTag: 2233 description: |- 2234 ImageTag allows to specify a tag for the image. 2235 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 2236 type: string 2237 peerCertSANs: 2238 description: PeerCertSANs sets extra Subject Alternative 2239 Names for the etcd peer signing cert. 2240 items: 2241 type: string 2242 type: array 2243 serverCertSANs: 2244 description: ServerCertSANs sets extra Subject 2245 Alternative Names for the etcd server signing 2246 cert. 2247 items: 2248 type: string 2249 type: array 2250 type: object 2251 type: object 2252 featureGates: 2253 additionalProperties: 2254 type: boolean 2255 description: FeatureGates enabled by the user. 2256 type: object 2257 imageRepository: 2258 description: |- 2259 ImageRepository sets the container registry to pull images from. 2260 * If not set, the default registry of kubeadm will be used, i.e. 2261 * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 2262 * k8s.gcr.io (old registry): all older versions 2263 Please note that when imageRepository is not set we don't allow upgrades to 2264 versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use 2265 a newer patch version with the new registry instead (i.e. >= v1.22.17, 2266 >= v1.23.15, >= v1.24.9, >= v1.25.0). 2267 * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 2268 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components 2269 and for kube-proxy, while `registry.k8s.io` will be used for all the other images. 2270 type: string 2271 kind: 2272 description: |- 2273 Kind is a string value representing the REST resource this object represents. 2274 Servers may infer this from the endpoint the client submits requests to. 2275 Cannot be updated. 2276 In CamelCase. 2277 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2278 type: string 2279 kubernetesVersion: 2280 description: |- 2281 KubernetesVersion is the target version of the control plane. 2282 NB: This value defaults to the Machine object spec.version 2283 type: string 2284 networking: 2285 description: |- 2286 Networking holds configuration for the networking topology of the cluster. 2287 NB: This value defaults to the Cluster object spec.clusterNetwork. 2288 properties: 2289 dnsDomain: 2290 description: DNSDomain is the dns domain used by k8s 2291 services. Defaults to "cluster.local". 2292 type: string 2293 podSubnet: 2294 description: |- 2295 PodSubnet is the subnet used by pods. 2296 If unset, the API server will not allocate CIDR ranges for every node. 2297 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 2298 type: string 2299 serviceSubnet: 2300 description: |- 2301 ServiceSubnet is the subnet used by k8s services. 2302 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 2303 to "10.96.0.0/12" if that's unset. 2304 type: string 2305 type: object 2306 scheduler: 2307 description: Scheduler contains extra settings for the 2308 scheduler control plane component 2309 properties: 2310 extraArgs: 2311 additionalProperties: 2312 type: string 2313 description: |- 2314 ExtraArgs is an extra set of flags to pass to the control plane component. 2315 TODO: This is temporary and ideally we would like to switch all components to 2316 use ComponentConfig + ConfigMaps. 2317 type: object 2318 extraVolumes: 2319 description: ExtraVolumes is an extra set of host 2320 volumes, mounted to the control plane component. 2321 items: 2322 description: |- 2323 HostPathMount contains elements describing volumes that are mounted from the 2324 host. 2325 properties: 2326 hostPath: 2327 description: |- 2328 HostPath is the path in the host that will be mounted inside 2329 the pod. 2330 type: string 2331 mountPath: 2332 description: MountPath is the path inside the 2333 pod where hostPath will be mounted. 2334 type: string 2335 name: 2336 description: Name of the volume inside the pod 2337 template. 2338 type: string 2339 pathType: 2340 description: PathType is the type of the HostPath. 2341 type: string 2342 readOnly: 2343 description: ReadOnly controls write access 2344 to the volume 2345 type: boolean 2346 required: 2347 - hostPath 2348 - mountPath 2349 - name 2350 type: object 2351 type: array 2352 type: object 2353 type: object 2354 diskSetup: 2355 description: DiskSetup specifies options for the creation 2356 of partition tables and file systems on devices. 2357 properties: 2358 filesystems: 2359 description: Filesystems specifies the list of file systems 2360 to setup. 2361 items: 2362 description: Filesystem defines the file systems to 2363 be created. 2364 properties: 2365 device: 2366 description: Device specifies the device name 2367 type: string 2368 extraOpts: 2369 description: ExtraOpts defined extra options to 2370 add to the command for creating the file system. 2371 items: 2372 type: string 2373 type: array 2374 filesystem: 2375 description: Filesystem specifies the file system 2376 type. 2377 type: string 2378 label: 2379 description: Label specifies the file system label 2380 to be used. If set to None, no label is used. 2381 type: string 2382 overwrite: 2383 description: |- 2384 Overwrite defines whether or not to overwrite any existing filesystem. 2385 If true, any pre-existing file system will be destroyed. Use with Caution. 2386 type: boolean 2387 partition: 2388 description: 'Partition specifies the partition 2389 to use. The valid options are: "auto|any", "auto", 2390 "any", "none", and <NUM>, where NUM is the actual 2391 partition number.' 2392 type: string 2393 replaceFS: 2394 description: |- 2395 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 2396 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 2397 type: string 2398 required: 2399 - device 2400 - filesystem 2401 - label 2402 type: object 2403 type: array 2404 partitions: 2405 description: Partitions specifies the list of the partitions 2406 to setup. 2407 items: 2408 description: Partition defines how to create and layout 2409 a partition. 2410 properties: 2411 device: 2412 description: Device is the name of the device. 2413 type: string 2414 layout: 2415 description: |- 2416 Layout specifies the device layout. 2417 If it is true, a single partition will be created for the entire device. 2418 When layout is false, it means don't partition or ignore existing partitioning. 2419 type: boolean 2420 overwrite: 2421 description: |- 2422 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 2423 Use with caution. Default is 'false'. 2424 type: boolean 2425 tableType: 2426 description: |- 2427 TableType specifies the tupe of partition table. The following are supported: 2428 'mbr': default and setups a MS-DOS partition table 2429 'gpt': setups a GPT partition table 2430 type: string 2431 required: 2432 - device 2433 - layout 2434 type: object 2435 type: array 2436 type: object 2437 files: 2438 description: Files specifies extra files to be passed to user_data 2439 upon creation. 2440 items: 2441 description: File defines the input for generating write_files 2442 in cloud-init. 2443 properties: 2444 append: 2445 description: Append specifies whether to append Content 2446 to existing file if Path exists. 2447 type: boolean 2448 content: 2449 description: Content is the actual content of the file. 2450 type: string 2451 contentFrom: 2452 description: ContentFrom is a referenced source of content 2453 to populate the file. 2454 properties: 2455 secret: 2456 description: Secret represents a secret that should 2457 populate this file. 2458 properties: 2459 key: 2460 description: Key is the key in the secret's 2461 data map for this value. 2462 type: string 2463 name: 2464 description: Name of the secret in the KubeadmBootstrapConfig's 2465 namespace to use. 2466 type: string 2467 required: 2468 - key 2469 - name 2470 type: object 2471 required: 2472 - secret 2473 type: object 2474 encoding: 2475 description: Encoding specifies the encoding of the 2476 file contents. 2477 enum: 2478 - base64 2479 - gzip 2480 - gzip+base64 2481 type: string 2482 owner: 2483 description: Owner specifies the ownership of the file, 2484 e.g. "root:root". 2485 type: string 2486 path: 2487 description: Path specifies the full path on disk where 2488 to store the file. 2489 type: string 2490 permissions: 2491 description: Permissions specifies the permissions to 2492 assign to the file, e.g. "0640". 2493 type: string 2494 required: 2495 - path 2496 type: object 2497 type: array 2498 format: 2499 description: Format specifies the output format of the bootstrap 2500 data 2501 enum: 2502 - cloud-config 2503 - ignition 2504 type: string 2505 ignition: 2506 description: Ignition contains Ignition specific configuration. 2507 properties: 2508 containerLinuxConfig: 2509 description: ContainerLinuxConfig contains CLC specific 2510 configuration. 2511 properties: 2512 additionalConfig: 2513 description: |- 2514 AdditionalConfig contains additional configuration to be merged with the Ignition 2515 configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 2516 2517 2518 The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ 2519 type: string 2520 strict: 2521 description: Strict controls if AdditionalConfig should 2522 be strictly parsed. If so, warnings are treated 2523 as errors. 2524 type: boolean 2525 type: object 2526 type: object 2527 initConfiguration: 2528 description: InitConfiguration along with ClusterConfiguration 2529 are the configurations necessary for the init command 2530 properties: 2531 apiVersion: 2532 description: |- 2533 APIVersion defines the versioned schema of this representation of an object. 2534 Servers should convert recognized schemas to the latest internal value, and 2535 may reject unrecognized values. 2536 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2537 type: string 2538 bootstrapTokens: 2539 description: |- 2540 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 2541 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 2542 items: 2543 description: BootstrapToken describes one bootstrap 2544 token, stored as a Secret in the cluster. 2545 properties: 2546 description: 2547 description: |- 2548 Description sets a human-friendly message why this token exists and what it's used 2549 for, so other administrators can know its purpose. 2550 type: string 2551 expires: 2552 description: |- 2553 Expires specifies the timestamp when this token expires. Defaults to being set 2554 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 2555 format: date-time 2556 type: string 2557 groups: 2558 description: |- 2559 Groups specifies the extra groups that this token will authenticate as when/if 2560 used for authentication 2561 items: 2562 type: string 2563 type: array 2564 token: 2565 description: |- 2566 Token is used for establishing bidirectional trust between nodes and control-planes. 2567 Used for joining nodes in the cluster. 2568 type: string 2569 ttl: 2570 description: |- 2571 TTL defines the time to live for this token. Defaults to 24h. 2572 Expires and TTL are mutually exclusive. 2573 type: string 2574 usages: 2575 description: |- 2576 Usages describes the ways in which this token can be used. Can by default be used 2577 for establishing bidirectional trust, but that can be changed here. 2578 items: 2579 type: string 2580 type: array 2581 required: 2582 - token 2583 type: object 2584 type: array 2585 kind: 2586 description: |- 2587 Kind is a string value representing the REST resource this object represents. 2588 Servers may infer this from the endpoint the client submits requests to. 2589 Cannot be updated. 2590 In CamelCase. 2591 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2592 type: string 2593 localAPIEndpoint: 2594 description: |- 2595 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 2596 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 2597 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 2598 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 2599 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 2600 fails you may set the desired value here. 2601 properties: 2602 advertiseAddress: 2603 description: AdvertiseAddress sets the IP address 2604 for the API server to advertise. 2605 type: string 2606 bindPort: 2607 description: |- 2608 BindPort sets the secure port for the API Server to bind to. 2609 Defaults to 6443. 2610 format: int32 2611 type: integer 2612 type: object 2613 nodeRegistration: 2614 description: |- 2615 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 2616 When used in the context of control plane nodes, NodeRegistration should remain consistent 2617 across both InitConfiguration and JoinConfiguration 2618 properties: 2619 criSocket: 2620 description: CRISocket is used to retrieve container 2621 runtime info. This information will be annotated 2622 to the Node API object, for later re-use 2623 type: string 2624 ignorePreflightErrors: 2625 description: IgnorePreflightErrors provides a slice 2626 of pre-flight errors to be ignored when the current 2627 node is registered. 2628 items: 2629 type: string 2630 type: array 2631 imagePullPolicy: 2632 description: |- 2633 ImagePullPolicy specifies the policy for image pulling 2634 during kubeadm "init" and "join" operations. The value of 2635 this field must be one of "Always", "IfNotPresent" or 2636 "Never". Defaults to "IfNotPresent". This can be used only 2637 with Kubernetes version equal to 1.22 and later. 2638 enum: 2639 - Always 2640 - IfNotPresent 2641 - Never 2642 type: string 2643 kubeletExtraArgs: 2644 additionalProperties: 2645 type: string 2646 description: |- 2647 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 2648 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 2649 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 2650 type: object 2651 name: 2652 description: |- 2653 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 2654 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 2655 Defaults to the hostname of the node if not provided. 2656 type: string 2657 taints: 2658 description: |- 2659 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 2660 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 2661 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 2662 items: 2663 description: |- 2664 The node this Taint is attached to has the "effect" on 2665 any pod that does not tolerate the Taint. 2666 properties: 2667 effect: 2668 description: |- 2669 Required. The effect of the taint on pods 2670 that do not tolerate the taint. 2671 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 2672 type: string 2673 key: 2674 description: Required. The taint key to be applied 2675 to a node. 2676 type: string 2677 timeAdded: 2678 description: |- 2679 TimeAdded represents the time at which the taint was added. 2680 It is only written for NoExecute taints. 2681 format: date-time 2682 type: string 2683 value: 2684 description: The taint value corresponding to 2685 the taint key. 2686 type: string 2687 required: 2688 - effect 2689 - key 2690 type: object 2691 type: array 2692 type: object 2693 patches: 2694 description: |- 2695 Patches contains options related to applying patches to components deployed by kubeadm during 2696 "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 2697 properties: 2698 directory: 2699 description: |- 2700 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 2701 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 2702 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 2703 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 2704 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 2705 "suffix" is an optional string that can be used to determine which patches are applied 2706 first alpha-numerically. 2707 These files can be written into the target directory via KubeadmConfig.Files which 2708 specifies additional files to be created on the machine, either with content inline or 2709 by referencing a secret. 2710 type: string 2711 type: object 2712 skipPhases: 2713 description: |- 2714 SkipPhases is a list of phases to skip during command execution. 2715 The list of phases can be obtained with the "kubeadm init --help" command. 2716 This option takes effect only on Kubernetes >=1.22.0. 2717 items: 2718 type: string 2719 type: array 2720 type: object 2721 joinConfiguration: 2722 description: JoinConfiguration is the kubeadm configuration 2723 for the join command 2724 properties: 2725 apiVersion: 2726 description: |- 2727 APIVersion defines the versioned schema of this representation of an object. 2728 Servers should convert recognized schemas to the latest internal value, and 2729 may reject unrecognized values. 2730 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 2731 type: string 2732 caCertPath: 2733 description: |- 2734 CACertPath is the path to the SSL certificate authority used to 2735 secure comunications between node and control-plane. 2736 Defaults to "/etc/kubernetes/pki/ca.crt". 2737 TODO: revisit when there is defaulting from k/k 2738 type: string 2739 controlPlane: 2740 description: |- 2741 ControlPlane defines the additional control plane instance to be deployed on the joining node. 2742 If nil, no additional control plane instance will be deployed. 2743 properties: 2744 localAPIEndpoint: 2745 description: LocalAPIEndpoint represents the endpoint 2746 of the API server instance to be deployed on this 2747 node. 2748 properties: 2749 advertiseAddress: 2750 description: AdvertiseAddress sets the IP address 2751 for the API server to advertise. 2752 type: string 2753 bindPort: 2754 description: |- 2755 BindPort sets the secure port for the API Server to bind to. 2756 Defaults to 6443. 2757 format: int32 2758 type: integer 2759 type: object 2760 type: object 2761 discovery: 2762 description: |- 2763 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 2764 TODO: revisit when there is defaulting from k/k 2765 properties: 2766 bootstrapToken: 2767 description: |- 2768 BootstrapToken is used to set the options for bootstrap token based discovery 2769 BootstrapToken and File are mutually exclusive 2770 properties: 2771 apiServerEndpoint: 2772 description: APIServerEndpoint is an IP or domain 2773 name to the API server from which info will 2774 be fetched. 2775 type: string 2776 caCertHashes: 2777 description: |- 2778 CACertHashes specifies a set of public key pins to verify 2779 when token-based discovery is used. The root CA found during discovery 2780 must match one of these values. Specifying an empty set disables root CA 2781 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 2782 where the only currently supported type is "sha256". This is a hex-encoded 2783 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 2784 ASN.1. These hashes can be calculated using, for example, OpenSSL: 2785 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 2786 items: 2787 type: string 2788 type: array 2789 token: 2790 description: |- 2791 Token is a token used to validate cluster information 2792 fetched from the control-plane. 2793 type: string 2794 unsafeSkipCAVerification: 2795 description: |- 2796 UnsafeSkipCAVerification allows token-based discovery 2797 without CA verification via CACertHashes. This can weaken 2798 the security of kubeadm since other nodes can impersonate the control-plane. 2799 type: boolean 2800 required: 2801 - token 2802 type: object 2803 file: 2804 description: |- 2805 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 2806 BootstrapToken and File are mutually exclusive 2807 properties: 2808 kubeConfigPath: 2809 description: KubeConfigPath is used to specify 2810 the actual file path or URL to the kubeconfig 2811 file from which to load cluster information 2812 type: string 2813 required: 2814 - kubeConfigPath 2815 type: object 2816 timeout: 2817 description: Timeout modifies the discovery timeout 2818 type: string 2819 tlsBootstrapToken: 2820 description: |- 2821 TLSBootstrapToken is a token used for TLS bootstrapping. 2822 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 2823 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 2824 type: string 2825 type: object 2826 kind: 2827 description: |- 2828 Kind is a string value representing the REST resource this object represents. 2829 Servers may infer this from the endpoint the client submits requests to. 2830 Cannot be updated. 2831 In CamelCase. 2832 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2833 type: string 2834 nodeRegistration: 2835 description: |- 2836 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 2837 When used in the context of control plane nodes, NodeRegistration should remain consistent 2838 across both InitConfiguration and JoinConfiguration 2839 properties: 2840 criSocket: 2841 description: CRISocket is used to retrieve container 2842 runtime info. This information will be annotated 2843 to the Node API object, for later re-use 2844 type: string 2845 ignorePreflightErrors: 2846 description: IgnorePreflightErrors provides a slice 2847 of pre-flight errors to be ignored when the current 2848 node is registered. 2849 items: 2850 type: string 2851 type: array 2852 imagePullPolicy: 2853 description: |- 2854 ImagePullPolicy specifies the policy for image pulling 2855 during kubeadm "init" and "join" operations. The value of 2856 this field must be one of "Always", "IfNotPresent" or 2857 "Never". Defaults to "IfNotPresent". This can be used only 2858 with Kubernetes version equal to 1.22 and later. 2859 enum: 2860 - Always 2861 - IfNotPresent 2862 - Never 2863 type: string 2864 kubeletExtraArgs: 2865 additionalProperties: 2866 type: string 2867 description: |- 2868 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 2869 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 2870 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 2871 type: object 2872 name: 2873 description: |- 2874 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 2875 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 2876 Defaults to the hostname of the node if not provided. 2877 type: string 2878 taints: 2879 description: |- 2880 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 2881 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 2882 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 2883 items: 2884 description: |- 2885 The node this Taint is attached to has the "effect" on 2886 any pod that does not tolerate the Taint. 2887 properties: 2888 effect: 2889 description: |- 2890 Required. The effect of the taint on pods 2891 that do not tolerate the taint. 2892 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 2893 type: string 2894 key: 2895 description: Required. The taint key to be applied 2896 to a node. 2897 type: string 2898 timeAdded: 2899 description: |- 2900 TimeAdded represents the time at which the taint was added. 2901 It is only written for NoExecute taints. 2902 format: date-time 2903 type: string 2904 value: 2905 description: The taint value corresponding to 2906 the taint key. 2907 type: string 2908 required: 2909 - effect 2910 - key 2911 type: object 2912 type: array 2913 type: object 2914 patches: 2915 description: |- 2916 Patches contains options related to applying patches to components deployed by kubeadm during 2917 "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 2918 properties: 2919 directory: 2920 description: |- 2921 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 2922 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 2923 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 2924 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 2925 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 2926 "suffix" is an optional string that can be used to determine which patches are applied 2927 first alpha-numerically. 2928 These files can be written into the target directory via KubeadmConfig.Files which 2929 specifies additional files to be created on the machine, either with content inline or 2930 by referencing a secret. 2931 type: string 2932 type: object 2933 skipPhases: 2934 description: |- 2935 SkipPhases is a list of phases to skip during command execution. 2936 The list of phases can be obtained with the "kubeadm init --help" command. 2937 This option takes effect only on Kubernetes >=1.22.0. 2938 items: 2939 type: string 2940 type: array 2941 type: object 2942 mounts: 2943 description: Mounts specifies a list of mount points to be 2944 setup. 2945 items: 2946 description: MountPoints defines input for generated mounts 2947 in cloud-init. 2948 items: 2949 type: string 2950 type: array 2951 type: array 2952 ntp: 2953 description: NTP specifies NTP configuration 2954 properties: 2955 enabled: 2956 description: Enabled specifies whether NTP should be enabled 2957 type: boolean 2958 servers: 2959 description: Servers specifies which NTP servers to use 2960 items: 2961 type: string 2962 type: array 2963 type: object 2964 postKubeadmCommands: 2965 description: PostKubeadmCommands specifies extra commands 2966 to run after kubeadm runs 2967 items: 2968 type: string 2969 type: array 2970 preKubeadmCommands: 2971 description: PreKubeadmCommands specifies extra commands to 2972 run before kubeadm runs 2973 items: 2974 type: string 2975 type: array 2976 useExperimentalRetryJoin: 2977 description: |- 2978 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 2979 script with retries for joins. 2980 2981 2982 This is meant to be an experimental temporary workaround on some environments 2983 where joins fail due to timing (and other issues). The long term goal is to add retries to 2984 kubeadm proper and use that functionality. 2985 2986 2987 This will add about 40KB to userdata 2988 2989 2990 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 2991 2992 2993 Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. 2994 When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml 2995 type: boolean 2996 users: 2997 description: Users specifies extra users to add 2998 items: 2999 description: User defines the input for a generated user 3000 in cloud-init. 3001 properties: 3002 gecos: 3003 description: Gecos specifies the gecos to use for the 3004 user 3005 type: string 3006 groups: 3007 description: Groups specifies the additional groups 3008 for the user 3009 type: string 3010 homeDir: 3011 description: HomeDir specifies the home directory to 3012 use for the user 3013 type: string 3014 inactive: 3015 description: Inactive specifies whether to mark the 3016 user as inactive 3017 type: boolean 3018 lockPassword: 3019 description: LockPassword specifies if password login 3020 should be disabled 3021 type: boolean 3022 name: 3023 description: Name specifies the user name 3024 type: string 3025 passwd: 3026 description: Passwd specifies a hashed password for 3027 the user 3028 type: string 3029 passwdFrom: 3030 description: PasswdFrom is a referenced source of passwd 3031 to populate the passwd. 3032 properties: 3033 secret: 3034 description: Secret represents a secret that should 3035 populate this password. 3036 properties: 3037 key: 3038 description: Key is the key in the secret's 3039 data map for this value. 3040 type: string 3041 name: 3042 description: Name of the secret in the KubeadmBootstrapConfig's 3043 namespace to use. 3044 type: string 3045 required: 3046 - key 3047 - name 3048 type: object 3049 required: 3050 - secret 3051 type: object 3052 primaryGroup: 3053 description: PrimaryGroup specifies the primary group 3054 for the user 3055 type: string 3056 shell: 3057 description: Shell specifies the user's shell 3058 type: string 3059 sshAuthorizedKeys: 3060 description: SSHAuthorizedKeys specifies a list of ssh 3061 authorized keys for the user 3062 items: 3063 type: string 3064 type: array 3065 sudo: 3066 description: Sudo specifies a sudo role for the user 3067 type: string 3068 required: 3069 - name 3070 type: object 3071 type: array 3072 verbosity: 3073 description: |- 3074 Verbosity is the number for the kubeadm log level verbosity. 3075 It overrides the `--v` flag in kubeadm commands. 3076 format: int32 3077 type: integer 3078 type: object 3079 type: object 3080 required: 3081 - template 3082 type: object 3083 type: object 3084 served: true 3085 storage: true 3086 subresources: {}