sigs.k8s.io/cluster-api@v1.7.1/controlplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanetemplates.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: kubeadmcontrolplanetemplates.controlplane.cluster.x-k8s.io 8 spec: 9 group: controlplane.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: KubeadmControlPlaneTemplate 14 listKind: KubeadmControlPlaneTemplateList 15 plural: kubeadmcontrolplanetemplates 16 singular: kubeadmcontrolplanetemplate 17 scope: Namespaced 18 versions: 19 - additionalPrinterColumns: 20 - description: Time duration since creation of KubeadmControlPlaneTemplate 21 jsonPath: .metadata.creationTimestamp 22 name: Age 23 type: date 24 deprecated: true 25 name: v1alpha4 26 schema: 27 openAPIV3Schema: 28 description: |- 29 KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates API. 30 31 32 Deprecated: This type will be removed in one of the next releases. 33 properties: 34 apiVersion: 35 description: |- 36 APIVersion defines the versioned schema of this representation of an object. 37 Servers should convert recognized schemas to the latest internal value, and 38 may reject unrecognized values. 39 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 40 type: string 41 kind: 42 description: |- 43 Kind is a string value representing the REST resource this object represents. 44 Servers may infer this from the endpoint the client submits requests to. 45 Cannot be updated. 46 In CamelCase. 47 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: KubeadmControlPlaneTemplateSpec defines the desired state 53 of KubeadmControlPlaneTemplate. 54 properties: 55 template: 56 description: KubeadmControlPlaneTemplateResource describes the data 57 needed to create a KubeadmControlPlane from a template. 58 properties: 59 spec: 60 description: KubeadmControlPlaneSpec defines the desired state 61 of KubeadmControlPlane. 62 properties: 63 kubeadmConfigSpec: 64 description: |- 65 KubeadmConfigSpec is a KubeadmConfigSpec 66 to use for initializing and joining machines to the control plane. 67 properties: 68 clusterConfiguration: 69 description: ClusterConfiguration along with InitConfiguration 70 are the configurations necessary for the init command 71 properties: 72 apiServer: 73 description: APIServer contains extra settings for 74 the API server control plane component 75 properties: 76 certSANs: 77 description: CertSANs sets extra Subject Alternative 78 Names for the API Server signing cert. 79 items: 80 type: string 81 type: array 82 extraArgs: 83 additionalProperties: 84 type: string 85 description: |- 86 ExtraArgs is an extra set of flags to pass to the control plane component. 87 TODO: This is temporary and ideally we would like to switch all components to 88 use ComponentConfig + ConfigMaps. 89 type: object 90 extraVolumes: 91 description: ExtraVolumes is an extra set of host 92 volumes, mounted to the control plane component. 93 items: 94 description: |- 95 HostPathMount contains elements describing volumes that are mounted from the 96 host. 97 properties: 98 hostPath: 99 description: |- 100 HostPath is the path in the host that will be mounted inside 101 the pod. 102 type: string 103 mountPath: 104 description: MountPath is the path inside 105 the pod where hostPath will be mounted. 106 type: string 107 name: 108 description: Name of the volume inside the 109 pod template. 110 type: string 111 pathType: 112 description: PathType is the type of the 113 HostPath. 114 type: string 115 readOnly: 116 description: ReadOnly controls write access 117 to the volume 118 type: boolean 119 required: 120 - hostPath 121 - mountPath 122 - name 123 type: object 124 type: array 125 timeoutForControlPlane: 126 description: TimeoutForControlPlane controls the 127 timeout that we use for API server to appear 128 type: string 129 type: object 130 apiVersion: 131 description: |- 132 APIVersion defines the versioned schema of this representation of an object. 133 Servers should convert recognized schemas to the latest internal value, and 134 may reject unrecognized values. 135 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 136 type: string 137 certificatesDir: 138 description: |- 139 CertificatesDir specifies where to store or look for all required certificates. 140 NB: if not provided, this will default to `/etc/kubernetes/pki` 141 type: string 142 clusterName: 143 description: The cluster name 144 type: string 145 controlPlaneEndpoint: 146 description: |- 147 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 148 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 149 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 150 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 151 the BindPort is used. 152 Possible usages are: 153 e.g. In a cluster with more than one control plane instances, this field should be 154 assigned the address of the external load balancer in front of the 155 control plane instances. 156 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 157 could be used for assigning a stable DNS to the control plane. 158 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 159 type: string 160 controllerManager: 161 description: ControllerManager contains extra settings 162 for the controller manager control plane component 163 properties: 164 extraArgs: 165 additionalProperties: 166 type: string 167 description: |- 168 ExtraArgs is an extra set of flags to pass to the control plane component. 169 TODO: This is temporary and ideally we would like to switch all components to 170 use ComponentConfig + ConfigMaps. 171 type: object 172 extraVolumes: 173 description: ExtraVolumes is an extra set of host 174 volumes, mounted to the control plane component. 175 items: 176 description: |- 177 HostPathMount contains elements describing volumes that are mounted from the 178 host. 179 properties: 180 hostPath: 181 description: |- 182 HostPath is the path in the host that will be mounted inside 183 the pod. 184 type: string 185 mountPath: 186 description: MountPath is the path inside 187 the pod where hostPath will be mounted. 188 type: string 189 name: 190 description: Name of the volume inside the 191 pod template. 192 type: string 193 pathType: 194 description: PathType is the type of the 195 HostPath. 196 type: string 197 readOnly: 198 description: ReadOnly controls write access 199 to the volume 200 type: boolean 201 required: 202 - hostPath 203 - mountPath 204 - name 205 type: object 206 type: array 207 type: object 208 dns: 209 description: DNS defines the options for the DNS add-on 210 installed in the cluster. 211 properties: 212 imageRepository: 213 description: |- 214 ImageRepository sets the container registry to pull images from. 215 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 216 type: string 217 imageTag: 218 description: |- 219 ImageTag allows to specify a tag for the image. 220 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 221 type: string 222 type: object 223 etcd: 224 description: |- 225 Etcd holds configuration for etcd. 226 NB: This value defaults to a Local (stacked) etcd 227 properties: 228 external: 229 description: |- 230 External describes how to connect to an external etcd cluster 231 Local and External are mutually exclusive 232 properties: 233 caFile: 234 description: |- 235 CAFile is an SSL Certificate Authority file used to secure etcd communication. 236 Required if using a TLS connection. 237 type: string 238 certFile: 239 description: |- 240 CertFile is an SSL certification file used to secure etcd communication. 241 Required if using a TLS connection. 242 type: string 243 endpoints: 244 description: Endpoints of etcd members. Required 245 for ExternalEtcd. 246 items: 247 type: string 248 type: array 249 keyFile: 250 description: |- 251 KeyFile is an SSL key file used to secure etcd communication. 252 Required if using a TLS connection. 253 type: string 254 required: 255 - caFile 256 - certFile 257 - endpoints 258 - keyFile 259 type: object 260 local: 261 description: |- 262 Local provides configuration knobs for configuring the local etcd instance 263 Local and External are mutually exclusive 264 properties: 265 dataDir: 266 description: |- 267 DataDir is the directory etcd will place its data. 268 Defaults to "/var/lib/etcd". 269 type: string 270 extraArgs: 271 additionalProperties: 272 type: string 273 description: |- 274 ExtraArgs are extra arguments provided to the etcd binary 275 when run inside a static pod. 276 type: object 277 imageRepository: 278 description: |- 279 ImageRepository sets the container registry to pull images from. 280 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 281 type: string 282 imageTag: 283 description: |- 284 ImageTag allows to specify a tag for the image. 285 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 286 type: string 287 peerCertSANs: 288 description: PeerCertSANs sets extra Subject 289 Alternative Names for the etcd peer signing 290 cert. 291 items: 292 type: string 293 type: array 294 serverCertSANs: 295 description: ServerCertSANs sets extra Subject 296 Alternative Names for the etcd server signing 297 cert. 298 items: 299 type: string 300 type: array 301 type: object 302 type: object 303 featureGates: 304 additionalProperties: 305 type: boolean 306 description: FeatureGates enabled by the user. 307 type: object 308 imageRepository: 309 description: |- 310 ImageRepository sets the container registry to pull images from. 311 If empty, `registry.k8s.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 312 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `registry.k8s.io` 313 will be used for all the other images. 314 type: string 315 kind: 316 description: |- 317 Kind is a string value representing the REST resource this object represents. 318 Servers may infer this from the endpoint the client submits requests to. 319 Cannot be updated. 320 In CamelCase. 321 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 322 type: string 323 kubernetesVersion: 324 description: |- 325 KubernetesVersion is the target version of the control plane. 326 NB: This value defaults to the Machine object spec.version 327 type: string 328 networking: 329 description: |- 330 Networking holds configuration for the networking topology of the cluster. 331 NB: This value defaults to the Cluster object spec.clusterNetwork. 332 properties: 333 dnsDomain: 334 description: DNSDomain is the dns domain used 335 by k8s services. Defaults to "cluster.local". 336 type: string 337 podSubnet: 338 description: |- 339 PodSubnet is the subnet used by pods. 340 If unset, the API server will not allocate CIDR ranges for every node. 341 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 342 type: string 343 serviceSubnet: 344 description: |- 345 ServiceSubnet is the subnet used by k8s services. 346 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 347 to "10.96.0.0/12" if that's unset. 348 type: string 349 type: object 350 scheduler: 351 description: Scheduler contains extra settings for 352 the scheduler control plane component 353 properties: 354 extraArgs: 355 additionalProperties: 356 type: string 357 description: |- 358 ExtraArgs is an extra set of flags to pass to the control plane component. 359 TODO: This is temporary and ideally we would like to switch all components to 360 use ComponentConfig + ConfigMaps. 361 type: object 362 extraVolumes: 363 description: ExtraVolumes is an extra set of host 364 volumes, mounted to the control plane component. 365 items: 366 description: |- 367 HostPathMount contains elements describing volumes that are mounted from the 368 host. 369 properties: 370 hostPath: 371 description: |- 372 HostPath is the path in the host that will be mounted inside 373 the pod. 374 type: string 375 mountPath: 376 description: MountPath is the path inside 377 the pod where hostPath will be mounted. 378 type: string 379 name: 380 description: Name of the volume inside the 381 pod template. 382 type: string 383 pathType: 384 description: PathType is the type of the 385 HostPath. 386 type: string 387 readOnly: 388 description: ReadOnly controls write access 389 to the volume 390 type: boolean 391 required: 392 - hostPath 393 - mountPath 394 - name 395 type: object 396 type: array 397 type: object 398 type: object 399 diskSetup: 400 description: DiskSetup specifies options for the creation 401 of partition tables and file systems on devices. 402 properties: 403 filesystems: 404 description: Filesystems specifies the list of file 405 systems to setup. 406 items: 407 description: Filesystem defines the file systems 408 to be created. 409 properties: 410 device: 411 description: Device specifies the device name 412 type: string 413 extraOpts: 414 description: ExtraOpts defined extra options 415 to add to the command for creating the file 416 system. 417 items: 418 type: string 419 type: array 420 filesystem: 421 description: Filesystem specifies the file system 422 type. 423 type: string 424 label: 425 description: Label specifies the file system 426 label to be used. If set to None, no label 427 is used. 428 type: string 429 overwrite: 430 description: |- 431 Overwrite defines whether or not to overwrite any existing filesystem. 432 If true, any pre-existing file system will be destroyed. Use with Caution. 433 type: boolean 434 partition: 435 description: 'Partition specifies the partition 436 to use. The valid options are: "auto|any", 437 "auto", "any", "none", and <NUM>, where NUM 438 is the actual partition number.' 439 type: string 440 replaceFS: 441 description: |- 442 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 443 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 444 type: string 445 required: 446 - device 447 - filesystem 448 - label 449 type: object 450 type: array 451 partitions: 452 description: Partitions specifies the list of the 453 partitions to setup. 454 items: 455 description: Partition defines how to create and 456 layout a partition. 457 properties: 458 device: 459 description: Device is the name of the device. 460 type: string 461 layout: 462 description: |- 463 Layout specifies the device layout. 464 If it is true, a single partition will be created for the entire device. 465 When layout is false, it means don't partition or ignore existing partitioning. 466 type: boolean 467 overwrite: 468 description: |- 469 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 470 Use with caution. Default is 'false'. 471 type: boolean 472 tableType: 473 description: |- 474 TableType specifies the tupe of partition table. The following are supported: 475 'mbr': default and setups a MS-DOS partition table 476 'gpt': setups a GPT partition table 477 type: string 478 required: 479 - device 480 - layout 481 type: object 482 type: array 483 type: object 484 files: 485 description: Files specifies extra files to be passed 486 to user_data upon creation. 487 items: 488 description: File defines the input for generating write_files 489 in cloud-init. 490 properties: 491 content: 492 description: Content is the actual content of the 493 file. 494 type: string 495 contentFrom: 496 description: ContentFrom is a referenced source 497 of content to populate the file. 498 properties: 499 secret: 500 description: Secret represents a secret that 501 should populate this file. 502 properties: 503 key: 504 description: Key is the key in the secret's 505 data map for this value. 506 type: string 507 name: 508 description: Name of the secret in the KubeadmBootstrapConfig's 509 namespace to use. 510 type: string 511 required: 512 - key 513 - name 514 type: object 515 required: 516 - secret 517 type: object 518 encoding: 519 description: Encoding specifies the encoding of 520 the file contents. 521 enum: 522 - base64 523 - gzip 524 - gzip+base64 525 type: string 526 owner: 527 description: Owner specifies the ownership of the 528 file, e.g. "root:root". 529 type: string 530 path: 531 description: Path specifies the full path on disk 532 where to store the file. 533 type: string 534 permissions: 535 description: Permissions specifies the permissions 536 to assign to the file, e.g. "0640". 537 type: string 538 required: 539 - path 540 type: object 541 type: array 542 format: 543 description: Format specifies the output format of the 544 bootstrap data 545 enum: 546 - cloud-config 547 type: string 548 initConfiguration: 549 description: InitConfiguration along with ClusterConfiguration 550 are the configurations necessary for the init command 551 properties: 552 apiVersion: 553 description: |- 554 APIVersion defines the versioned schema of this representation of an object. 555 Servers should convert recognized schemas to the latest internal value, and 556 may reject unrecognized values. 557 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 558 type: string 559 bootstrapTokens: 560 description: |- 561 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 562 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 563 items: 564 description: BootstrapToken describes one bootstrap 565 token, stored as a Secret in the cluster. 566 properties: 567 description: 568 description: |- 569 Description sets a human-friendly message why this token exists and what it's used 570 for, so other administrators can know its purpose. 571 type: string 572 expires: 573 description: |- 574 Expires specifies the timestamp when this token expires. Defaults to being set 575 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 576 format: date-time 577 type: string 578 groups: 579 description: |- 580 Groups specifies the extra groups that this token will authenticate as when/if 581 used for authentication 582 items: 583 type: string 584 type: array 585 token: 586 description: |- 587 Token is used for establishing bidirectional trust between nodes and control-planes. 588 Used for joining nodes in the cluster. 589 type: string 590 ttl: 591 description: |- 592 TTL defines the time to live for this token. Defaults to 24h. 593 Expires and TTL are mutually exclusive. 594 type: string 595 usages: 596 description: |- 597 Usages describes the ways in which this token can be used. Can by default be used 598 for establishing bidirectional trust, but that can be changed here. 599 items: 600 type: string 601 type: array 602 required: 603 - token 604 type: object 605 type: array 606 kind: 607 description: |- 608 Kind is a string value representing the REST resource this object represents. 609 Servers may infer this from the endpoint the client submits requests to. 610 Cannot be updated. 611 In CamelCase. 612 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 613 type: string 614 localAPIEndpoint: 615 description: |- 616 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 617 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 618 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 619 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 620 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 621 fails you may set the desired value here. 622 properties: 623 advertiseAddress: 624 description: AdvertiseAddress sets the IP address 625 for the API server to advertise. 626 type: string 627 bindPort: 628 description: |- 629 BindPort sets the secure port for the API Server to bind to. 630 Defaults to 6443. 631 format: int32 632 type: integer 633 type: object 634 nodeRegistration: 635 description: |- 636 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 637 When used in the context of control plane nodes, NodeRegistration should remain consistent 638 across both InitConfiguration and JoinConfiguration 639 properties: 640 criSocket: 641 description: CRISocket is used to retrieve container 642 runtime info. This information will be annotated 643 to the Node API object, for later re-use 644 type: string 645 ignorePreflightErrors: 646 description: IgnorePreflightErrors provides a 647 slice of pre-flight errors to be ignored when 648 the current node is registered. 649 items: 650 type: string 651 type: array 652 kubeletExtraArgs: 653 additionalProperties: 654 type: string 655 description: |- 656 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 657 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 658 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 659 type: object 660 name: 661 description: |- 662 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 663 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 664 Defaults to the hostname of the node if not provided. 665 type: string 666 taints: 667 description: |- 668 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 669 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 670 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 671 items: 672 description: |- 673 The node this Taint is attached to has the "effect" on 674 any pod that does not tolerate the Taint. 675 properties: 676 effect: 677 description: |- 678 Required. The effect of the taint on pods 679 that do not tolerate the taint. 680 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 681 type: string 682 key: 683 description: Required. The taint key to 684 be applied to a node. 685 type: string 686 timeAdded: 687 description: |- 688 TimeAdded represents the time at which the taint was added. 689 It is only written for NoExecute taints. 690 format: date-time 691 type: string 692 value: 693 description: The taint value corresponding 694 to the taint key. 695 type: string 696 required: 697 - effect 698 - key 699 type: object 700 type: array 701 type: object 702 type: object 703 joinConfiguration: 704 description: JoinConfiguration is the kubeadm configuration 705 for the join command 706 properties: 707 apiVersion: 708 description: |- 709 APIVersion defines the versioned schema of this representation of an object. 710 Servers should convert recognized schemas to the latest internal value, and 711 may reject unrecognized values. 712 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 713 type: string 714 caCertPath: 715 description: |- 716 CACertPath is the path to the SSL certificate authority used to 717 secure comunications between node and control-plane. 718 Defaults to "/etc/kubernetes/pki/ca.crt". 719 TODO: revisit when there is defaulting from k/k 720 type: string 721 controlPlane: 722 description: |- 723 ControlPlane defines the additional control plane instance to be deployed on the joining node. 724 If nil, no additional control plane instance will be deployed. 725 properties: 726 localAPIEndpoint: 727 description: LocalAPIEndpoint represents the endpoint 728 of the API server instance to be deployed on 729 this node. 730 properties: 731 advertiseAddress: 732 description: AdvertiseAddress sets the IP 733 address for the API server to advertise. 734 type: string 735 bindPort: 736 description: |- 737 BindPort sets the secure port for the API Server to bind to. 738 Defaults to 6443. 739 format: int32 740 type: integer 741 type: object 742 type: object 743 discovery: 744 description: |- 745 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 746 TODO: revisit when there is defaulting from k/k 747 properties: 748 bootstrapToken: 749 description: |- 750 BootstrapToken is used to set the options for bootstrap token based discovery 751 BootstrapToken and File are mutually exclusive 752 properties: 753 apiServerEndpoint: 754 description: APIServerEndpoint is an IP or 755 domain name to the API server from which 756 info will be fetched. 757 type: string 758 caCertHashes: 759 description: |- 760 CACertHashes specifies a set of public key pins to verify 761 when token-based discovery is used. The root CA found during discovery 762 must match one of these values. Specifying an empty set disables root CA 763 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 764 where the only currently supported type is "sha256". This is a hex-encoded 765 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 766 ASN.1. These hashes can be calculated using, for example, OpenSSL: 767 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 768 items: 769 type: string 770 type: array 771 token: 772 description: |- 773 Token is a token used to validate cluster information 774 fetched from the control-plane. 775 type: string 776 unsafeSkipCAVerification: 777 description: |- 778 UnsafeSkipCAVerification allows token-based discovery 779 without CA verification via CACertHashes. This can weaken 780 the security of kubeadm since other nodes can impersonate the control-plane. 781 type: boolean 782 required: 783 - token 784 type: object 785 file: 786 description: |- 787 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 788 BootstrapToken and File are mutually exclusive 789 properties: 790 kubeConfigPath: 791 description: KubeConfigPath is used to specify 792 the actual file path or URL to the kubeconfig 793 file from which to load cluster information 794 type: string 795 required: 796 - kubeConfigPath 797 type: object 798 timeout: 799 description: Timeout modifies the discovery timeout 800 type: string 801 tlsBootstrapToken: 802 description: |- 803 TLSBootstrapToken is a token used for TLS bootstrapping. 804 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 805 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 806 type: string 807 type: object 808 kind: 809 description: |- 810 Kind is a string value representing the REST resource this object represents. 811 Servers may infer this from the endpoint the client submits requests to. 812 Cannot be updated. 813 In CamelCase. 814 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 815 type: string 816 nodeRegistration: 817 description: |- 818 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 819 When used in the context of control plane nodes, NodeRegistration should remain consistent 820 across both InitConfiguration and JoinConfiguration 821 properties: 822 criSocket: 823 description: CRISocket is used to retrieve container 824 runtime info. This information will be annotated 825 to the Node API object, for later re-use 826 type: string 827 ignorePreflightErrors: 828 description: IgnorePreflightErrors provides a 829 slice of pre-flight errors to be ignored when 830 the current node is registered. 831 items: 832 type: string 833 type: array 834 kubeletExtraArgs: 835 additionalProperties: 836 type: string 837 description: |- 838 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 839 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 840 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 841 type: object 842 name: 843 description: |- 844 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 845 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 846 Defaults to the hostname of the node if not provided. 847 type: string 848 taints: 849 description: |- 850 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 851 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 852 empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. 853 items: 854 description: |- 855 The node this Taint is attached to has the "effect" on 856 any pod that does not tolerate the Taint. 857 properties: 858 effect: 859 description: |- 860 Required. The effect of the taint on pods 861 that do not tolerate the taint. 862 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 863 type: string 864 key: 865 description: Required. The taint key to 866 be applied to a node. 867 type: string 868 timeAdded: 869 description: |- 870 TimeAdded represents the time at which the taint was added. 871 It is only written for NoExecute taints. 872 format: date-time 873 type: string 874 value: 875 description: The taint value corresponding 876 to the taint key. 877 type: string 878 required: 879 - effect 880 - key 881 type: object 882 type: array 883 type: object 884 type: object 885 mounts: 886 description: Mounts specifies a list of mount points to 887 be setup. 888 items: 889 description: MountPoints defines input for generated 890 mounts in cloud-init. 891 items: 892 type: string 893 type: array 894 type: array 895 ntp: 896 description: NTP specifies NTP configuration 897 properties: 898 enabled: 899 description: Enabled specifies whether NTP should 900 be enabled 901 type: boolean 902 servers: 903 description: Servers specifies which NTP servers to 904 use 905 items: 906 type: string 907 type: array 908 type: object 909 postKubeadmCommands: 910 description: PostKubeadmCommands specifies extra commands 911 to run after kubeadm runs 912 items: 913 type: string 914 type: array 915 preKubeadmCommands: 916 description: PreKubeadmCommands specifies extra commands 917 to run before kubeadm runs 918 items: 919 type: string 920 type: array 921 useExperimentalRetryJoin: 922 description: |- 923 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 924 script with retries for joins. 925 926 927 This is meant to be an experimental temporary workaround on some environments 928 where joins fail due to timing (and other issues). The long term goal is to add retries to 929 kubeadm proper and use that functionality. 930 931 932 This will add about 40KB to userdata 933 934 935 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 936 type: boolean 937 users: 938 description: Users specifies extra users to add 939 items: 940 description: User defines the input for a generated 941 user in cloud-init. 942 properties: 943 gecos: 944 description: Gecos specifies the gecos to use for 945 the user 946 type: string 947 groups: 948 description: Groups specifies the additional groups 949 for the user 950 type: string 951 homeDir: 952 description: HomeDir specifies the home directory 953 to use for the user 954 type: string 955 inactive: 956 description: Inactive specifies whether to mark 957 the user as inactive 958 type: boolean 959 lockPassword: 960 description: LockPassword specifies if password 961 login should be disabled 962 type: boolean 963 name: 964 description: Name specifies the user name 965 type: string 966 passwd: 967 description: Passwd specifies a hashed password 968 for the user 969 type: string 970 primaryGroup: 971 description: PrimaryGroup specifies the primary 972 group for the user 973 type: string 974 shell: 975 description: Shell specifies the user's shell 976 type: string 977 sshAuthorizedKeys: 978 description: SSHAuthorizedKeys specifies a list 979 of ssh authorized keys for the user 980 items: 981 type: string 982 type: array 983 sudo: 984 description: Sudo specifies a sudo role for the 985 user 986 type: string 987 required: 988 - name 989 type: object 990 type: array 991 verbosity: 992 description: |- 993 Verbosity is the number for the kubeadm log level verbosity. 994 It overrides the `--v` flag in kubeadm commands. 995 format: int32 996 type: integer 997 type: object 998 machineTemplate: 999 description: |- 1000 MachineTemplate contains information about how machines 1001 should be shaped when creating or updating a control plane. 1002 properties: 1003 infrastructureRef: 1004 description: |- 1005 InfrastructureRef is a required reference to a custom resource 1006 offered by an infrastructure provider. 1007 properties: 1008 apiVersion: 1009 description: API version of the referent. 1010 type: string 1011 fieldPath: 1012 description: |- 1013 If referring to a piece of an object instead of an entire object, this string 1014 should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 1015 For example, if the object reference is to a container within a pod, this would take on a value like: 1016 "spec.containers{name}" (where "name" refers to the name of the container that triggered 1017 the event) or if no container name is specified "spec.containers[2]" (container with 1018 index 2 in this pod). This syntax is chosen only to have some well-defined way of 1019 referencing a part of an object. 1020 TODO: this design is not final and this field is subject to change in the future. 1021 type: string 1022 kind: 1023 description: |- 1024 Kind of the referent. 1025 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1026 type: string 1027 name: 1028 description: |- 1029 Name of the referent. 1030 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1031 type: string 1032 namespace: 1033 description: |- 1034 Namespace of the referent. 1035 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 1036 type: string 1037 resourceVersion: 1038 description: |- 1039 Specific resourceVersion to which this reference is made, if any. 1040 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 1041 type: string 1042 uid: 1043 description: |- 1044 UID of the referent. 1045 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 1046 type: string 1047 type: object 1048 x-kubernetes-map-type: atomic 1049 metadata: 1050 description: |- 1051 Standard object's metadata. 1052 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1053 properties: 1054 annotations: 1055 additionalProperties: 1056 type: string 1057 description: |- 1058 Annotations is an unstructured key value map stored with a resource that may be 1059 set by external tools to store and retrieve arbitrary metadata. They are not 1060 queryable and should be preserved when modifying objects. 1061 More info: http://kubernetes.io/docs/user-guide/annotations 1062 type: object 1063 labels: 1064 additionalProperties: 1065 type: string 1066 description: |- 1067 Map of string keys and values that can be used to organize and categorize 1068 (scope and select) objects. May match selectors of replication controllers 1069 and services. 1070 More info: http://kubernetes.io/docs/user-guide/labels 1071 type: object 1072 type: object 1073 nodeDrainTimeout: 1074 description: |- 1075 NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node 1076 The default value is 0, meaning that the node can be drained without any time limitations. 1077 NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` 1078 type: string 1079 required: 1080 - infrastructureRef 1081 type: object 1082 replicas: 1083 description: |- 1084 Number of desired machines. Defaults to 1. When stacked etcd is used only 1085 odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members). 1086 This is a pointer to distinguish between explicit zero and not specified. 1087 format: int32 1088 type: integer 1089 rolloutAfter: 1090 description: |- 1091 RolloutAfter is a field to indicate a rollout should be performed 1092 after the specified time even if no changes have been made to the 1093 KubeadmControlPlane. 1094 format: date-time 1095 type: string 1096 rolloutStrategy: 1097 default: 1098 rollingUpdate: 1099 maxSurge: 1 1100 type: RollingUpdate 1101 description: |- 1102 The RolloutStrategy to use to replace control plane machines with 1103 new ones. 1104 properties: 1105 rollingUpdate: 1106 description: |- 1107 Rolling update config params. Present only if 1108 RolloutStrategyType = RollingUpdate. 1109 properties: 1110 maxSurge: 1111 anyOf: 1112 - type: integer 1113 - type: string 1114 description: |- 1115 The maximum number of control planes that can be scheduled above or under the 1116 desired number of control planes. 1117 Value can be an absolute number 1 or 0. 1118 Defaults to 1. 1119 Example: when this is set to 1, the control plane can be scaled 1120 up immediately when the rolling update starts. 1121 x-kubernetes-int-or-string: true 1122 type: object 1123 type: 1124 description: |- 1125 Type of rollout. Currently the only supported strategy is 1126 "RollingUpdate". 1127 Default is RollingUpdate. 1128 type: string 1129 type: object 1130 version: 1131 description: Version defines the desired Kubernetes version. 1132 type: string 1133 required: 1134 - kubeadmConfigSpec 1135 - machineTemplate 1136 - version 1137 type: object 1138 required: 1139 - spec 1140 type: object 1141 required: 1142 - template 1143 type: object 1144 type: object 1145 served: false 1146 storage: false 1147 subresources: {} 1148 - additionalPrinterColumns: 1149 - description: Time duration since creation of KubeadmControlPlaneTemplate 1150 jsonPath: .metadata.creationTimestamp 1151 name: Age 1152 type: date 1153 name: v1beta1 1154 schema: 1155 openAPIV3Schema: 1156 description: KubeadmControlPlaneTemplate is the Schema for the kubeadmcontrolplanetemplates 1157 API. 1158 properties: 1159 apiVersion: 1160 description: |- 1161 APIVersion defines the versioned schema of this representation of an object. 1162 Servers should convert recognized schemas to the latest internal value, and 1163 may reject unrecognized values. 1164 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1165 type: string 1166 kind: 1167 description: |- 1168 Kind is a string value representing the REST resource this object represents. 1169 Servers may infer this from the endpoint the client submits requests to. 1170 Cannot be updated. 1171 In CamelCase. 1172 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1173 type: string 1174 metadata: 1175 type: object 1176 spec: 1177 description: KubeadmControlPlaneTemplateSpec defines the desired state 1178 of KubeadmControlPlaneTemplate. 1179 properties: 1180 template: 1181 description: KubeadmControlPlaneTemplateResource describes the data 1182 needed to create a KubeadmControlPlane from a template. 1183 properties: 1184 metadata: 1185 description: |- 1186 Standard object's metadata. 1187 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 1188 properties: 1189 annotations: 1190 additionalProperties: 1191 type: string 1192 description: |- 1193 Annotations is an unstructured key value map stored with a resource that may be 1194 set by external tools to store and retrieve arbitrary metadata. They are not 1195 queryable and should be preserved when modifying objects. 1196 More info: http://kubernetes.io/docs/user-guide/annotations 1197 type: object 1198 labels: 1199 additionalProperties: 1200 type: string 1201 description: |- 1202 Map of string keys and values that can be used to organize and categorize 1203 (scope and select) objects. May match selectors of replication controllers 1204 and services. 1205 More info: http://kubernetes.io/docs/user-guide/labels 1206 type: object 1207 type: object 1208 spec: 1209 description: |- 1210 KubeadmControlPlaneTemplateResourceSpec defines the desired state of KubeadmControlPlane. 1211 NOTE: KubeadmControlPlaneTemplateResourceSpec is similar to KubeadmControlPlaneSpec but 1212 omits Replicas and Version fields. These fields do not make sense on the KubeadmControlPlaneTemplate, 1213 because they are calculated by the Cluster topology reconciler during reconciliation and thus cannot 1214 be configured on the KubeadmControlPlaneTemplate. 1215 properties: 1216 kubeadmConfigSpec: 1217 description: |- 1218 KubeadmConfigSpec is a KubeadmConfigSpec 1219 to use for initializing and joining machines to the control plane. 1220 properties: 1221 clusterConfiguration: 1222 description: ClusterConfiguration along with InitConfiguration 1223 are the configurations necessary for the init command 1224 properties: 1225 apiServer: 1226 description: APIServer contains extra settings for 1227 the API server control plane component 1228 properties: 1229 certSANs: 1230 description: CertSANs sets extra Subject Alternative 1231 Names for the API Server signing cert. 1232 items: 1233 type: string 1234 type: array 1235 extraArgs: 1236 additionalProperties: 1237 type: string 1238 description: |- 1239 ExtraArgs is an extra set of flags to pass to the control plane component. 1240 TODO: This is temporary and ideally we would like to switch all components to 1241 use ComponentConfig + ConfigMaps. 1242 type: object 1243 extraVolumes: 1244 description: ExtraVolumes is an extra set of host 1245 volumes, mounted to the control plane component. 1246 items: 1247 description: |- 1248 HostPathMount contains elements describing volumes that are mounted from the 1249 host. 1250 properties: 1251 hostPath: 1252 description: |- 1253 HostPath is the path in the host that will be mounted inside 1254 the pod. 1255 type: string 1256 mountPath: 1257 description: MountPath is the path inside 1258 the pod where hostPath will be mounted. 1259 type: string 1260 name: 1261 description: Name of the volume inside the 1262 pod template. 1263 type: string 1264 pathType: 1265 description: PathType is the type of the 1266 HostPath. 1267 type: string 1268 readOnly: 1269 description: ReadOnly controls write access 1270 to the volume 1271 type: boolean 1272 required: 1273 - hostPath 1274 - mountPath 1275 - name 1276 type: object 1277 type: array 1278 timeoutForControlPlane: 1279 description: TimeoutForControlPlane controls the 1280 timeout that we use for API server to appear 1281 type: string 1282 type: object 1283 apiVersion: 1284 description: |- 1285 APIVersion defines the versioned schema of this representation of an object. 1286 Servers should convert recognized schemas to the latest internal value, and 1287 may reject unrecognized values. 1288 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1289 type: string 1290 certificatesDir: 1291 description: |- 1292 CertificatesDir specifies where to store or look for all required certificates. 1293 NB: if not provided, this will default to `/etc/kubernetes/pki` 1294 type: string 1295 clusterName: 1296 description: The cluster name 1297 type: string 1298 controlPlaneEndpoint: 1299 description: |- 1300 ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it 1301 can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. 1302 In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort 1303 are used; in case the ControlPlaneEndpoint is specified but without a TCP port, 1304 the BindPort is used. 1305 Possible usages are: 1306 e.g. In a cluster with more than one control plane instances, this field should be 1307 assigned the address of the external load balancer in front of the 1308 control plane instances. 1309 e.g. in environments with enforced node recycling, the ControlPlaneEndpoint 1310 could be used for assigning a stable DNS to the control plane. 1311 NB: This value defaults to the first value in the Cluster object status.apiEndpoints array. 1312 type: string 1313 controllerManager: 1314 description: ControllerManager contains extra settings 1315 for the controller manager control plane component 1316 properties: 1317 extraArgs: 1318 additionalProperties: 1319 type: string 1320 description: |- 1321 ExtraArgs is an extra set of flags to pass to the control plane component. 1322 TODO: This is temporary and ideally we would like to switch all components to 1323 use ComponentConfig + ConfigMaps. 1324 type: object 1325 extraVolumes: 1326 description: ExtraVolumes is an extra set of host 1327 volumes, mounted to the control plane component. 1328 items: 1329 description: |- 1330 HostPathMount contains elements describing volumes that are mounted from the 1331 host. 1332 properties: 1333 hostPath: 1334 description: |- 1335 HostPath is the path in the host that will be mounted inside 1336 the pod. 1337 type: string 1338 mountPath: 1339 description: MountPath is the path inside 1340 the pod where hostPath will be mounted. 1341 type: string 1342 name: 1343 description: Name of the volume inside the 1344 pod template. 1345 type: string 1346 pathType: 1347 description: PathType is the type of the 1348 HostPath. 1349 type: string 1350 readOnly: 1351 description: ReadOnly controls write access 1352 to the volume 1353 type: boolean 1354 required: 1355 - hostPath 1356 - mountPath 1357 - name 1358 type: object 1359 type: array 1360 type: object 1361 dns: 1362 description: DNS defines the options for the DNS add-on 1363 installed in the cluster. 1364 properties: 1365 imageRepository: 1366 description: |- 1367 ImageRepository sets the container registry to pull images from. 1368 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1369 type: string 1370 imageTag: 1371 description: |- 1372 ImageTag allows to specify a tag for the image. 1373 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1374 type: string 1375 type: object 1376 etcd: 1377 description: |- 1378 Etcd holds configuration for etcd. 1379 NB: This value defaults to a Local (stacked) etcd 1380 properties: 1381 external: 1382 description: |- 1383 External describes how to connect to an external etcd cluster 1384 Local and External are mutually exclusive 1385 properties: 1386 caFile: 1387 description: |- 1388 CAFile is an SSL Certificate Authority file used to secure etcd communication. 1389 Required if using a TLS connection. 1390 type: string 1391 certFile: 1392 description: |- 1393 CertFile is an SSL certification file used to secure etcd communication. 1394 Required if using a TLS connection. 1395 type: string 1396 endpoints: 1397 description: Endpoints of etcd members. Required 1398 for ExternalEtcd. 1399 items: 1400 type: string 1401 type: array 1402 keyFile: 1403 description: |- 1404 KeyFile is an SSL key file used to secure etcd communication. 1405 Required if using a TLS connection. 1406 type: string 1407 required: 1408 - caFile 1409 - certFile 1410 - endpoints 1411 - keyFile 1412 type: object 1413 local: 1414 description: |- 1415 Local provides configuration knobs for configuring the local etcd instance 1416 Local and External are mutually exclusive 1417 properties: 1418 dataDir: 1419 description: |- 1420 DataDir is the directory etcd will place its data. 1421 Defaults to "/var/lib/etcd". 1422 type: string 1423 extraArgs: 1424 additionalProperties: 1425 type: string 1426 description: |- 1427 ExtraArgs are extra arguments provided to the etcd binary 1428 when run inside a static pod. 1429 type: object 1430 imageRepository: 1431 description: |- 1432 ImageRepository sets the container registry to pull images from. 1433 if not set, the ImageRepository defined in ClusterConfiguration will be used instead. 1434 type: string 1435 imageTag: 1436 description: |- 1437 ImageTag allows to specify a tag for the image. 1438 In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. 1439 type: string 1440 peerCertSANs: 1441 description: PeerCertSANs sets extra Subject 1442 Alternative Names for the etcd peer signing 1443 cert. 1444 items: 1445 type: string 1446 type: array 1447 serverCertSANs: 1448 description: ServerCertSANs sets extra Subject 1449 Alternative Names for the etcd server signing 1450 cert. 1451 items: 1452 type: string 1453 type: array 1454 type: object 1455 type: object 1456 featureGates: 1457 additionalProperties: 1458 type: boolean 1459 description: FeatureGates enabled by the user. 1460 type: object 1461 imageRepository: 1462 description: |- 1463 ImageRepository sets the container registry to pull images from. 1464 * If not set, the default registry of kubeadm will be used, i.e. 1465 * registry.k8s.io (new registry): >= v1.22.17, >= v1.23.15, >= v1.24.9, >= v1.25.0 1466 * k8s.gcr.io (old registry): all older versions 1467 Please note that when imageRepository is not set we don't allow upgrades to 1468 versions >= v1.22.0 which use the old registry (k8s.gcr.io). Please use 1469 a newer patch version with the new registry instead (i.e. >= v1.22.17, 1470 >= v1.23.15, >= v1.24.9, >= v1.25.0). 1471 * If the version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) 1472 `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components 1473 and for kube-proxy, while `registry.k8s.io` will be used for all the other images. 1474 type: string 1475 kind: 1476 description: |- 1477 Kind is a string value representing the REST resource this object represents. 1478 Servers may infer this from the endpoint the client submits requests to. 1479 Cannot be updated. 1480 In CamelCase. 1481 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1482 type: string 1483 kubernetesVersion: 1484 description: |- 1485 KubernetesVersion is the target version of the control plane. 1486 NB: This value defaults to the Machine object spec.version 1487 type: string 1488 networking: 1489 description: |- 1490 Networking holds configuration for the networking topology of the cluster. 1491 NB: This value defaults to the Cluster object spec.clusterNetwork. 1492 properties: 1493 dnsDomain: 1494 description: DNSDomain is the dns domain used 1495 by k8s services. Defaults to "cluster.local". 1496 type: string 1497 podSubnet: 1498 description: |- 1499 PodSubnet is the subnet used by pods. 1500 If unset, the API server will not allocate CIDR ranges for every node. 1501 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set 1502 type: string 1503 serviceSubnet: 1504 description: |- 1505 ServiceSubnet is the subnet used by k8s services. 1506 Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or 1507 to "10.96.0.0/12" if that's unset. 1508 type: string 1509 type: object 1510 scheduler: 1511 description: Scheduler contains extra settings for 1512 the scheduler control plane component 1513 properties: 1514 extraArgs: 1515 additionalProperties: 1516 type: string 1517 description: |- 1518 ExtraArgs is an extra set of flags to pass to the control plane component. 1519 TODO: This is temporary and ideally we would like to switch all components to 1520 use ComponentConfig + ConfigMaps. 1521 type: object 1522 extraVolumes: 1523 description: ExtraVolumes is an extra set of host 1524 volumes, mounted to the control plane component. 1525 items: 1526 description: |- 1527 HostPathMount contains elements describing volumes that are mounted from the 1528 host. 1529 properties: 1530 hostPath: 1531 description: |- 1532 HostPath is the path in the host that will be mounted inside 1533 the pod. 1534 type: string 1535 mountPath: 1536 description: MountPath is the path inside 1537 the pod where hostPath will be mounted. 1538 type: string 1539 name: 1540 description: Name of the volume inside the 1541 pod template. 1542 type: string 1543 pathType: 1544 description: PathType is the type of the 1545 HostPath. 1546 type: string 1547 readOnly: 1548 description: ReadOnly controls write access 1549 to the volume 1550 type: boolean 1551 required: 1552 - hostPath 1553 - mountPath 1554 - name 1555 type: object 1556 type: array 1557 type: object 1558 type: object 1559 diskSetup: 1560 description: DiskSetup specifies options for the creation 1561 of partition tables and file systems on devices. 1562 properties: 1563 filesystems: 1564 description: Filesystems specifies the list of file 1565 systems to setup. 1566 items: 1567 description: Filesystem defines the file systems 1568 to be created. 1569 properties: 1570 device: 1571 description: Device specifies the device name 1572 type: string 1573 extraOpts: 1574 description: ExtraOpts defined extra options 1575 to add to the command for creating the file 1576 system. 1577 items: 1578 type: string 1579 type: array 1580 filesystem: 1581 description: Filesystem specifies the file system 1582 type. 1583 type: string 1584 label: 1585 description: Label specifies the file system 1586 label to be used. If set to None, no label 1587 is used. 1588 type: string 1589 overwrite: 1590 description: |- 1591 Overwrite defines whether or not to overwrite any existing filesystem. 1592 If true, any pre-existing file system will be destroyed. Use with Caution. 1593 type: boolean 1594 partition: 1595 description: 'Partition specifies the partition 1596 to use. The valid options are: "auto|any", 1597 "auto", "any", "none", and <NUM>, where NUM 1598 is the actual partition number.' 1599 type: string 1600 replaceFS: 1601 description: |- 1602 ReplaceFS is a special directive, used for Microsoft Azure that instructs cloud-init to replace a file system of <FS_TYPE>. 1603 NOTE: unless you define a label, this requires the use of the 'any' partition directive. 1604 type: string 1605 required: 1606 - device 1607 - filesystem 1608 - label 1609 type: object 1610 type: array 1611 partitions: 1612 description: Partitions specifies the list of the 1613 partitions to setup. 1614 items: 1615 description: Partition defines how to create and 1616 layout a partition. 1617 properties: 1618 device: 1619 description: Device is the name of the device. 1620 type: string 1621 layout: 1622 description: |- 1623 Layout specifies the device layout. 1624 If it is true, a single partition will be created for the entire device. 1625 When layout is false, it means don't partition or ignore existing partitioning. 1626 type: boolean 1627 overwrite: 1628 description: |- 1629 Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. 1630 Use with caution. Default is 'false'. 1631 type: boolean 1632 tableType: 1633 description: |- 1634 TableType specifies the tupe of partition table. The following are supported: 1635 'mbr': default and setups a MS-DOS partition table 1636 'gpt': setups a GPT partition table 1637 type: string 1638 required: 1639 - device 1640 - layout 1641 type: object 1642 type: array 1643 type: object 1644 files: 1645 description: Files specifies extra files to be passed 1646 to user_data upon creation. 1647 items: 1648 description: File defines the input for generating write_files 1649 in cloud-init. 1650 properties: 1651 append: 1652 description: Append specifies whether to append 1653 Content to existing file if Path exists. 1654 type: boolean 1655 content: 1656 description: Content is the actual content of the 1657 file. 1658 type: string 1659 contentFrom: 1660 description: ContentFrom is a referenced source 1661 of content to populate the file. 1662 properties: 1663 secret: 1664 description: Secret represents a secret that 1665 should populate this file. 1666 properties: 1667 key: 1668 description: Key is the key in the secret's 1669 data map for this value. 1670 type: string 1671 name: 1672 description: Name of the secret in the KubeadmBootstrapConfig's 1673 namespace to use. 1674 type: string 1675 required: 1676 - key 1677 - name 1678 type: object 1679 required: 1680 - secret 1681 type: object 1682 encoding: 1683 description: Encoding specifies the encoding of 1684 the file contents. 1685 enum: 1686 - base64 1687 - gzip 1688 - gzip+base64 1689 type: string 1690 owner: 1691 description: Owner specifies the ownership of the 1692 file, e.g. "root:root". 1693 type: string 1694 path: 1695 description: Path specifies the full path on disk 1696 where to store the file. 1697 type: string 1698 permissions: 1699 description: Permissions specifies the permissions 1700 to assign to the file, e.g. "0640". 1701 type: string 1702 required: 1703 - path 1704 type: object 1705 type: array 1706 format: 1707 description: Format specifies the output format of the 1708 bootstrap data 1709 enum: 1710 - cloud-config 1711 - ignition 1712 type: string 1713 ignition: 1714 description: Ignition contains Ignition specific configuration. 1715 properties: 1716 containerLinuxConfig: 1717 description: ContainerLinuxConfig contains CLC specific 1718 configuration. 1719 properties: 1720 additionalConfig: 1721 description: |- 1722 AdditionalConfig contains additional configuration to be merged with the Ignition 1723 configuration generated by the bootstrapper controller. More info: https://coreos.github.io/ignition/operator-notes/#config-merging 1724 1725 1726 The data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ 1727 type: string 1728 strict: 1729 description: Strict controls if AdditionalConfig 1730 should be strictly parsed. If so, warnings are 1731 treated as errors. 1732 type: boolean 1733 type: object 1734 type: object 1735 initConfiguration: 1736 description: InitConfiguration along with ClusterConfiguration 1737 are the configurations necessary for the init command 1738 properties: 1739 apiVersion: 1740 description: |- 1741 APIVersion defines the versioned schema of this representation of an object. 1742 Servers should convert recognized schemas to the latest internal value, and 1743 may reject unrecognized values. 1744 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1745 type: string 1746 bootstrapTokens: 1747 description: |- 1748 BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. 1749 This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature 1750 items: 1751 description: BootstrapToken describes one bootstrap 1752 token, stored as a Secret in the cluster. 1753 properties: 1754 description: 1755 description: |- 1756 Description sets a human-friendly message why this token exists and what it's used 1757 for, so other administrators can know its purpose. 1758 type: string 1759 expires: 1760 description: |- 1761 Expires specifies the timestamp when this token expires. Defaults to being set 1762 dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. 1763 format: date-time 1764 type: string 1765 groups: 1766 description: |- 1767 Groups specifies the extra groups that this token will authenticate as when/if 1768 used for authentication 1769 items: 1770 type: string 1771 type: array 1772 token: 1773 description: |- 1774 Token is used for establishing bidirectional trust between nodes and control-planes. 1775 Used for joining nodes in the cluster. 1776 type: string 1777 ttl: 1778 description: |- 1779 TTL defines the time to live for this token. Defaults to 24h. 1780 Expires and TTL are mutually exclusive. 1781 type: string 1782 usages: 1783 description: |- 1784 Usages describes the ways in which this token can be used. Can by default be used 1785 for establishing bidirectional trust, but that can be changed here. 1786 items: 1787 type: string 1788 type: array 1789 required: 1790 - token 1791 type: object 1792 type: array 1793 kind: 1794 description: |- 1795 Kind is a string value representing the REST resource this object represents. 1796 Servers may infer this from the endpoint the client submits requests to. 1797 Cannot be updated. 1798 In CamelCase. 1799 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 1800 type: string 1801 localAPIEndpoint: 1802 description: |- 1803 LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node 1804 In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint 1805 is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This 1806 configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible 1807 on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process 1808 fails you may set the desired value here. 1809 properties: 1810 advertiseAddress: 1811 description: AdvertiseAddress sets the IP address 1812 for the API server to advertise. 1813 type: string 1814 bindPort: 1815 description: |- 1816 BindPort sets the secure port for the API Server to bind to. 1817 Defaults to 6443. 1818 format: int32 1819 type: integer 1820 type: object 1821 nodeRegistration: 1822 description: |- 1823 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 1824 When used in the context of control plane nodes, NodeRegistration should remain consistent 1825 across both InitConfiguration and JoinConfiguration 1826 properties: 1827 criSocket: 1828 description: CRISocket is used to retrieve container 1829 runtime info. This information will be annotated 1830 to the Node API object, for later re-use 1831 type: string 1832 ignorePreflightErrors: 1833 description: IgnorePreflightErrors provides a 1834 slice of pre-flight errors to be ignored when 1835 the current node is registered. 1836 items: 1837 type: string 1838 type: array 1839 imagePullPolicy: 1840 description: |- 1841 ImagePullPolicy specifies the policy for image pulling 1842 during kubeadm "init" and "join" operations. The value of 1843 this field must be one of "Always", "IfNotPresent" or 1844 "Never". Defaults to "IfNotPresent". This can be used only 1845 with Kubernetes version equal to 1.22 and later. 1846 enum: 1847 - Always 1848 - IfNotPresent 1849 - Never 1850 type: string 1851 kubeletExtraArgs: 1852 additionalProperties: 1853 type: string 1854 description: |- 1855 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 1856 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 1857 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 1858 type: object 1859 name: 1860 description: |- 1861 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 1862 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 1863 Defaults to the hostname of the node if not provided. 1864 type: string 1865 taints: 1866 description: |- 1867 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 1868 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 1869 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 1870 items: 1871 description: |- 1872 The node this Taint is attached to has the "effect" on 1873 any pod that does not tolerate the Taint. 1874 properties: 1875 effect: 1876 description: |- 1877 Required. The effect of the taint on pods 1878 that do not tolerate the taint. 1879 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 1880 type: string 1881 key: 1882 description: Required. The taint key to 1883 be applied to a node. 1884 type: string 1885 timeAdded: 1886 description: |- 1887 TimeAdded represents the time at which the taint was added. 1888 It is only written for NoExecute taints. 1889 format: date-time 1890 type: string 1891 value: 1892 description: The taint value corresponding 1893 to the taint key. 1894 type: string 1895 required: 1896 - effect 1897 - key 1898 type: object 1899 type: array 1900 type: object 1901 patches: 1902 description: |- 1903 Patches contains options related to applying patches to components deployed by kubeadm during 1904 "kubeadm init". The minimum kubernetes version needed to support Patches is v1.22 1905 properties: 1906 directory: 1907 description: |- 1908 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 1909 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 1910 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 1911 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 1912 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 1913 "suffix" is an optional string that can be used to determine which patches are applied 1914 first alpha-numerically. 1915 These files can be written into the target directory via KubeadmConfig.Files which 1916 specifies additional files to be created on the machine, either with content inline or 1917 by referencing a secret. 1918 type: string 1919 type: object 1920 skipPhases: 1921 description: |- 1922 SkipPhases is a list of phases to skip during command execution. 1923 The list of phases can be obtained with the "kubeadm init --help" command. 1924 This option takes effect only on Kubernetes >=1.22.0. 1925 items: 1926 type: string 1927 type: array 1928 type: object 1929 joinConfiguration: 1930 description: JoinConfiguration is the kubeadm configuration 1931 for the join command 1932 properties: 1933 apiVersion: 1934 description: |- 1935 APIVersion defines the versioned schema of this representation of an object. 1936 Servers should convert recognized schemas to the latest internal value, and 1937 may reject unrecognized values. 1938 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 1939 type: string 1940 caCertPath: 1941 description: |- 1942 CACertPath is the path to the SSL certificate authority used to 1943 secure comunications between node and control-plane. 1944 Defaults to "/etc/kubernetes/pki/ca.crt". 1945 TODO: revisit when there is defaulting from k/k 1946 type: string 1947 controlPlane: 1948 description: |- 1949 ControlPlane defines the additional control plane instance to be deployed on the joining node. 1950 If nil, no additional control plane instance will be deployed. 1951 properties: 1952 localAPIEndpoint: 1953 description: LocalAPIEndpoint represents the endpoint 1954 of the API server instance to be deployed on 1955 this node. 1956 properties: 1957 advertiseAddress: 1958 description: AdvertiseAddress sets the IP 1959 address for the API server to advertise. 1960 type: string 1961 bindPort: 1962 description: |- 1963 BindPort sets the secure port for the API Server to bind to. 1964 Defaults to 6443. 1965 format: int32 1966 type: integer 1967 type: object 1968 type: object 1969 discovery: 1970 description: |- 1971 Discovery specifies the options for the kubelet to use during the TLS Bootstrap process 1972 TODO: revisit when there is defaulting from k/k 1973 properties: 1974 bootstrapToken: 1975 description: |- 1976 BootstrapToken is used to set the options for bootstrap token based discovery 1977 BootstrapToken and File are mutually exclusive 1978 properties: 1979 apiServerEndpoint: 1980 description: APIServerEndpoint is an IP or 1981 domain name to the API server from which 1982 info will be fetched. 1983 type: string 1984 caCertHashes: 1985 description: |- 1986 CACertHashes specifies a set of public key pins to verify 1987 when token-based discovery is used. The root CA found during discovery 1988 must match one of these values. Specifying an empty set disables root CA 1989 pinning, which can be unsafe. Each hash is specified as "<type>:<value>", 1990 where the only currently supported type is "sha256". This is a hex-encoded 1991 SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded 1992 ASN.1. These hashes can be calculated using, for example, OpenSSL: 1993 openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex 1994 items: 1995 type: string 1996 type: array 1997 token: 1998 description: |- 1999 Token is a token used to validate cluster information 2000 fetched from the control-plane. 2001 type: string 2002 unsafeSkipCAVerification: 2003 description: |- 2004 UnsafeSkipCAVerification allows token-based discovery 2005 without CA verification via CACertHashes. This can weaken 2006 the security of kubeadm since other nodes can impersonate the control-plane. 2007 type: boolean 2008 required: 2009 - token 2010 type: object 2011 file: 2012 description: |- 2013 File is used to specify a file or URL to a kubeconfig file from which to load cluster information 2014 BootstrapToken and File are mutually exclusive 2015 properties: 2016 kubeConfigPath: 2017 description: KubeConfigPath is used to specify 2018 the actual file path or URL to the kubeconfig 2019 file from which to load cluster information 2020 type: string 2021 required: 2022 - kubeConfigPath 2023 type: object 2024 timeout: 2025 description: Timeout modifies the discovery timeout 2026 type: string 2027 tlsBootstrapToken: 2028 description: |- 2029 TLSBootstrapToken is a token used for TLS bootstrapping. 2030 If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. 2031 If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information 2032 type: string 2033 type: object 2034 kind: 2035 description: |- 2036 Kind is a string value representing the REST resource this object represents. 2037 Servers may infer this from the endpoint the client submits requests to. 2038 Cannot be updated. 2039 In CamelCase. 2040 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 2041 type: string 2042 nodeRegistration: 2043 description: |- 2044 NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. 2045 When used in the context of control plane nodes, NodeRegistration should remain consistent 2046 across both InitConfiguration and JoinConfiguration 2047 properties: 2048 criSocket: 2049 description: CRISocket is used to retrieve container 2050 runtime info. This information will be annotated 2051 to the Node API object, for later re-use 2052 type: string 2053 ignorePreflightErrors: 2054 description: IgnorePreflightErrors provides a 2055 slice of pre-flight errors to be ignored when 2056 the current node is registered. 2057 items: 2058 type: string 2059 type: array 2060 imagePullPolicy: 2061 description: |- 2062 ImagePullPolicy specifies the policy for image pulling 2063 during kubeadm "init" and "join" operations. The value of 2064 this field must be one of "Always", "IfNotPresent" or 2065 "Never". Defaults to "IfNotPresent". This can be used only 2066 with Kubernetes version equal to 1.22 and later. 2067 enum: 2068 - Always 2069 - IfNotPresent 2070 - Never 2071 type: string 2072 kubeletExtraArgs: 2073 additionalProperties: 2074 type: string 2075 description: |- 2076 KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file 2077 kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap 2078 Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. 2079 type: object 2080 name: 2081 description: |- 2082 Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. 2083 This field is also used in the CommonName field of the kubelet's client certificate to the API server. 2084 Defaults to the hostname of the node if not provided. 2085 type: string 2086 taints: 2087 description: |- 2088 Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process 2089 it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an 2090 empty slice, i.e. `taints: []` in the YAML file. This field is solely used for Node registration. 2091 items: 2092 description: |- 2093 The node this Taint is attached to has the "effect" on 2094 any pod that does not tolerate the Taint. 2095 properties: 2096 effect: 2097 description: |- 2098 Required. The effect of the taint on pods 2099 that do not tolerate the taint. 2100 Valid effects are NoSchedule, PreferNoSchedule and NoExecute. 2101 type: string 2102 key: 2103 description: Required. The taint key to 2104 be applied to a node. 2105 type: string 2106 timeAdded: 2107 description: |- 2108 TimeAdded represents the time at which the taint was added. 2109 It is only written for NoExecute taints. 2110 format: date-time 2111 type: string 2112 value: 2113 description: The taint value corresponding 2114 to the taint key. 2115 type: string 2116 required: 2117 - effect 2118 - key 2119 type: object 2120 type: array 2121 type: object 2122 patches: 2123 description: |- 2124 Patches contains options related to applying patches to components deployed by kubeadm during 2125 "kubeadm join". The minimum kubernetes version needed to support Patches is v1.22 2126 properties: 2127 directory: 2128 description: |- 2129 Directory is a path to a directory that contains files named "target[suffix][+patchtype].extension". 2130 For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of 2131 "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one 2132 of "strategic" "merge" or "json" and they match the patch formats supported by kubectl. 2133 The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". 2134 "suffix" is an optional string that can be used to determine which patches are applied 2135 first alpha-numerically. 2136 These files can be written into the target directory via KubeadmConfig.Files which 2137 specifies additional files to be created on the machine, either with content inline or 2138 by referencing a secret. 2139 type: string 2140 type: object 2141 skipPhases: 2142 description: |- 2143 SkipPhases is a list of phases to skip during command execution. 2144 The list of phases can be obtained with the "kubeadm init --help" command. 2145 This option takes effect only on Kubernetes >=1.22.0. 2146 items: 2147 type: string 2148 type: array 2149 type: object 2150 mounts: 2151 description: Mounts specifies a list of mount points to 2152 be setup. 2153 items: 2154 description: MountPoints defines input for generated 2155 mounts in cloud-init. 2156 items: 2157 type: string 2158 type: array 2159 type: array 2160 ntp: 2161 description: NTP specifies NTP configuration 2162 properties: 2163 enabled: 2164 description: Enabled specifies whether NTP should 2165 be enabled 2166 type: boolean 2167 servers: 2168 description: Servers specifies which NTP servers to 2169 use 2170 items: 2171 type: string 2172 type: array 2173 type: object 2174 postKubeadmCommands: 2175 description: PostKubeadmCommands specifies extra commands 2176 to run after kubeadm runs 2177 items: 2178 type: string 2179 type: array 2180 preKubeadmCommands: 2181 description: PreKubeadmCommands specifies extra commands 2182 to run before kubeadm runs 2183 items: 2184 type: string 2185 type: array 2186 useExperimentalRetryJoin: 2187 description: |- 2188 UseExperimentalRetryJoin replaces a basic kubeadm command with a shell 2189 script with retries for joins. 2190 2191 2192 This is meant to be an experimental temporary workaround on some environments 2193 where joins fail due to timing (and other issues). The long term goal is to add retries to 2194 kubeadm proper and use that functionality. 2195 2196 2197 This will add about 40KB to userdata 2198 2199 2200 For more information, refer to https://github.com/kubernetes-sigs/cluster-api/pull/2763#discussion_r397306055. 2201 2202 2203 Deprecated: This experimental fix is no longer needed and this field will be removed in a future release. 2204 When removing also remove from staticcheck exclude-rules for SA1019 in golangci.yml 2205 type: boolean 2206 users: 2207 description: Users specifies extra users to add 2208 items: 2209 description: User defines the input for a generated 2210 user in cloud-init. 2211 properties: 2212 gecos: 2213 description: Gecos specifies the gecos to use for 2214 the user 2215 type: string 2216 groups: 2217 description: Groups specifies the additional groups 2218 for the user 2219 type: string 2220 homeDir: 2221 description: HomeDir specifies the home directory 2222 to use for the user 2223 type: string 2224 inactive: 2225 description: Inactive specifies whether to mark 2226 the user as inactive 2227 type: boolean 2228 lockPassword: 2229 description: LockPassword specifies if password 2230 login should be disabled 2231 type: boolean 2232 name: 2233 description: Name specifies the user name 2234 type: string 2235 passwd: 2236 description: Passwd specifies a hashed password 2237 for the user 2238 type: string 2239 passwdFrom: 2240 description: PasswdFrom is a referenced source of 2241 passwd to populate the passwd. 2242 properties: 2243 secret: 2244 description: Secret represents a secret that 2245 should populate this password. 2246 properties: 2247 key: 2248 description: Key is the key in the secret's 2249 data map for this value. 2250 type: string 2251 name: 2252 description: Name of the secret in the KubeadmBootstrapConfig's 2253 namespace to use. 2254 type: string 2255 required: 2256 - key 2257 - name 2258 type: object 2259 required: 2260 - secret 2261 type: object 2262 primaryGroup: 2263 description: PrimaryGroup specifies the primary 2264 group for the user 2265 type: string 2266 shell: 2267 description: Shell specifies the user's shell 2268 type: string 2269 sshAuthorizedKeys: 2270 description: SSHAuthorizedKeys specifies a list 2271 of ssh authorized keys for the user 2272 items: 2273 type: string 2274 type: array 2275 sudo: 2276 description: Sudo specifies a sudo role for the 2277 user 2278 type: string 2279 required: 2280 - name 2281 type: object 2282 type: array 2283 verbosity: 2284 description: |- 2285 Verbosity is the number for the kubeadm log level verbosity. 2286 It overrides the `--v` flag in kubeadm commands. 2287 format: int32 2288 type: integer 2289 type: object 2290 machineTemplate: 2291 description: |- 2292 MachineTemplate contains information about how machines 2293 should be shaped when creating or updating a control plane. 2294 properties: 2295 metadata: 2296 description: |- 2297 Standard object's metadata. 2298 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 2299 properties: 2300 annotations: 2301 additionalProperties: 2302 type: string 2303 description: |- 2304 Annotations is an unstructured key value map stored with a resource that may be 2305 set by external tools to store and retrieve arbitrary metadata. They are not 2306 queryable and should be preserved when modifying objects. 2307 More info: http://kubernetes.io/docs/user-guide/annotations 2308 type: object 2309 labels: 2310 additionalProperties: 2311 type: string 2312 description: |- 2313 Map of string keys and values that can be used to organize and categorize 2314 (scope and select) objects. May match selectors of replication controllers 2315 and services. 2316 More info: http://kubernetes.io/docs/user-guide/labels 2317 type: object 2318 type: object 2319 nodeDeletionTimeout: 2320 description: |- 2321 NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine 2322 hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. 2323 If no value is provided, the default value for this property of the Machine resource will be used. 2324 type: string 2325 nodeDrainTimeout: 2326 description: |- 2327 NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node 2328 The default value is 0, meaning that the node can be drained without any time limitations. 2329 NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` 2330 type: string 2331 nodeVolumeDetachTimeout: 2332 description: |- 2333 NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes 2334 to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. 2335 type: string 2336 type: object 2337 remediationStrategy: 2338 description: The RemediationStrategy that controls how control 2339 plane machine remediation happens. 2340 properties: 2341 maxRetry: 2342 description: "MaxRetry is the Max number of retries while 2343 attempting to remediate an unhealthy machine.\nA retry 2344 happens when a machine that was created as a replacement 2345 for an unhealthy machine also fails.\nFor example, given 2346 a control plane with three machines M1, M2, M3:\n\n\n\tM1 2347 become unhealthy; remediation happens, and M1-1 is created 2348 as a replacement.\n\tIf M1-1 (replacement of M1) has 2349 problems while bootstrapping it will become unhealthy, 2350 and then be\n\tremediated; such operation is considered 2351 a retry, remediation-retry #1.\n\tIf M1-2 (replacement 2352 of M1-1) becomes unhealthy, remediation-retry #2 will 2353 happen, etc.\n\n\nA retry could happen only after RetryPeriod 2354 from the previous retry.\nIf a machine is marked as 2355 unhealthy after MinHealthyPeriod from the previous remediation 2356 expired,\nthis is not considered a retry anymore because 2357 the new issue is assumed unrelated from the previous 2358 one.\n\n\nIf not set, the remedation will be retried 2359 infinitely." 2360 format: int32 2361 type: integer 2362 minHealthyPeriod: 2363 description: "MinHealthyPeriod defines the duration after 2364 which KCP will consider any failure to a machine unrelated\nfrom 2365 the previous one. In this case the remediation is not 2366 considered a retry anymore, and thus the retry\ncounter 2367 restarts from 0. For example, assuming MinHealthyPeriod 2368 is set to 1h (default)\n\n\n\tM1 become unhealthy; remediation 2369 happens, and M1-1 is created as a replacement.\n\tIf 2370 M1-1 (replacement of M1) has problems within the 1hr 2371 after the creation, also\n\tthis machine will be remediated 2372 and this operation is considered a retry - a problem 2373 related\n\tto the original issue happened to M1 -.\n\n\n\tIf 2374 instead the problem on M1-1 is happening after MinHealthyPeriod 2375 expired, e.g. four days after\n\tm1-1 has been created 2376 as a remediation of M1, the problem on M1-1 is considered 2377 unrelated to\n\tthe original issue happened to M1.\n\n\nIf 2378 not set, this value is defaulted to 1h." 2379 type: string 2380 retryPeriod: 2381 description: |- 2382 RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement 2383 for an unhealthy machine (a retry). 2384 2385 2386 If not set, a retry will happen immediately. 2387 type: string 2388 type: object 2389 rolloutAfter: 2390 description: |- 2391 RolloutAfter is a field to indicate a rollout should be performed 2392 after the specified time even if no changes have been made to the 2393 KubeadmControlPlane. 2394 format: date-time 2395 type: string 2396 rolloutBefore: 2397 description: |- 2398 RolloutBefore is a field to indicate a rollout should be performed 2399 if the specified criteria is met. 2400 properties: 2401 certificatesExpiryDays: 2402 description: |- 2403 CertificatesExpiryDays indicates a rollout needs to be performed if the 2404 certificates of the machine will expire within the specified days. 2405 format: int32 2406 type: integer 2407 type: object 2408 rolloutStrategy: 2409 default: 2410 rollingUpdate: 2411 maxSurge: 1 2412 type: RollingUpdate 2413 description: |- 2414 The RolloutStrategy to use to replace control plane machines with 2415 new ones. 2416 properties: 2417 rollingUpdate: 2418 description: |- 2419 Rolling update config params. Present only if 2420 RolloutStrategyType = RollingUpdate. 2421 properties: 2422 maxSurge: 2423 anyOf: 2424 - type: integer 2425 - type: string 2426 description: |- 2427 The maximum number of control planes that can be scheduled above or under the 2428 desired number of control planes. 2429 Value can be an absolute number 1 or 0. 2430 Defaults to 1. 2431 Example: when this is set to 1, the control plane can be scaled 2432 up immediately when the rolling update starts. 2433 x-kubernetes-int-or-string: true 2434 type: object 2435 type: 2436 description: |- 2437 Type of rollout. Currently the only supported strategy is 2438 "RollingUpdate". 2439 Default is RollingUpdate. 2440 type: string 2441 type: object 2442 required: 2443 - kubeadmConfigSpec 2444 type: object 2445 required: 2446 - spec 2447 type: object 2448 required: 2449 - template 2450 type: object 2451 type: object 2452 served: true 2453 storage: true 2454 subresources: {}